[Cloud security posture] Deprecate CSP_RULE #147115
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ofiriro3
changed the title
12 tasks
Closes elastic#143613 Closes elastic#144420     Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Miriam <[email protected]> Co-authored-by: miriam.aparicio <[email protected]>
## Summary Added note about the health API in runbooks
Fixes: elastic#146049 This PR adds `actions.date` field to the alertInstances in the Task context, and TaskRunner uses it (and the new `notifyWhen` and `throttle` fields in the actions too) to decide if an action is throttled or not.
This PR fixes all broken storybooks. Co-authored-by: Kibana Machine <[email protected]>
…k score tabs (elastic#147180) ## Summary Original issue: elastic#145720 KPIs disappear after clicking users / host risk score tabs Root cause: useGlobalTime on users and host risk score tabs called `inputsActions.deleteAllQueries`, so KPIs' queries info were deleted accordingly. **Steps to Verify** **Please enable feature flag:** `chartEmbeddablesEnabled` 1. Visit app/security/hosts/allHosts 2. Click on Host risk score tab and then click on anomalies tab 3. Please verify KPIs are displayed 4. Click any tabs in any order, please verify KPIs are displayed 1. Visit app/security/users/allUsers 2. Click on User risk score tab and then click on anomalies tab 3. Please verify KPIs are displayed 4. Click any tabs in any order, please verify KPIs are displayed Co-authored-by: Kristof C <[email protected]>
## Summary This PR is the follow-up to elastic#147002 and elastic#146129 and makes few changes to make both performance scripts expose very similar cli and allow run `run_performance` locally for debug purpose. - to run a single test locally against source: - single user journey: `node scripts/run_performance.js --journey-path x-pack/performance/journeys/login.ts` - scalability journey (auto-generated): `node scripts/run_scalability.js --journey-path target/scalability_traces/kibana/login-0184f19e-0903-450d-884d-436d737a3abe.json` `skip-warmup` flag to avoid journey warmup runs for performance data set extraction (we don't need to run journey twice while interested in APM traces only) PR also updates pipeline scripts with new changes
…e to new one on events page (elastic#146896) as per elastic#140158, old external alert route should either take user back to main entity page or to external alerts. ## Summary Take advantage of `onlyExternalAlerts` param to redirect users with old urls to the new one for external alerts. The gif below shows the old url before hitting enter- causing the page to redirect to the events page with external alerts checked.  Co-authored-by: Kristof-Pierre Cummings <[email protected]>
…146685) ### Description In order to proceed with the Behavioral Analytics introduction, it's required to introduce an empty state on the events tab, when there are no events, and remove this state once events start coming. This PR is dedicated to introducing an empty state in the events tab. https://user-images.githubusercontent.com/5709507/205355360-2a334e77-025f-40a4-9e38-1bc3c7e4c252.mov
…lastic#147349) ## Summary This PR makes the following adjustments in the Cypress tests: - Increases the default rule interval from 1 second to 100 minutes. - Increases the long-polling interval for the `api/detection_engine/rules/prepackaged/_status` endpoint from 0.1 to 2 seconds. This should hopefully reduce the load that Cypress tests generate on CI on Kibana which makes the tests themselves slower. In the next episodes: - elastic#147377 ## Background With the recent issues related to installing the prebuilt rules package, > @dhurley14 did some initial research and found that there are some bulk_edit cypress tests that are going into an infinitely loop. Looks like the infinite loops can be reproduced locally and are happening here [https://github.com/elastic/kibana/blob/3e56eba64d51aa98ef5d9ed8d7d6cdcfc1f3cd5d/x-[…]rity_solution/cypress/e2e/detection_rules/bulk_edit_rules.cy.ts](https://github.com/elastic/kibana/blob/3e56eba64d51aa98ef5d9ed8d7d6cdcfc1f3cd5d/x-pack/plugins/security_solution/cypress/e2e/detection_rules/bulk_edit_rules.cy.ts#L166) @xcrzx @maximpn and I reproduced the issue locally and found that: - There's no infinite loop in the `bulk_edit_rules.cy.ts` tests, but it took more than 1 hour to run 3 attempts of a single test: `Only prebuilt rules selected`. - 6 rules that this test created were enabled and were executing every 1 second each. - The `api/detection_engine/rules/prepackaged/_status` endpoint was being called 600 times per minute until the timeout. It looks like it took _way_ more than a few minutes to run each attempt. We were able to reproduce this locally with the exception that the attempts didn't take much time to fail. The hypothesis is that on CI where we have less computing power our Cypress tests overload the Kibana server by creating enabled rules that execute way too frequently. We shouldn't need rules to be enabled in many of the tests; we should be able to set a very long rule interval where rules have to be enabled. Finally, we shouldn't be spamming the API with highly frequent requests where we implement long-polling and wait for something to happen on the BE side.
…o stop running (elastic#146188) Resolves elastic#144638 ## Summary Removes logic that prevents rules from running when all features in a space are disabled. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To verify - Create an alerting rule - Go to the [spaces page](http://localhost:5601/app/management/kibana/spaces), and disable all features in the space - Look at your terminal to see the alerting rule still running and no errors Co-authored-by: Kibana Machine <[email protected]>
Connected to elastic#132041 ## Summary This is the first in a series of PRs with migrations of the Cases' Saved objects to enable sorting by additional fields in the all-cases view. In this PR the case title becomes a multi-field with an additional keyword field for sorting. Added a small integration test to confirm sorting by title works.
This migrates the remaining ci-group-6 steps to n2-4-spot.
## Summary Adds geo job wizard for lat_long jobs. <img width="1684" alt="image" src="https://user-images.githubusercontent.com/6446462/206286251-14b142c8-172b-45ec-be59-1cb4a8973c0d.png"> <img width="1265" alt="image" src="https://user-images.githubusercontent.com/6446462/205763367-3afb2293-120e-4a61-b4fa-52f8cb44fc91.png"> ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) Co-authored-by: James Gowdy <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
## Summary #### Capabilities added - Additional 'Charts' drop down on Alerts page - A table and a donut chart that shows severity level composition - Filter capabilities when donut is clicked or when hovering to the `Levels` column Feature flag: `alertsPageChartsEnabled`  https://user-images.githubusercontent.com/18648970/206264697-882abb6e-d5f1-49ab-b07e-d865b1907dbb.mov ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) Co-authored-by: kibanamachine <[email protected]>
… modal to flyout (elastic#146924) ## Summary Moved the Add inference pipeline from a modal to a flyout to improve the UX and follow our own design guidelines. ### Screenshots Configure: <img width="1433" alt="image" src="https://user-images.githubusercontent.com/1972968/205386204-0e1c605b-3fcb-4f2f-9665-6b46c9bd39fc.png"> Test: <img width="1433" alt="image" src="https://user-images.githubusercontent.com/1972968/205386273-85f17deb-b321-4a9e-9c04-5871c316cf81.png"> Review: <img width="1433" alt="image" src="https://user-images.githubusercontent.com/1972968/205386305-1861f699-e65e-4531-9820-41f4362a4b4e.png"> No Models: <img width="1433" alt="image" src="https://user-images.githubusercontent.com/1972968/205386430-889f726f-5eea-48b1-94f5-921193ca3adc.png">
Fixes [issue elastic#144334](elastic#144334) Making the panel not take the full height of the screen as is the default of `EuiFlyout` which we are using.  **Notes**: - Realized when reading the docs, that there is a `maxWidth` prop for the `EuiFlyout` so I swapped that with the custom style we had - Revised the custom styles in `panel_styles.ts` to achieve this - I put a `max-height` on the panel so there is always room for 1 toast Let me know if you think there is a better way to approach this.
12 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Summarize your PR. If it involves visual changes include a screenshot or gif.
Checklist
Delete any items that are not applicable to this PR.
Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.
When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:
For maintainers