diff --git a/.buildkite/pipelines/quality-gates/pipeline.tests-qa.yaml b/.buildkite/pipelines/quality-gates/pipeline.tests-qa.yaml index feac7bdb17848a..2ee943d72ee036 100644 --- a/.buildkite/pipelines/quality-gates/pipeline.tests-qa.yaml +++ b/.buildkite/pipelines/quality-gates/pipeline.tests-qa.yaml @@ -46,13 +46,3 @@ steps: USE_GROUP_LABEL: true agents: image: "docker.elastic.co/ci-agent-images/manual-verification-agent:0.0.6" - - - group: "Observability" - steps: - - label: ":judge::seedling: Trigger Manual Tests Phase - Observability" - command: "make -C /agent trigger-manual-verification-phase" - env: - NOTIFICATION_APPENDIX: " please execute your manual testing plan." - USE_GROUP_LABEL: true - agents: - image: "docker.elastic.co/ci-agent-images/manual-verification-agent:0.0.6" diff --git a/.buildkite/pull_requests.json b/.buildkite/pull_requests.json index 41de2dc843d4da..65a3ff6ba2004a 100644 --- a/.buildkite/pull_requests.json +++ b/.buildkite/pull_requests.json @@ -55,14 +55,14 @@ "repoName": "kibana", "pipelineSlug": "kibana-kme-test", - "enabled": false, + "enabled": true, "allow_org_users": true, "allowed_repo_permissions": ["admin", "write"], "allowed_list": ["barlowm", "renovate[bot]"], "set_commit_status": true, - "commit_status_context": "kibana-ci", + "commit_status_context": "kibana-ci-test", "build_on_commit": true, - "build_on_comment": true, + "build_on_comment": false, "trigger_comment_regex": "^(?:(?:buildkite\\W+)?(?:build|test)\\W+(?:this|it))", "always_trigger_comment_regex": "^(?:(?:buildkite\\W+)?(?:build|test)\\W+(?:this|it))", "skip_ci_labels": [], diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 7d58837fda1a5d..994b92442d00d3 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -302,6 +302,7 @@ x-pack/plugins/cross_cluster_replication @elastic/platform-deployment-management packages/kbn-crypto @elastic/kibana-security packages/kbn-crypto-browser @elastic/kibana-core x-pack/plugins/custom_branding @elastic/appex-sharedux +packages/kbn-custom-icons @elastic/obs-ux-logs-team packages/kbn-custom-integrations @elastic/obs-ux-logs-team src/plugins/custom_integrations @elastic/fleet packages/kbn-cypress-config @elastic/kibana-operations @@ -345,6 +346,7 @@ packages/kbn-ebt-tools @elastic/kibana-core packages/kbn-ecs @elastic/kibana-core @elastic/security-threat-hunting-investigations x-pack/packages/security-solution/ecs_data_quality_dashboard @elastic/security-threat-hunting-investigations x-pack/plugins/ecs_data_quality_dashboard @elastic/security-threat-hunting-investigations +packages/kbn-elastic-agent-utils @elastic/obs-ux-logs-team x-pack/packages/kbn-elastic-assistant @elastic/security-solution x-pack/plugins/elastic_assistant @elastic/security-solution test/plugin_functional/plugins/elasticsearch_client_plugin @elastic/kibana-core @@ -1464,6 +1466,7 @@ x-pack/plugins/security_solution/public/overview/components/entity_analytics x-pack/plugins/security_solution/server/lib/entity_analytics @elastic/security-entity-analytics x-pack/plugins/security_solution/server/lib/risk_score @elastic/security-entity-analytics x-pack/test/security_solution_api_integration/test_suites/entity_analytics @elastic/security-entity-analytics +x-pack/plugins/security_solution/public/flyout/entity_details @elastic/security-entity-analytics # Security Defend Workflows - OSQuery Ownership /x-pack/plugins/security_solution/common/api/detection_engine/model/rule_response_actions @elastic/security-defend-workflows diff --git a/api_docs/actions.mdx b/api_docs/actions.mdx index d6d3c563a67c67..82678433aacc2e 100644 --- a/api_docs/actions.mdx +++ b/api_docs/actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/actions title: "actions" image: https://source.unsplash.com/400x175/?github description: API docs for the actions plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'actions'] --- import actionsObj from './actions.devdocs.json'; diff --git a/api_docs/advanced_settings.mdx b/api_docs/advanced_settings.mdx index afb67aa52f3673..3066b1334eccb5 100644 --- a/api_docs/advanced_settings.mdx +++ b/api_docs/advanced_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/advancedSettings title: "advancedSettings" image: https://source.unsplash.com/400x175/?github description: API docs for the advancedSettings plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'advancedSettings'] --- import advancedSettingsObj from './advanced_settings.devdocs.json'; diff --git a/api_docs/aiops.mdx b/api_docs/aiops.mdx index 982de600a4cb34..c14d692c24d5e4 100644 --- a/api_docs/aiops.mdx +++ b/api_docs/aiops.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiops title: "aiops" image: https://source.unsplash.com/400x175/?github description: API docs for the aiops plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiops'] --- import aiopsObj from './aiops.devdocs.json'; diff --git a/api_docs/alerting.mdx b/api_docs/alerting.mdx index 6f0c34b07cca18..dbfbad7b56c848 100644 --- a/api_docs/alerting.mdx +++ b/api_docs/alerting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/alerting title: "alerting" image: https://source.unsplash.com/400x175/?github description: API docs for the alerting plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'alerting'] --- import alertingObj from './alerting.devdocs.json'; diff --git a/api_docs/apm.devdocs.json b/api_docs/apm.devdocs.json index 897cd39513a7b8..1f8e4fbabe1307 100644 --- a/api_docs/apm.devdocs.json +++ b/api_docs/apm.devdocs.json @@ -418,7 +418,7 @@ "label": "APIEndpoint", "description": [], "signature": [ - "\"POST /internal/apm/data_view/static\" | \"GET /internal/apm/data_view/title\" | \"GET /internal/apm/environments\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics_by_transaction_name\" | \"POST /internal/apm/services/{serviceName}/errors/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/samples\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/error/{errorId}\" | \"GET /internal/apm/services/{serviceName}/errors/distribution\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/top_erroneous_transactions\" | \"POST /internal/apm/latency/overall_distribution/transactions\" | \"GET /internal/apm/services/{serviceName}/metrics/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/nodes\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/summary\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/functions_overview\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/active_instances\" | \"GET /internal/apm/observability_overview\" | \"GET /internal/apm/observability_overview/has_data\" | \"GET /internal/apm/service-map\" | \"GET /internal/apm/service-map/service/{serviceName}\" | \"GET /internal/apm/service-map/dependency\" | \"GET /internal/apm/services\" | \"POST /internal/apm/services/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/metadata/details\" | \"GET /internal/apm/services/{serviceName}/metadata/icons\" | \"GET /internal/apm/services/{serviceName}/agent\" | \"GET /internal/apm/services/{serviceName}/transaction_types\" | \"GET /internal/apm/services/{serviceName}/node/{serviceNodeName}/metadata\" | \"GET /api/apm/services/{serviceName}/annotation/search 2023-10-31\" | \"POST /api/apm/services/{serviceName}/annotation 2023-10-31\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/details/{serviceNodeName}\" | \"GET /internal/apm/services/{serviceName}/throughput\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/main_statistics\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/dependencies\" | \"GET /internal/apm/services/{serviceName}/dependencies/breakdown\" | \"GET /internal/apm/services/{serviceName}/anomaly_charts\" | \"GET /internal/apm/services/{serviceName}/alerts_count\" | \"GET /internal/apm/service-groups\" | \"GET /internal/apm/service-group\" | \"POST /internal/apm/service-group\" | \"DELETE /internal/apm/service-group\" | \"GET /internal/apm/service-group/services\" | \"GET /internal/apm/service-group/counts\" | \"GET /internal/apm/suggestions\" | \"GET /internal/apm/traces/{traceId}\" | \"GET /internal/apm/traces\" | \"GET /internal/apm/traces/{traceId}/root_transaction\" | \"GET /internal/apm/transactions/{transactionId}\" | \"GET /internal/apm/traces/find\" | \"POST /internal/apm/traces/aggregated_critical_path\" | \"GET /internal/apm/traces/{traceId}/transactions/{transactionId}\" | \"GET /internal/apm/traces/{traceId}/spans/{spanId}\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/latency\" | \"GET /internal/apm/services/{serviceName}/transactions/traces/samples\" | \"GET /internal/apm/services/{serviceName}/transaction/charts/breakdown\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/error_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate_by_transaction_name\" | \"GET /internal/apm/rule_types/transaction_error_rate/chart_preview\" | \"GET /internal/apm/rule_types/error_count/chart_preview\" | \"GET /internal/apm/rule_types/transaction_duration/chart_preview\" | \"GET /api/apm/settings/agent-configuration 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/view 2023-10-31\" | \"DELETE /api/apm/settings/agent-configuration 2023-10-31\" | \"PUT /api/apm/settings/agent-configuration 2023-10-31\" | \"POST /api/apm/settings/agent-configuration/search 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/environments 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/agent_name 2023-10-31\" | \"GET /internal/apm/settings/anomaly-detection/jobs\" | \"POST /internal/apm/settings/anomaly-detection/jobs\" | \"GET /internal/apm/settings/anomaly-detection/environments\" | \"POST /internal/apm/settings/anomaly-detection/update_to_v3\" | \"GET /internal/apm/settings/apm-index-settings\" | \"GET /internal/apm/settings/apm-indices\" | \"POST /internal/apm/settings/apm-indices/save\" | \"GET /internal/apm/settings/custom_links/transaction\" | \"GET /internal/apm/settings/custom_links\" | \"POST /internal/apm/settings/custom_links\" | \"PUT /internal/apm/settings/custom_links/{id}\" | \"DELETE /internal/apm/settings/custom_links/{id}\" | \"GET /api/apm/sourcemaps 2023-10-31\" | \"POST /api/apm/sourcemaps 2023-10-31\" | \"DELETE /api/apm/sourcemaps/{id} 2023-10-31\" | \"POST /internal/apm/sourcemaps/migrate_fleet_artifacts\" | \"GET /internal/apm/fleet/has_apm_policies\" | \"GET /internal/apm/fleet/agents\" | \"POST /api/apm/fleet/apm_server_schema 2023-10-31\" | \"GET /internal/apm/fleet/apm_server_schema/unsupported\" | \"GET /internal/apm/fleet/migration_check\" | \"POST /internal/apm/fleet/cloud_apm_package_policy\" | \"GET /internal/apm/fleet/java_agent_versions\" | \"GET /internal/apm/dependencies/top_dependencies\" | \"GET /internal/apm/dependencies/upstream_services\" | \"GET /internal/apm/dependencies/metadata\" | \"GET /internal/apm/dependencies/charts/latency\" | \"GET /internal/apm/dependencies/charts/throughput\" | \"GET /internal/apm/dependencies/charts/error_rate\" | \"GET /internal/apm/dependencies/operations\" | \"GET /internal/apm/dependencies/charts/distribution\" | \"GET /internal/apm/dependencies/operations/spans\" | \"GET /internal/apm/correlations/field_candidates/transactions\" | \"GET /internal/apm/correlations/field_value_stats/transactions\" | \"POST /internal/apm/correlations/field_value_pairs/transactions\" | \"POST /internal/apm/correlations/significant_correlations/transactions\" | \"POST /internal/apm/correlations/p_values/transactions\" | \"GET /internal/apm/fallback_to_transactions\" | \"GET /internal/apm/has_data\" | \"GET /internal/apm/event_metadata/{processorEvent}/{id}\" | \"GET /internal/apm/agent_keys\" | \"GET /internal/apm/agent_keys/privileges\" | \"POST /internal/apm/api_key/invalidate\" | \"POST /api/apm/agent_keys 2023-10-31\" | \"GET /internal/apm/storage_explorer\" | \"GET /internal/apm/services/{serviceName}/storage_details\" | \"GET /internal/apm/storage_chart\" | \"GET /internal/apm/storage_explorer/privileges\" | \"GET /internal/apm/storage_explorer_summary_stats\" | \"GET /internal/apm/storage_explorer/is_cross_cluster_search\" | \"GET /internal/apm/storage_explorer/get_services\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/parents\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/children\" | \"GET /internal/apm/services/{serviceName}/infrastructure_attributes\" | \"GET /internal/apm/debug-telemetry\" | \"GET /internal/apm/time_range_metadata\" | \"GET /internal/apm/settings/labs\" | \"GET /internal/apm/get_agents_per_service\" | \"GET /internal/apm/get_latest_agent_versions\" | \"GET /internal/apm/services/{serviceName}/agent_instances\" | \"GET /internal/apm/services/{serviceName}/mobile/filters\" | \"GET /internal/apm/mobile-services/{serviceName}/most_used_charts\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/sessions\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/http_requests\" | \"GET /internal/apm/mobile-services/{serviceName}/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/location/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/terms\" | \"GET /internal/apm/mobile-services/{serviceName}/main_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/detailed_statistics\" | \"GET /internal/apm/diagnostics\" | \"POST /internal/apm/assistant/get_apm_timeseries\" | \"GET /internal/apm/assistant/get_service_summary\" | \"GET /internal/apm/assistant/get_error_document\" | \"POST /internal/apm/assistant/get_correlation_values\" | \"GET /internal/apm/assistant/get_downstream_dependencies\" | \"POST /internal/apm/assistant/get_services_list\" | \"GET /internal/apm/services/{serviceName}/profiling/flamegraph\" | \"GET /internal/apm/profiling/status\" | \"GET /internal/apm/services/{serviceName}/profiling/functions\" | \"POST /internal/apm/custom-dashboard\" | \"DELETE /internal/apm/custom-dashboard\" | \"GET /internal/apm/services/{serviceName}/dashboards\"" + "\"POST /internal/apm/data_view/static\" | \"GET /internal/apm/data_view/index_pattern\" | \"GET /internal/apm/environments\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics_by_transaction_name\" | \"POST /internal/apm/services/{serviceName}/errors/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/samples\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/error/{errorId}\" | \"GET /internal/apm/services/{serviceName}/errors/distribution\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/top_erroneous_transactions\" | \"POST /internal/apm/latency/overall_distribution/transactions\" | \"GET /internal/apm/services/{serviceName}/metrics/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/nodes\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/summary\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/functions_overview\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/active_instances\" | \"GET /internal/apm/observability_overview\" | \"GET /internal/apm/observability_overview/has_data\" | \"GET /internal/apm/service-map\" | \"GET /internal/apm/service-map/service/{serviceName}\" | \"GET /internal/apm/service-map/dependency\" | \"GET /internal/apm/services\" | \"POST /internal/apm/services/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/metadata/details\" | \"GET /internal/apm/services/{serviceName}/metadata/icons\" | \"GET /internal/apm/services/{serviceName}/agent\" | \"GET /internal/apm/services/{serviceName}/transaction_types\" | \"GET /internal/apm/services/{serviceName}/node/{serviceNodeName}/metadata\" | \"GET /api/apm/services/{serviceName}/annotation/search 2023-10-31\" | \"POST /api/apm/services/{serviceName}/annotation 2023-10-31\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/details/{serviceNodeName}\" | \"GET /internal/apm/services/{serviceName}/throughput\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/main_statistics\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/dependencies\" | \"GET /internal/apm/services/{serviceName}/dependencies/breakdown\" | \"GET /internal/apm/services/{serviceName}/anomaly_charts\" | \"GET /internal/apm/services/{serviceName}/alerts_count\" | \"GET /internal/apm/service-groups\" | \"GET /internal/apm/service-group\" | \"POST /internal/apm/service-group\" | \"DELETE /internal/apm/service-group\" | \"GET /internal/apm/service-group/services\" | \"GET /internal/apm/service-group/counts\" | \"GET /internal/apm/suggestions\" | \"GET /internal/apm/traces/{traceId}\" | \"GET /internal/apm/traces\" | \"GET /internal/apm/traces/{traceId}/root_transaction\" | \"GET /internal/apm/transactions/{transactionId}\" | \"GET /internal/apm/traces/find\" | \"POST /internal/apm/traces/aggregated_critical_path\" | \"GET /internal/apm/traces/{traceId}/transactions/{transactionId}\" | \"GET /internal/apm/traces/{traceId}/spans/{spanId}\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/latency\" | \"GET /internal/apm/services/{serviceName}/transactions/traces/samples\" | \"GET /internal/apm/services/{serviceName}/transaction/charts/breakdown\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/error_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate_by_transaction_name\" | \"GET /internal/apm/rule_types/transaction_error_rate/chart_preview\" | \"GET /internal/apm/rule_types/error_count/chart_preview\" | \"GET /internal/apm/rule_types/transaction_duration/chart_preview\" | \"GET /api/apm/settings/agent-configuration 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/view 2023-10-31\" | \"DELETE /api/apm/settings/agent-configuration 2023-10-31\" | \"PUT /api/apm/settings/agent-configuration 2023-10-31\" | \"POST /api/apm/settings/agent-configuration/search 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/environments 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/agent_name 2023-10-31\" | \"GET /internal/apm/settings/anomaly-detection/jobs\" | \"POST /internal/apm/settings/anomaly-detection/jobs\" | \"GET /internal/apm/settings/anomaly-detection/environments\" | \"POST /internal/apm/settings/anomaly-detection/update_to_v3\" | \"GET /internal/apm/settings/apm-index-settings\" | \"GET /internal/apm/settings/apm-indices\" | \"POST /internal/apm/settings/apm-indices/save\" | \"GET /internal/apm/settings/custom_links/transaction\" | \"GET /internal/apm/settings/custom_links\" | \"POST /internal/apm/settings/custom_links\" | \"PUT /internal/apm/settings/custom_links/{id}\" | \"DELETE /internal/apm/settings/custom_links/{id}\" | \"GET /api/apm/sourcemaps 2023-10-31\" | \"POST /api/apm/sourcemaps 2023-10-31\" | \"DELETE /api/apm/sourcemaps/{id} 2023-10-31\" | \"POST /internal/apm/sourcemaps/migrate_fleet_artifacts\" | \"GET /internal/apm/fleet/has_apm_policies\" | \"GET /internal/apm/fleet/agents\" | \"POST /api/apm/fleet/apm_server_schema 2023-10-31\" | \"GET /internal/apm/fleet/apm_server_schema/unsupported\" | \"GET /internal/apm/fleet/migration_check\" | \"POST /internal/apm/fleet/cloud_apm_package_policy\" | \"GET /internal/apm/fleet/java_agent_versions\" | \"GET /internal/apm/dependencies/top_dependencies\" | \"GET /internal/apm/dependencies/upstream_services\" | \"GET /internal/apm/dependencies/metadata\" | \"GET /internal/apm/dependencies/charts/latency\" | \"GET /internal/apm/dependencies/charts/throughput\" | \"GET /internal/apm/dependencies/charts/error_rate\" | \"GET /internal/apm/dependencies/operations\" | \"GET /internal/apm/dependencies/charts/distribution\" | \"GET /internal/apm/dependencies/operations/spans\" | \"GET /internal/apm/correlations/field_candidates/transactions\" | \"GET /internal/apm/correlations/field_value_stats/transactions\" | \"POST /internal/apm/correlations/field_value_pairs/transactions\" | \"POST /internal/apm/correlations/significant_correlations/transactions\" | \"POST /internal/apm/correlations/p_values/transactions\" | \"GET /internal/apm/fallback_to_transactions\" | \"GET /internal/apm/has_data\" | \"GET /internal/apm/event_metadata/{processorEvent}/{id}\" | \"GET /internal/apm/agent_keys\" | \"GET /internal/apm/agent_keys/privileges\" | \"POST /internal/apm/api_key/invalidate\" | \"POST /api/apm/agent_keys 2023-10-31\" | \"GET /internal/apm/storage_explorer\" | \"GET /internal/apm/services/{serviceName}/storage_details\" | \"GET /internal/apm/storage_chart\" | \"GET /internal/apm/storage_explorer/privileges\" | \"GET /internal/apm/storage_explorer_summary_stats\" | \"GET /internal/apm/storage_explorer/is_cross_cluster_search\" | \"GET /internal/apm/storage_explorer/get_services\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/parents\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/children\" | \"GET /internal/apm/services/{serviceName}/infrastructure_attributes\" | \"GET /internal/apm/debug-telemetry\" | \"GET /internal/apm/time_range_metadata\" | \"GET /internal/apm/settings/labs\" | \"GET /internal/apm/get_agents_per_service\" | \"GET /internal/apm/get_latest_agent_versions\" | \"GET /internal/apm/services/{serviceName}/agent_instances\" | \"GET /internal/apm/services/{serviceName}/mobile/filters\" | \"GET /internal/apm/mobile-services/{serviceName}/most_used_charts\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/sessions\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/http_requests\" | \"GET /internal/apm/mobile-services/{serviceName}/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/location/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/terms\" | \"GET /internal/apm/mobile-services/{serviceName}/main_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/detailed_statistics\" | \"GET /internal/apm/diagnostics\" | \"POST /internal/apm/assistant/get_apm_timeseries\" | \"GET /internal/apm/assistant/get_service_summary\" | \"GET /internal/apm/assistant/get_error_document\" | \"POST /internal/apm/assistant/get_correlation_values\" | \"GET /internal/apm/assistant/get_downstream_dependencies\" | \"POST /internal/apm/assistant/get_services_list\" | \"GET /internal/apm/services/{serviceName}/profiling/flamegraph\" | \"GET /internal/apm/profiling/status\" | \"GET /internal/apm/services/{serviceName}/profiling/functions\" | \"POST /internal/apm/custom-dashboard\" | \"DELETE /internal/apm/custom-dashboard\" | \"GET /internal/apm/services/{serviceName}/dashboards\"" ], "path": "x-pack/plugins/apm/server/routes/apm_routes/get_global_apm_server_route_repository.ts", "deprecated": false, @@ -7373,9 +7373,9 @@ }, ">)[]; }>; } & ", "APMRouteCreateOptions", - "; \"GET /internal/apm/data_view/title\": { endpoint: \"GET /internal/apm/data_view/title\"; params?: undefined; handler: ({}: ", + "; \"GET /internal/apm/data_view/index_pattern\": { endpoint: \"GET /internal/apm/data_view/index_pattern\"; params?: undefined; handler: ({}: ", "APMRouteHandlerResources", - ") => Promise<{ apmDataViewTitle: string; }>; } & ", + ") => Promise<{ apmDataViewIndexPattern: string; }>; } & ", "APMRouteCreateOptions", "; \"POST /internal/apm/data_view/static\": { endpoint: \"POST /internal/apm/data_view/static\"; params?: undefined; handler: ({}: ", "APMRouteHandlerResources", diff --git a/api_docs/apm.mdx b/api_docs/apm.mdx index b36b5ec73d51cb..b84e7790f9f786 100644 --- a/api_docs/apm.mdx +++ b/api_docs/apm.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apm title: "apm" image: https://source.unsplash.com/400x175/?github description: API docs for the apm plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apm'] --- import apmObj from './apm.devdocs.json'; diff --git a/api_docs/apm_data_access.mdx b/api_docs/apm_data_access.mdx index dc7bc9f4168594..a737a3aa03cc14 100644 --- a/api_docs/apm_data_access.mdx +++ b/api_docs/apm_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apmDataAccess title: "apmDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the apmDataAccess plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apmDataAccess'] --- import apmDataAccessObj from './apm_data_access.devdocs.json'; diff --git a/api_docs/asset_manager.mdx b/api_docs/asset_manager.mdx index cde658412b6267..c3fd98697b22e9 100644 --- a/api_docs/asset_manager.mdx +++ b/api_docs/asset_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/assetManager title: "assetManager" image: https://source.unsplash.com/400x175/?github description: API docs for the assetManager plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'assetManager'] --- import assetManagerObj from './asset_manager.devdocs.json'; diff --git a/api_docs/banners.mdx b/api_docs/banners.mdx index e711e744ff2412..e242cf936564d2 100644 --- a/api_docs/banners.mdx +++ b/api_docs/banners.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/banners title: "banners" image: https://source.unsplash.com/400x175/?github description: API docs for the banners plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'banners'] --- import bannersObj from './banners.devdocs.json'; diff --git a/api_docs/bfetch.mdx b/api_docs/bfetch.mdx index f719806004f603..564ea0889cab68 100644 --- a/api_docs/bfetch.mdx +++ b/api_docs/bfetch.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/bfetch title: "bfetch" image: https://source.unsplash.com/400x175/?github description: API docs for the bfetch plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'bfetch'] --- import bfetchObj from './bfetch.devdocs.json'; diff --git a/api_docs/canvas.mdx b/api_docs/canvas.mdx index 3d6f38dc51e0c2..a527e0f36e938c 100644 --- a/api_docs/canvas.mdx +++ b/api_docs/canvas.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/canvas title: "canvas" image: https://source.unsplash.com/400x175/?github description: API docs for the canvas plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'canvas'] --- import canvasObj from './canvas.devdocs.json'; diff --git a/api_docs/cases.mdx b/api_docs/cases.mdx index be028c262fc8cd..4a0be26d524c06 100644 --- a/api_docs/cases.mdx +++ b/api_docs/cases.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cases title: "cases" image: https://source.unsplash.com/400x175/?github description: API docs for the cases plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cases'] --- import casesObj from './cases.devdocs.json'; diff --git a/api_docs/charts.mdx b/api_docs/charts.mdx index 31f044cd43c204..f9cc38fc083178 100644 --- a/api_docs/charts.mdx +++ b/api_docs/charts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/charts title: "charts" image: https://source.unsplash.com/400x175/?github description: API docs for the charts plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'charts'] --- import chartsObj from './charts.devdocs.json'; diff --git a/api_docs/cloud.mdx b/api_docs/cloud.mdx index 5f3156ec28e64c..072ea50c708e3d 100644 --- a/api_docs/cloud.mdx +++ b/api_docs/cloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloud title: "cloud" image: https://source.unsplash.com/400x175/?github description: API docs for the cloud plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloud'] --- import cloudObj from './cloud.devdocs.json'; diff --git a/api_docs/cloud_data_migration.mdx b/api_docs/cloud_data_migration.mdx index 6f5136e0128b18..6ee5118a9f63b4 100644 --- a/api_docs/cloud_data_migration.mdx +++ b/api_docs/cloud_data_migration.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDataMigration title: "cloudDataMigration" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDataMigration plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDataMigration'] --- import cloudDataMigrationObj from './cloud_data_migration.devdocs.json'; diff --git a/api_docs/cloud_defend.mdx b/api_docs/cloud_defend.mdx index 9626382646fc26..4f48d4c980a476 100644 --- a/api_docs/cloud_defend.mdx +++ b/api_docs/cloud_defend.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDefend title: "cloudDefend" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDefend plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDefend'] --- import cloudDefendObj from './cloud_defend.devdocs.json'; diff --git a/api_docs/cloud_experiments.mdx b/api_docs/cloud_experiments.mdx index 00d145121b4b47..2f9e2f7f891aa7 100644 --- a/api_docs/cloud_experiments.mdx +++ b/api_docs/cloud_experiments.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudExperiments title: "cloudExperiments" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudExperiments plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudExperiments'] --- import cloudExperimentsObj from './cloud_experiments.devdocs.json'; diff --git a/api_docs/cloud_security_posture.mdx b/api_docs/cloud_security_posture.mdx index 6f317f5a4c3d38..c918913f93c8e0 100644 --- a/api_docs/cloud_security_posture.mdx +++ b/api_docs/cloud_security_posture.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudSecurityPosture title: "cloudSecurityPosture" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudSecurityPosture plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudSecurityPosture'] --- import cloudSecurityPostureObj from './cloud_security_posture.devdocs.json'; diff --git a/api_docs/console.mdx b/api_docs/console.mdx index 0cf268395f6601..6ab20e88642c00 100644 --- a/api_docs/console.mdx +++ b/api_docs/console.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/console title: "console" image: https://source.unsplash.com/400x175/?github description: API docs for the console plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'console'] --- import consoleObj from './console.devdocs.json'; diff --git a/api_docs/content_management.mdx b/api_docs/content_management.mdx index b72abe38430de7..687bbb3564a0e5 100644 --- a/api_docs/content_management.mdx +++ b/api_docs/content_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/contentManagement title: "contentManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the contentManagement plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'contentManagement'] --- import contentManagementObj from './content_management.devdocs.json'; diff --git a/api_docs/controls.mdx b/api_docs/controls.mdx index a0ecf54b26262d..0e78ff8d63bc38 100644 --- a/api_docs/controls.mdx +++ b/api_docs/controls.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/controls title: "controls" image: https://source.unsplash.com/400x175/?github description: API docs for the controls plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'controls'] --- import controlsObj from './controls.devdocs.json'; diff --git a/api_docs/custom_integrations.mdx b/api_docs/custom_integrations.mdx index 988327b1f6afd4..9128f586088e5f 100644 --- a/api_docs/custom_integrations.mdx +++ b/api_docs/custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/customIntegrations title: "customIntegrations" image: https://source.unsplash.com/400x175/?github description: API docs for the customIntegrations plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'customIntegrations'] --- import customIntegrationsObj from './custom_integrations.devdocs.json'; diff --git a/api_docs/dashboard.mdx b/api_docs/dashboard.mdx index 1e71b5e2af76a2..a468f244085c61 100644 --- a/api_docs/dashboard.mdx +++ b/api_docs/dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboard title: "dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboard plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboard'] --- import dashboardObj from './dashboard.devdocs.json'; diff --git a/api_docs/dashboard_enhanced.mdx b/api_docs/dashboard_enhanced.mdx index 377a387a9ac73a..c3b9a1685c769b 100644 --- a/api_docs/dashboard_enhanced.mdx +++ b/api_docs/dashboard_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboardEnhanced title: "dashboardEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboardEnhanced plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboardEnhanced'] --- import dashboardEnhancedObj from './dashboard_enhanced.devdocs.json'; diff --git a/api_docs/data.mdx b/api_docs/data.mdx index 95c29b81e939ac..043b2e706493c9 100644 --- a/api_docs/data.mdx +++ b/api_docs/data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data title: "data" image: https://source.unsplash.com/400x175/?github description: API docs for the data plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data'] --- import dataObj from './data.devdocs.json'; diff --git a/api_docs/data_query.mdx b/api_docs/data_query.mdx index f7de54bc460e66..95d6ffb8041d80 100644 --- a/api_docs/data_query.mdx +++ b/api_docs/data_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-query title: "data.query" image: https://source.unsplash.com/400x175/?github description: API docs for the data.query plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.query'] --- import dataQueryObj from './data_query.devdocs.json'; diff --git a/api_docs/data_search.mdx b/api_docs/data_search.mdx index 6366762252bc5b..1ef69eff529d1a 100644 --- a/api_docs/data_search.mdx +++ b/api_docs/data_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-search title: "data.search" image: https://source.unsplash.com/400x175/?github description: API docs for the data.search plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.search'] --- import dataSearchObj from './data_search.devdocs.json'; diff --git a/api_docs/data_view_editor.mdx b/api_docs/data_view_editor.mdx index 1e71ba9f72dc03..6484d822c69a97 100644 --- a/api_docs/data_view_editor.mdx +++ b/api_docs/data_view_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewEditor title: "dataViewEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewEditor plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewEditor'] --- import dataViewEditorObj from './data_view_editor.devdocs.json'; diff --git a/api_docs/data_view_field_editor.mdx b/api_docs/data_view_field_editor.mdx index 21f4e69dee8d9c..7e4a49ec9e83dc 100644 --- a/api_docs/data_view_field_editor.mdx +++ b/api_docs/data_view_field_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewFieldEditor title: "dataViewFieldEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewFieldEditor plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewFieldEditor'] --- import dataViewFieldEditorObj from './data_view_field_editor.devdocs.json'; diff --git a/api_docs/data_view_management.mdx b/api_docs/data_view_management.mdx index 0cbad35e8fffad..6131c415a04acc 100644 --- a/api_docs/data_view_management.mdx +++ b/api_docs/data_view_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewManagement title: "dataViewManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewManagement plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewManagement'] --- import dataViewManagementObj from './data_view_management.devdocs.json'; diff --git a/api_docs/data_views.mdx b/api_docs/data_views.mdx index eff0e7c32d656c..4f61e3cce929e0 100644 --- a/api_docs/data_views.mdx +++ b/api_docs/data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViews title: "dataViews" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViews plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViews'] --- import dataViewsObj from './data_views.devdocs.json'; diff --git a/api_docs/data_visualizer.mdx b/api_docs/data_visualizer.mdx index d40bb1bbfb10ac..8aec0b9b2e31d6 100644 --- a/api_docs/data_visualizer.mdx +++ b/api_docs/data_visualizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataVisualizer title: "dataVisualizer" image: https://source.unsplash.com/400x175/?github description: API docs for the dataVisualizer plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataVisualizer'] --- import dataVisualizerObj from './data_visualizer.devdocs.json'; diff --git a/api_docs/dataset_quality.mdx b/api_docs/dataset_quality.mdx index 7bfcf9bd82c531..fd897f93822a41 100644 --- a/api_docs/dataset_quality.mdx +++ b/api_docs/dataset_quality.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/datasetQuality title: "datasetQuality" image: https://source.unsplash.com/400x175/?github description: API docs for the datasetQuality plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'datasetQuality'] --- import datasetQualityObj from './dataset_quality.devdocs.json'; diff --git a/api_docs/deprecations_by_api.mdx b/api_docs/deprecations_by_api.mdx index 30b15ba58efa83..76ed656e45c0ef 100644 --- a/api_docs/deprecations_by_api.mdx +++ b/api_docs/deprecations_by_api.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByApi slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-api title: Deprecated API usage by API description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/deprecations_by_plugin.mdx b/api_docs/deprecations_by_plugin.mdx index 75597e9fa33875..498a4fe745f18f 100644 --- a/api_docs/deprecations_by_plugin.mdx +++ b/api_docs/deprecations_by_plugin.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByPlugin slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-plugin title: Deprecated API usage by plugin description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/deprecations_by_team.mdx b/api_docs/deprecations_by_team.mdx index 602e956dcaef80..7804abf2afe555 100644 --- a/api_docs/deprecations_by_team.mdx +++ b/api_docs/deprecations_by_team.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsDueByTeam slug: /kibana-dev-docs/api-meta/deprecations-due-by-team title: Deprecated APIs due to be removed, by team description: Lists the teams that are referencing deprecated APIs with a remove by date. -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/dev_tools.mdx b/api_docs/dev_tools.mdx index af4682e754be6b..e09ade40653751 100644 --- a/api_docs/dev_tools.mdx +++ b/api_docs/dev_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/devTools title: "devTools" image: https://source.unsplash.com/400x175/?github description: API docs for the devTools plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'devTools'] --- import devToolsObj from './dev_tools.devdocs.json'; diff --git a/api_docs/discover.mdx b/api_docs/discover.mdx index 3b9f39c82b70e1..1345ef75ad6ac0 100644 --- a/api_docs/discover.mdx +++ b/api_docs/discover.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discover title: "discover" image: https://source.unsplash.com/400x175/?github description: API docs for the discover plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discover'] --- import discoverObj from './discover.devdocs.json'; diff --git a/api_docs/discover_enhanced.mdx b/api_docs/discover_enhanced.mdx index b3a5f75e85d16d..d557ebe34a18e8 100644 --- a/api_docs/discover_enhanced.mdx +++ b/api_docs/discover_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverEnhanced title: "discoverEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the discoverEnhanced plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverEnhanced'] --- import discoverEnhancedObj from './discover_enhanced.devdocs.json'; diff --git a/api_docs/ecs_data_quality_dashboard.mdx b/api_docs/ecs_data_quality_dashboard.mdx index 8a620cbe2851e8..44f3dcdddecced 100644 --- a/api_docs/ecs_data_quality_dashboard.mdx +++ b/api_docs/ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ecsDataQualityDashboard title: "ecsDataQualityDashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the ecsDataQualityDashboard plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ecsDataQualityDashboard'] --- import ecsDataQualityDashboardObj from './ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/elastic_assistant.mdx b/api_docs/elastic_assistant.mdx index de8f22ac309b73..34dd65504fd90f 100644 --- a/api_docs/elastic_assistant.mdx +++ b/api_docs/elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/elasticAssistant title: "elasticAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the elasticAssistant plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'elasticAssistant'] --- import elasticAssistantObj from './elastic_assistant.devdocs.json'; diff --git a/api_docs/embeddable.mdx b/api_docs/embeddable.mdx index 532ab1afc1a9b5..50e7440f413819 100644 --- a/api_docs/embeddable.mdx +++ b/api_docs/embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddable title: "embeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddable plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddable'] --- import embeddableObj from './embeddable.devdocs.json'; diff --git a/api_docs/embeddable_enhanced.mdx b/api_docs/embeddable_enhanced.mdx index 63882f6dabbeae..de533bfb6a1ea4 100644 --- a/api_docs/embeddable_enhanced.mdx +++ b/api_docs/embeddable_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddableEnhanced title: "embeddableEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddableEnhanced plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddableEnhanced'] --- import embeddableEnhancedObj from './embeddable_enhanced.devdocs.json'; diff --git a/api_docs/encrypted_saved_objects.mdx b/api_docs/encrypted_saved_objects.mdx index ce6359df93e61e..051d9e2f093e7d 100644 --- a/api_docs/encrypted_saved_objects.mdx +++ b/api_docs/encrypted_saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/encryptedSavedObjects title: "encryptedSavedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the encryptedSavedObjects plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'encryptedSavedObjects'] --- import encryptedSavedObjectsObj from './encrypted_saved_objects.devdocs.json'; diff --git a/api_docs/enterprise_search.mdx b/api_docs/enterprise_search.mdx index 330caa2cde4ebb..79083831bd706f 100644 --- a/api_docs/enterprise_search.mdx +++ b/api_docs/enterprise_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/enterpriseSearch title: "enterpriseSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the enterpriseSearch plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'enterpriseSearch'] --- import enterpriseSearchObj from './enterprise_search.devdocs.json'; diff --git a/api_docs/es_ui_shared.mdx b/api_docs/es_ui_shared.mdx index 6d6852e7de839f..00276211783ba6 100644 --- a/api_docs/es_ui_shared.mdx +++ b/api_docs/es_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esUiShared title: "esUiShared" image: https://source.unsplash.com/400x175/?github description: API docs for the esUiShared plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esUiShared'] --- import esUiSharedObj from './es_ui_shared.devdocs.json'; diff --git a/api_docs/event_annotation.mdx b/api_docs/event_annotation.mdx index 71413ee1537316..3bdc056cfc18a1 100644 --- a/api_docs/event_annotation.mdx +++ b/api_docs/event_annotation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotation title: "eventAnnotation" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotation plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotation'] --- import eventAnnotationObj from './event_annotation.devdocs.json'; diff --git a/api_docs/event_annotation_listing.mdx b/api_docs/event_annotation_listing.mdx index 0c62b31be3d97f..ad63fbc3e4fb11 100644 --- a/api_docs/event_annotation_listing.mdx +++ b/api_docs/event_annotation_listing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotationListing title: "eventAnnotationListing" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotationListing plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotationListing'] --- import eventAnnotationListingObj from './event_annotation_listing.devdocs.json'; diff --git a/api_docs/event_log.mdx b/api_docs/event_log.mdx index 470ab03a0a40ec..958b808a502334 100644 --- a/api_docs/event_log.mdx +++ b/api_docs/event_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventLog title: "eventLog" image: https://source.unsplash.com/400x175/?github description: API docs for the eventLog plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventLog'] --- import eventLogObj from './event_log.devdocs.json'; diff --git a/api_docs/exploratory_view.mdx b/api_docs/exploratory_view.mdx index 15eedd0b6b83d1..9baad8ed30a743 100644 --- a/api_docs/exploratory_view.mdx +++ b/api_docs/exploratory_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/exploratoryView title: "exploratoryView" image: https://source.unsplash.com/400x175/?github description: API docs for the exploratoryView plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'exploratoryView'] --- import exploratoryViewObj from './exploratory_view.devdocs.json'; diff --git a/api_docs/expression_error.mdx b/api_docs/expression_error.mdx index a8f0afdb8eda26..cd5534e73bd64d 100644 --- a/api_docs/expression_error.mdx +++ b/api_docs/expression_error.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionError title: "expressionError" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionError plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionError'] --- import expressionErrorObj from './expression_error.devdocs.json'; diff --git a/api_docs/expression_gauge.mdx b/api_docs/expression_gauge.mdx index 0c2866da049446..1871f53f5df458 100644 --- a/api_docs/expression_gauge.mdx +++ b/api_docs/expression_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionGauge title: "expressionGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionGauge plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionGauge'] --- import expressionGaugeObj from './expression_gauge.devdocs.json'; diff --git a/api_docs/expression_heatmap.mdx b/api_docs/expression_heatmap.mdx index 471e3c401a7faf..e5b047559483b1 100644 --- a/api_docs/expression_heatmap.mdx +++ b/api_docs/expression_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionHeatmap title: "expressionHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionHeatmap plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionHeatmap'] --- import expressionHeatmapObj from './expression_heatmap.devdocs.json'; diff --git a/api_docs/expression_image.mdx b/api_docs/expression_image.mdx index 74f22551d9f21b..db8a9d719a41ba 100644 --- a/api_docs/expression_image.mdx +++ b/api_docs/expression_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionImage title: "expressionImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionImage plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionImage'] --- import expressionImageObj from './expression_image.devdocs.json'; diff --git a/api_docs/expression_legacy_metric_vis.mdx b/api_docs/expression_legacy_metric_vis.mdx index 0b783d635993e9..72e1fe6f37c851 100644 --- a/api_docs/expression_legacy_metric_vis.mdx +++ b/api_docs/expression_legacy_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionLegacyMetricVis title: "expressionLegacyMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionLegacyMetricVis plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionLegacyMetricVis'] --- import expressionLegacyMetricVisObj from './expression_legacy_metric_vis.devdocs.json'; diff --git a/api_docs/expression_metric.mdx b/api_docs/expression_metric.mdx index 44d058c6b0488a..bc0e4be2e99b85 100644 --- a/api_docs/expression_metric.mdx +++ b/api_docs/expression_metric.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetric title: "expressionMetric" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetric plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetric'] --- import expressionMetricObj from './expression_metric.devdocs.json'; diff --git a/api_docs/expression_metric_vis.mdx b/api_docs/expression_metric_vis.mdx index d767352a9743d4..0416ed3733bd0e 100644 --- a/api_docs/expression_metric_vis.mdx +++ b/api_docs/expression_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetricVis title: "expressionMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetricVis plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetricVis'] --- import expressionMetricVisObj from './expression_metric_vis.devdocs.json'; diff --git a/api_docs/expression_partition_vis.mdx b/api_docs/expression_partition_vis.mdx index 049a16783bc0c1..2448a4e0b47102 100644 --- a/api_docs/expression_partition_vis.mdx +++ b/api_docs/expression_partition_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionPartitionVis title: "expressionPartitionVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionPartitionVis plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionPartitionVis'] --- import expressionPartitionVisObj from './expression_partition_vis.devdocs.json'; diff --git a/api_docs/expression_repeat_image.mdx b/api_docs/expression_repeat_image.mdx index 7c01e86d195601..114eabcf97d553 100644 --- a/api_docs/expression_repeat_image.mdx +++ b/api_docs/expression_repeat_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRepeatImage title: "expressionRepeatImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRepeatImage plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRepeatImage'] --- import expressionRepeatImageObj from './expression_repeat_image.devdocs.json'; diff --git a/api_docs/expression_reveal_image.mdx b/api_docs/expression_reveal_image.mdx index 7be74c5bf2f426..24b09175b58b1c 100644 --- a/api_docs/expression_reveal_image.mdx +++ b/api_docs/expression_reveal_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRevealImage title: "expressionRevealImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRevealImage plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRevealImage'] --- import expressionRevealImageObj from './expression_reveal_image.devdocs.json'; diff --git a/api_docs/expression_shape.mdx b/api_docs/expression_shape.mdx index e8a6b343e879fa..7d85211b4ad1de 100644 --- a/api_docs/expression_shape.mdx +++ b/api_docs/expression_shape.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionShape title: "expressionShape" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionShape plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionShape'] --- import expressionShapeObj from './expression_shape.devdocs.json'; diff --git a/api_docs/expression_tagcloud.mdx b/api_docs/expression_tagcloud.mdx index a5de8b597ef092..3b39a614368907 100644 --- a/api_docs/expression_tagcloud.mdx +++ b/api_docs/expression_tagcloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionTagcloud title: "expressionTagcloud" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionTagcloud plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionTagcloud'] --- import expressionTagcloudObj from './expression_tagcloud.devdocs.json'; diff --git a/api_docs/expression_x_y.mdx b/api_docs/expression_x_y.mdx index f98b97573c187b..1ae39611bd16bc 100644 --- a/api_docs/expression_x_y.mdx +++ b/api_docs/expression_x_y.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionXY title: "expressionXY" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionXY plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionXY'] --- import expressionXYObj from './expression_x_y.devdocs.json'; diff --git a/api_docs/expressions.devdocs.json b/api_docs/expressions.devdocs.json index b22b81fce29c4d..6c9f54399a958a 100644 --- a/api_docs/expressions.devdocs.json +++ b/api_docs/expressions.devdocs.json @@ -3802,7 +3802,7 @@ "id": "def-public.ExpressionRenderHandler.Unnamed.$2", "type": "Object", "tags": [], - "label": "{\n onRenderError,\n renderMode,\n syncColors,\n syncTooltips,\n syncCursor,\n interactive,\n hasCompatibleActions = async () => false,\n getCompatibleCellValueActions = async () => [],\n executionContext,\n shouldShowLegendAction,\n }", + "label": "{\n onRenderError,\n renderMode,\n syncColors,\n syncTooltips,\n syncCursor,\n interactive,\n hasCompatibleActions = async () => false,\n getCompatibleCellValueActions = async () => [],\n executionContext,\n }", "description": [], "signature": [ "ExpressionRenderHandlerParams" @@ -7350,38 +7350,6 @@ } ], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-public.ExecutionContext.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-public.ExecutionContext.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -11012,38 +10980,6 @@ "path": "src/plugins/expressions/public/types/index.ts", "deprecated": false, "trackAdoption": false - }, - { - "parentPluginId": "expressions", - "id": "def-public.IExpressionLoaderParams.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/public/types/index.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-public.IExpressionLoaderParams.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/public/types/index.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -11426,38 +11362,6 @@ "trackAdoption": false, "children": [], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-public.IInterpreterRenderHandlers.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-public.IInterpreterRenderHandlers.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -11801,38 +11705,6 @@ "path": "src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx", "deprecated": false, "trackAdoption": false - }, - { - "parentPluginId": "expressions", - "id": "def-public.ReactExpressionRendererProps.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-public.ReactExpressionRendererProps.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -18885,38 +18757,6 @@ } ], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-server.ExecutionContext.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-server.ExecutionContext.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -21566,38 +21406,6 @@ "trackAdoption": false, "children": [], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-server.IInterpreterRenderHandlers.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-server.IInterpreterRenderHandlers.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -31016,38 +30824,6 @@ } ], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-common.ExecutionContext.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-common.ExecutionContext.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -35922,38 +35698,6 @@ "trackAdoption": false, "children": [], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-common.IInterpreterRenderHandlers.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-common.IInterpreterRenderHandlers.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false diff --git a/api_docs/expressions.mdx b/api_docs/expressions.mdx index f46248686e8716..736777d1ac7837 100644 --- a/api_docs/expressions.mdx +++ b/api_docs/expressions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressions title: "expressions" image: https://source.unsplash.com/400x175/?github description: API docs for the expressions plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressions'] --- import expressionsObj from './expressions.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/k | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 2224 | 17 | 1765 | 5 | +| 2208 | 17 | 1749 | 5 | ## Client diff --git a/api_docs/features.mdx b/api_docs/features.mdx index a1074a9d941f12..7e26df9d8ab0ac 100644 --- a/api_docs/features.mdx +++ b/api_docs/features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/features title: "features" image: https://source.unsplash.com/400x175/?github description: API docs for the features plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'features'] --- import featuresObj from './features.devdocs.json'; diff --git a/api_docs/field_formats.mdx b/api_docs/field_formats.mdx index 6102bbf61c378c..6a2758ad6bbcec 100644 --- a/api_docs/field_formats.mdx +++ b/api_docs/field_formats.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldFormats title: "fieldFormats" image: https://source.unsplash.com/400x175/?github description: API docs for the fieldFormats plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldFormats'] --- import fieldFormatsObj from './field_formats.devdocs.json'; diff --git a/api_docs/file_upload.mdx b/api_docs/file_upload.mdx index 4ae24051597a27..9dcda19534d67b 100644 --- a/api_docs/file_upload.mdx +++ b/api_docs/file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fileUpload title: "fileUpload" image: https://source.unsplash.com/400x175/?github description: API docs for the fileUpload plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fileUpload'] --- import fileUploadObj from './file_upload.devdocs.json'; diff --git a/api_docs/files.mdx b/api_docs/files.mdx index a12fcc3712014e..465df5bdefa873 100644 --- a/api_docs/files.mdx +++ b/api_docs/files.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/files title: "files" image: https://source.unsplash.com/400x175/?github description: API docs for the files plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'files'] --- import filesObj from './files.devdocs.json'; diff --git a/api_docs/files_management.mdx b/api_docs/files_management.mdx index e4e1eb8adc8a9e..c902738572789e 100644 --- a/api_docs/files_management.mdx +++ b/api_docs/files_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/filesManagement title: "filesManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the filesManagement plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'filesManagement'] --- import filesManagementObj from './files_management.devdocs.json'; diff --git a/api_docs/fleet.mdx b/api_docs/fleet.mdx index 61da82ea13e5b5..1744f38c82daac 100644 --- a/api_docs/fleet.mdx +++ b/api_docs/fleet.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fleet title: "fleet" image: https://source.unsplash.com/400x175/?github description: API docs for the fleet plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fleet'] --- import fleetObj from './fleet.devdocs.json'; diff --git a/api_docs/global_search.mdx b/api_docs/global_search.mdx index 59bff63b64ac97..4a554a725fff8d 100644 --- a/api_docs/global_search.mdx +++ b/api_docs/global_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/globalSearch title: "globalSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the globalSearch plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'globalSearch'] --- import globalSearchObj from './global_search.devdocs.json'; diff --git a/api_docs/guided_onboarding.mdx b/api_docs/guided_onboarding.mdx index d6c5ca4d91a314..ac7d8013ba6d3c 100644 --- a/api_docs/guided_onboarding.mdx +++ b/api_docs/guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/guidedOnboarding title: "guidedOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the guidedOnboarding plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'guidedOnboarding'] --- import guidedOnboardingObj from './guided_onboarding.devdocs.json'; diff --git a/api_docs/home.mdx b/api_docs/home.mdx index c2b1da13e6302c..c4208655916d01 100644 --- a/api_docs/home.mdx +++ b/api_docs/home.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/home title: "home" image: https://source.unsplash.com/400x175/?github description: API docs for the home plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'home'] --- import homeObj from './home.devdocs.json'; diff --git a/api_docs/image_embeddable.mdx b/api_docs/image_embeddable.mdx index de3f83aa1768ac..e49f3b0377704e 100644 --- a/api_docs/image_embeddable.mdx +++ b/api_docs/image_embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/imageEmbeddable title: "imageEmbeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the imageEmbeddable plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'imageEmbeddable'] --- import imageEmbeddableObj from './image_embeddable.devdocs.json'; diff --git a/api_docs/index_lifecycle_management.mdx b/api_docs/index_lifecycle_management.mdx index 619a1c9734cae2..c96652dc1d2fcc 100644 --- a/api_docs/index_lifecycle_management.mdx +++ b/api_docs/index_lifecycle_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexLifecycleManagement title: "indexLifecycleManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexLifecycleManagement plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexLifecycleManagement'] --- import indexLifecycleManagementObj from './index_lifecycle_management.devdocs.json'; diff --git a/api_docs/index_management.mdx b/api_docs/index_management.mdx index 03528cc3a1b706..2639af5535e1ed 100644 --- a/api_docs/index_management.mdx +++ b/api_docs/index_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexManagement title: "indexManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexManagement plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexManagement'] --- import indexManagementObj from './index_management.devdocs.json'; diff --git a/api_docs/infra.mdx b/api_docs/infra.mdx index 7772c7236a9fee..71420826df6dbe 100644 --- a/api_docs/infra.mdx +++ b/api_docs/infra.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/infra title: "infra" image: https://source.unsplash.com/400x175/?github description: API docs for the infra plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'infra'] --- import infraObj from './infra.devdocs.json'; diff --git a/api_docs/inspector.mdx b/api_docs/inspector.mdx index 9ccb5b40fac7d0..9660dc20f7aa2c 100644 --- a/api_docs/inspector.mdx +++ b/api_docs/inspector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inspector title: "inspector" image: https://source.unsplash.com/400x175/?github description: API docs for the inspector plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inspector'] --- import inspectorObj from './inspector.devdocs.json'; diff --git a/api_docs/interactive_setup.mdx b/api_docs/interactive_setup.mdx index 03df908305f425..288958199e0b75 100644 --- a/api_docs/interactive_setup.mdx +++ b/api_docs/interactive_setup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/interactiveSetup title: "interactiveSetup" image: https://source.unsplash.com/400x175/?github description: API docs for the interactiveSetup plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'interactiveSetup'] --- import interactiveSetupObj from './interactive_setup.devdocs.json'; diff --git a/api_docs/kbn_ace.mdx b/api_docs/kbn_ace.mdx index bbfd1822add4aa..30af81a5a462fc 100644 --- a/api_docs/kbn_ace.mdx +++ b/api_docs/kbn_ace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ace title: "@kbn/ace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ace plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ace'] --- import kbnAceObj from './kbn_ace.devdocs.json'; diff --git a/api_docs/kbn_aiops_components.mdx b/api_docs/kbn_aiops_components.mdx index 426ac3047e1266..498d8b80579c21 100644 --- a/api_docs/kbn_aiops_components.mdx +++ b/api_docs/kbn_aiops_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-components title: "@kbn/aiops-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-components plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-components'] --- import kbnAiopsComponentsObj from './kbn_aiops_components.devdocs.json'; diff --git a/api_docs/kbn_aiops_utils.mdx b/api_docs/kbn_aiops_utils.mdx index 268d3bb6ee2b9d..fe5916c30c0d69 100644 --- a/api_docs/kbn_aiops_utils.mdx +++ b/api_docs/kbn_aiops_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-utils title: "@kbn/aiops-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-utils'] --- import kbnAiopsUtilsObj from './kbn_aiops_utils.devdocs.json'; diff --git a/api_docs/kbn_alerting_api_integration_helpers.mdx b/api_docs/kbn_alerting_api_integration_helpers.mdx index dd207fa543eaab..02bcc50aa26ed3 100644 --- a/api_docs/kbn_alerting_api_integration_helpers.mdx +++ b/api_docs/kbn_alerting_api_integration_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-api-integration-helpers title: "@kbn/alerting-api-integration-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-api-integration-helpers plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-api-integration-helpers'] --- import kbnAlertingApiIntegrationHelpersObj from './kbn_alerting_api_integration_helpers.devdocs.json'; diff --git a/api_docs/kbn_alerting_state_types.mdx b/api_docs/kbn_alerting_state_types.mdx index 9fc9a8f8a7528c..91edd2d33adb8f 100644 --- a/api_docs/kbn_alerting_state_types.mdx +++ b/api_docs/kbn_alerting_state_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-state-types title: "@kbn/alerting-state-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-state-types plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-state-types'] --- import kbnAlertingStateTypesObj from './kbn_alerting_state_types.devdocs.json'; diff --git a/api_docs/kbn_alerts_as_data_utils.mdx b/api_docs/kbn_alerts_as_data_utils.mdx index 272b8fb194595d..3920ff3bc1987e 100644 --- a/api_docs/kbn_alerts_as_data_utils.mdx +++ b/api_docs/kbn_alerts_as_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-as-data-utils title: "@kbn/alerts-as-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-as-data-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-as-data-utils'] --- import kbnAlertsAsDataUtilsObj from './kbn_alerts_as_data_utils.devdocs.json'; diff --git a/api_docs/kbn_alerts_ui_shared.mdx b/api_docs/kbn_alerts_ui_shared.mdx index 9eb797712141cc..57fe755400e5b5 100644 --- a/api_docs/kbn_alerts_ui_shared.mdx +++ b/api_docs/kbn_alerts_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-ui-shared title: "@kbn/alerts-ui-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-ui-shared plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-ui-shared'] --- import kbnAlertsUiSharedObj from './kbn_alerts_ui_shared.devdocs.json'; diff --git a/api_docs/kbn_analytics.mdx b/api_docs/kbn_analytics.mdx index 464dd4038a8ceb..accc966ceea3f5 100644 --- a/api_docs/kbn_analytics.mdx +++ b/api_docs/kbn_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics title: "@kbn/analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics'] --- import kbnAnalyticsObj from './kbn_analytics.devdocs.json'; diff --git a/api_docs/kbn_analytics_client.mdx b/api_docs/kbn_analytics_client.mdx index 335c0f7aa4af3e..d4c0814d1c5634 100644 --- a/api_docs/kbn_analytics_client.mdx +++ b/api_docs/kbn_analytics_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-client title: "@kbn/analytics-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-client plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-client'] --- import kbnAnalyticsClientObj from './kbn_analytics_client.devdocs.json'; diff --git a/api_docs/kbn_analytics_collection_utils.mdx b/api_docs/kbn_analytics_collection_utils.mdx index f949c6c084b019..1846fc4942b7fe 100644 --- a/api_docs/kbn_analytics_collection_utils.mdx +++ b/api_docs/kbn_analytics_collection_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-collection-utils title: "@kbn/analytics-collection-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-collection-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-collection-utils'] --- import kbnAnalyticsCollectionUtilsObj from './kbn_analytics_collection_utils.devdocs.json'; diff --git a/api_docs/kbn_analytics_shippers_elastic_v3_browser.mdx b/api_docs/kbn_analytics_shippers_elastic_v3_browser.mdx index 2e718d529ec19d..dd63b24dc0960a 100644 --- a/api_docs/kbn_analytics_shippers_elastic_v3_browser.mdx +++ b/api_docs/kbn_analytics_shippers_elastic_v3_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-shippers-elastic-v3-browser title: "@kbn/analytics-shippers-elastic-v3-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-shippers-elastic-v3-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-shippers-elastic-v3-browser'] --- import kbnAnalyticsShippersElasticV3BrowserObj from './kbn_analytics_shippers_elastic_v3_browser.devdocs.json'; diff --git a/api_docs/kbn_analytics_shippers_elastic_v3_common.mdx b/api_docs/kbn_analytics_shippers_elastic_v3_common.mdx index 7beaedf6f6a670..9d182ee6d94c35 100644 --- a/api_docs/kbn_analytics_shippers_elastic_v3_common.mdx +++ b/api_docs/kbn_analytics_shippers_elastic_v3_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-shippers-elastic-v3-common title: "@kbn/analytics-shippers-elastic-v3-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-shippers-elastic-v3-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-shippers-elastic-v3-common'] --- import kbnAnalyticsShippersElasticV3CommonObj from './kbn_analytics_shippers_elastic_v3_common.devdocs.json'; diff --git a/api_docs/kbn_analytics_shippers_elastic_v3_server.mdx b/api_docs/kbn_analytics_shippers_elastic_v3_server.mdx index ab98480d10cd3d..4d3308bc23b7f5 100644 --- a/api_docs/kbn_analytics_shippers_elastic_v3_server.mdx +++ b/api_docs/kbn_analytics_shippers_elastic_v3_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-shippers-elastic-v3-server title: "@kbn/analytics-shippers-elastic-v3-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-shippers-elastic-v3-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-shippers-elastic-v3-server'] --- import kbnAnalyticsShippersElasticV3ServerObj from './kbn_analytics_shippers_elastic_v3_server.devdocs.json'; diff --git a/api_docs/kbn_analytics_shippers_fullstory.mdx b/api_docs/kbn_analytics_shippers_fullstory.mdx index 0ed9a7cc36cae7..0ea6ed98e604eb 100644 --- a/api_docs/kbn_analytics_shippers_fullstory.mdx +++ b/api_docs/kbn_analytics_shippers_fullstory.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-shippers-fullstory title: "@kbn/analytics-shippers-fullstory" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-shippers-fullstory plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-shippers-fullstory'] --- import kbnAnalyticsShippersFullstoryObj from './kbn_analytics_shippers_fullstory.devdocs.json'; diff --git a/api_docs/kbn_analytics_shippers_gainsight.mdx b/api_docs/kbn_analytics_shippers_gainsight.mdx index 07069d1903fb39..1221a9199f66db 100644 --- a/api_docs/kbn_analytics_shippers_gainsight.mdx +++ b/api_docs/kbn_analytics_shippers_gainsight.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-shippers-gainsight title: "@kbn/analytics-shippers-gainsight" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-shippers-gainsight plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-shippers-gainsight'] --- import kbnAnalyticsShippersGainsightObj from './kbn_analytics_shippers_gainsight.devdocs.json'; diff --git a/api_docs/kbn_apm_config_loader.mdx b/api_docs/kbn_apm_config_loader.mdx index 5dcbad69f5d40a..686fe0d0533e3c 100644 --- a/api_docs/kbn_apm_config_loader.mdx +++ b/api_docs/kbn_apm_config_loader.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-config-loader title: "@kbn/apm-config-loader" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-config-loader plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-config-loader'] --- import kbnApmConfigLoaderObj from './kbn_apm_config_loader.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace.mdx b/api_docs/kbn_apm_synthtrace.mdx index efe6d8da664924..5ed1cfcf9888db 100644 --- a/api_docs/kbn_apm_synthtrace.mdx +++ b/api_docs/kbn_apm_synthtrace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace title: "@kbn/apm-synthtrace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace'] --- import kbnApmSynthtraceObj from './kbn_apm_synthtrace.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace_client.devdocs.json b/api_docs/kbn_apm_synthtrace_client.devdocs.json index 46142d3de9ec8b..4d7c6ca9c465da 100644 --- a/api_docs/kbn_apm_synthtrace_client.devdocs.json +++ b/api_docs/kbn_apm_synthtrace_client.devdocs.json @@ -2550,7 +2550,7 @@ "label": "LogDocument", "description": [], "signature": [ - "{ '@timestamp'?: number | undefined; } & Partial<{ 'input.type': string; 'log.file.path'?: string | undefined; 'service.name'?: string | undefined; 'data_stream.namespace': string; 'data_stream.type': string; 'data_stream.dataset': string; message?: string | undefined; 'event.dataset': string; 'log.level'?: string | undefined; 'host.name'?: string | undefined; 'trace.id'?: string | undefined; 'agent.name'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.resource.id'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.instance.id'?: string | undefined; }>" + "{ '@timestamp'?: number | undefined; } & Partial<{ 'input.type': string; 'log.file.path'?: string | undefined; 'service.name'?: string | undefined; 'data_stream.namespace': string; 'data_stream.type': string; 'data_stream.dataset': string; message?: string | undefined; 'event.dataset': string; 'log.level'?: string | undefined; 'host.name'?: string | undefined; 'trace.id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.resource.id'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.instance.id'?: string | undefined; }>" ], "path": "packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts", "deprecated": false, diff --git a/api_docs/kbn_apm_synthtrace_client.mdx b/api_docs/kbn_apm_synthtrace_client.mdx index 00bcca0d9d5a62..ba5f775a98c3fc 100644 --- a/api_docs/kbn_apm_synthtrace_client.mdx +++ b/api_docs/kbn_apm_synthtrace_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace-client title: "@kbn/apm-synthtrace-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace-client plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace-client'] --- import kbnApmSynthtraceClientObj from './kbn_apm_synthtrace_client.devdocs.json'; diff --git a/api_docs/kbn_apm_utils.mdx b/api_docs/kbn_apm_utils.mdx index 1511853ef2cf10..57489e78c1b670 100644 --- a/api_docs/kbn_apm_utils.mdx +++ b/api_docs/kbn_apm_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-utils title: "@kbn/apm-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-utils'] --- import kbnApmUtilsObj from './kbn_apm_utils.devdocs.json'; diff --git a/api_docs/kbn_axe_config.mdx b/api_docs/kbn_axe_config.mdx index 60f5c20a38ab9c..73c4e91521530d 100644 --- a/api_docs/kbn_axe_config.mdx +++ b/api_docs/kbn_axe_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-axe-config title: "@kbn/axe-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/axe-config plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/axe-config'] --- import kbnAxeConfigObj from './kbn_axe_config.devdocs.json'; diff --git a/api_docs/kbn_calculate_auto.mdx b/api_docs/kbn_calculate_auto.mdx index 6b31762166dddf..70b638105ee805 100644 --- a/api_docs/kbn_calculate_auto.mdx +++ b/api_docs/kbn_calculate_auto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-auto title: "@kbn/calculate-auto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/calculate-auto plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-auto'] --- import kbnCalculateAutoObj from './kbn_calculate_auto.devdocs.json'; diff --git a/api_docs/kbn_cases_components.mdx b/api_docs/kbn_cases_components.mdx index 4648cac4d6317b..f43cf678c8ddbd 100644 --- a/api_docs/kbn_cases_components.mdx +++ b/api_docs/kbn_cases_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cases-components title: "@kbn/cases-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cases-components plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cases-components'] --- import kbnCasesComponentsObj from './kbn_cases_components.devdocs.json'; diff --git a/api_docs/kbn_cell_actions.devdocs.json b/api_docs/kbn_cell_actions.devdocs.json index dcc406e62c1d00..ffa6f3f322ab32 100644 --- a/api_docs/kbn_cell_actions.devdocs.json +++ b/api_docs/kbn_cell_actions.devdocs.json @@ -1309,36 +1309,6 @@ "trackAdoption": false, "initialIsOpen": false }, - { - "parentPluginId": "@kbn/cell-actions", - "id": "def-common.COPY_CELL_ACTION_TYPE", - "type": "string", - "tags": [], - "label": "COPY_CELL_ACTION_TYPE", - "description": [], - "signature": [ - "\"cellAction-copy\"" - ], - "path": "packages/kbn-cell-actions/src/constants.ts", - "deprecated": false, - "trackAdoption": false, - "initialIsOpen": false - }, - { - "parentPluginId": "@kbn/cell-actions", - "id": "def-common.FILTER_CELL_ACTION_TYPE", - "type": "string", - "tags": [], - "label": "FILTER_CELL_ACTION_TYPE", - "description": [], - "signature": [ - "\"cellAction-filter\"" - ], - "path": "packages/kbn-cell-actions/src/constants.ts", - "deprecated": false, - "trackAdoption": false, - "initialIsOpen": false - }, { "parentPluginId": "@kbn/cell-actions", "id": "def-common.UseDataGridColumnsCellActions", diff --git a/api_docs/kbn_cell_actions.mdx b/api_docs/kbn_cell_actions.mdx index 17bc9ac22003cc..a224c6e8146b0e 100644 --- a/api_docs/kbn_cell_actions.mdx +++ b/api_docs/kbn_cell_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cell-actions title: "@kbn/cell-actions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cell-actions plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cell-actions'] --- import kbnCellActionsObj from './kbn_cell_actions.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/security-threat-hunting-explore](https://github.com/orgs/elast | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 62 | 1 | 44 | 3 | +| 60 | 1 | 42 | 3 | ## Common diff --git a/api_docs/kbn_chart_expressions_common.mdx b/api_docs/kbn_chart_expressions_common.mdx index 0d7f05de2ce21c..926ae27abf3454 100644 --- a/api_docs/kbn_chart_expressions_common.mdx +++ b/api_docs/kbn_chart_expressions_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-expressions-common title: "@kbn/chart-expressions-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-expressions-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-expressions-common'] --- import kbnChartExpressionsCommonObj from './kbn_chart_expressions_common.devdocs.json'; diff --git a/api_docs/kbn_chart_icons.mdx b/api_docs/kbn_chart_icons.mdx index 6ce13870045ed5..6cb6794ed96549 100644 --- a/api_docs/kbn_chart_icons.mdx +++ b/api_docs/kbn_chart_icons.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-icons title: "@kbn/chart-icons" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-icons plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-icons'] --- import kbnChartIconsObj from './kbn_chart_icons.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_core.mdx b/api_docs/kbn_ci_stats_core.mdx index 973b15fa872fa2..6d47fa7420b13e 100644 --- a/api_docs/kbn_ci_stats_core.mdx +++ b/api_docs/kbn_ci_stats_core.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-core title: "@kbn/ci-stats-core" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-core plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-core'] --- import kbnCiStatsCoreObj from './kbn_ci_stats_core.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_performance_metrics.mdx b/api_docs/kbn_ci_stats_performance_metrics.mdx index d4566c90137bff..f63c9323776a04 100644 --- a/api_docs/kbn_ci_stats_performance_metrics.mdx +++ b/api_docs/kbn_ci_stats_performance_metrics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-performance-metrics title: "@kbn/ci-stats-performance-metrics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-performance-metrics plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-performance-metrics'] --- import kbnCiStatsPerformanceMetricsObj from './kbn_ci_stats_performance_metrics.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_reporter.mdx b/api_docs/kbn_ci_stats_reporter.mdx index f29eec4fe2fa06..f9cad5f3e1e549 100644 --- a/api_docs/kbn_ci_stats_reporter.mdx +++ b/api_docs/kbn_ci_stats_reporter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-reporter title: "@kbn/ci-stats-reporter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-reporter plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-reporter'] --- import kbnCiStatsReporterObj from './kbn_ci_stats_reporter.devdocs.json'; diff --git a/api_docs/kbn_cli_dev_mode.mdx b/api_docs/kbn_cli_dev_mode.mdx index 218644df9734c3..c0bde54f9b813b 100644 --- a/api_docs/kbn_cli_dev_mode.mdx +++ b/api_docs/kbn_cli_dev_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cli-dev-mode title: "@kbn/cli-dev-mode" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cli-dev-mode plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cli-dev-mode'] --- import kbnCliDevModeObj from './kbn_cli_dev_mode.devdocs.json'; diff --git a/api_docs/kbn_code_editor.mdx b/api_docs/kbn_code_editor.mdx index d87a38e71b17ce..3609f6ff314548 100644 --- a/api_docs/kbn_code_editor.mdx +++ b/api_docs/kbn_code_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor title: "@kbn/code-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-editor plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor'] --- import kbnCodeEditorObj from './kbn_code_editor.devdocs.json'; diff --git a/api_docs/kbn_coloring.mdx b/api_docs/kbn_coloring.mdx index 0adb9eabc59ada..62279636192b7a 100644 --- a/api_docs/kbn_coloring.mdx +++ b/api_docs/kbn_coloring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-coloring title: "@kbn/coloring" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/coloring plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/coloring'] --- import kbnColoringObj from './kbn_coloring.devdocs.json'; diff --git a/api_docs/kbn_config.mdx b/api_docs/kbn_config.mdx index 5cd39a68aff2b1..8a6252e8bc1754 100644 --- a/api_docs/kbn_config.mdx +++ b/api_docs/kbn_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config title: "@kbn/config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config'] --- import kbnConfigObj from './kbn_config.devdocs.json'; diff --git a/api_docs/kbn_config_mocks.mdx b/api_docs/kbn_config_mocks.mdx index 73a8f04091a03a..b06fe0ac57e0e9 100644 --- a/api_docs/kbn_config_mocks.mdx +++ b/api_docs/kbn_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-mocks title: "@kbn/config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-mocks'] --- import kbnConfigMocksObj from './kbn_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_config_schema.mdx b/api_docs/kbn_config_schema.mdx index b19c14d9c68a77..c0d4871240142d 100644 --- a/api_docs/kbn_config_schema.mdx +++ b/api_docs/kbn_config_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-schema title: "@kbn/config-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-schema plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-schema'] --- import kbnConfigSchemaObj from './kbn_config_schema.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_editor.mdx b/api_docs/kbn_content_management_content_editor.mdx index ce26db94bea5cf..7dbdaf2822c139 100644 --- a/api_docs/kbn_content_management_content_editor.mdx +++ b/api_docs/kbn_content_management_content_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-editor title: "@kbn/content-management-content-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-editor plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-editor'] --- import kbnContentManagementContentEditorObj from './kbn_content_management_content_editor.devdocs.json'; diff --git a/api_docs/kbn_content_management_tabbed_table_list_view.mdx b/api_docs/kbn_content_management_tabbed_table_list_view.mdx index e715079dd85c33..40c4610891e862 100644 --- a/api_docs/kbn_content_management_tabbed_table_list_view.mdx +++ b/api_docs/kbn_content_management_tabbed_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-tabbed-table-list-view title: "@kbn/content-management-tabbed-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-tabbed-table-list-view plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-tabbed-table-list-view'] --- import kbnContentManagementTabbedTableListViewObj from './kbn_content_management_tabbed_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view.mdx b/api_docs/kbn_content_management_table_list_view.mdx index 75b90a52a059fd..dc043b346b6ec9 100644 --- a/api_docs/kbn_content_management_table_list_view.mdx +++ b/api_docs/kbn_content_management_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view title: "@kbn/content-management-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view'] --- import kbnContentManagementTableListViewObj from './kbn_content_management_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view_table.mdx b/api_docs/kbn_content_management_table_list_view_table.mdx index 24b344bc513290..c980375149549f 100644 --- a/api_docs/kbn_content_management_table_list_view_table.mdx +++ b/api_docs/kbn_content_management_table_list_view_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-table title: "@kbn/content-management-table-list-view-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view-table plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-table'] --- import kbnContentManagementTableListViewTableObj from './kbn_content_management_table_list_view_table.devdocs.json'; diff --git a/api_docs/kbn_content_management_utils.mdx b/api_docs/kbn_content_management_utils.mdx index 3994eef019eb2b..294e4a4fd5dce9 100644 --- a/api_docs/kbn_content_management_utils.mdx +++ b/api_docs/kbn_content_management_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-utils title: "@kbn/content-management-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-utils'] --- import kbnContentManagementUtilsObj from './kbn_content_management_utils.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser.mdx b/api_docs/kbn_core_analytics_browser.mdx index 183fc976968a6a..280bf14c621d39 100644 --- a/api_docs/kbn_core_analytics_browser.mdx +++ b/api_docs/kbn_core_analytics_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser title: "@kbn/core-analytics-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser'] --- import kbnCoreAnalyticsBrowserObj from './kbn_core_analytics_browser.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_internal.mdx b/api_docs/kbn_core_analytics_browser_internal.mdx index 83615ddfde26db..80f5924a22b101 100644 --- a/api_docs/kbn_core_analytics_browser_internal.mdx +++ b/api_docs/kbn_core_analytics_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-internal title: "@kbn/core-analytics-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-internal'] --- import kbnCoreAnalyticsBrowserInternalObj from './kbn_core_analytics_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_mocks.mdx b/api_docs/kbn_core_analytics_browser_mocks.mdx index 85ecedfe082f1e..0216278dce8b97 100644 --- a/api_docs/kbn_core_analytics_browser_mocks.mdx +++ b/api_docs/kbn_core_analytics_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-mocks title: "@kbn/core-analytics-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-mocks'] --- import kbnCoreAnalyticsBrowserMocksObj from './kbn_core_analytics_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server.mdx b/api_docs/kbn_core_analytics_server.mdx index d6db287c60a872..afd00cdae09e8c 100644 --- a/api_docs/kbn_core_analytics_server.mdx +++ b/api_docs/kbn_core_analytics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server title: "@kbn/core-analytics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server'] --- import kbnCoreAnalyticsServerObj from './kbn_core_analytics_server.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_internal.mdx b/api_docs/kbn_core_analytics_server_internal.mdx index e2aa08b4358638..139d3fde7f15b8 100644 --- a/api_docs/kbn_core_analytics_server_internal.mdx +++ b/api_docs/kbn_core_analytics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-internal title: "@kbn/core-analytics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-internal'] --- import kbnCoreAnalyticsServerInternalObj from './kbn_core_analytics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_mocks.mdx b/api_docs/kbn_core_analytics_server_mocks.mdx index aad895901745cd..cb5240ac079f08 100644 --- a/api_docs/kbn_core_analytics_server_mocks.mdx +++ b/api_docs/kbn_core_analytics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-mocks title: "@kbn/core-analytics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-mocks'] --- import kbnCoreAnalyticsServerMocksObj from './kbn_core_analytics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser.mdx b/api_docs/kbn_core_application_browser.mdx index eefcee653be1f8..9ee4416a12cfc6 100644 --- a/api_docs/kbn_core_application_browser.mdx +++ b/api_docs/kbn_core_application_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser title: "@kbn/core-application-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser'] --- import kbnCoreApplicationBrowserObj from './kbn_core_application_browser.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_internal.mdx b/api_docs/kbn_core_application_browser_internal.mdx index b2f1bc08d302c7..f4d440a0af63bc 100644 --- a/api_docs/kbn_core_application_browser_internal.mdx +++ b/api_docs/kbn_core_application_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-internal title: "@kbn/core-application-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-internal'] --- import kbnCoreApplicationBrowserInternalObj from './kbn_core_application_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_mocks.mdx b/api_docs/kbn_core_application_browser_mocks.mdx index 951857f2656fbb..782fe473273d66 100644 --- a/api_docs/kbn_core_application_browser_mocks.mdx +++ b/api_docs/kbn_core_application_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-mocks title: "@kbn/core-application-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-mocks'] --- import kbnCoreApplicationBrowserMocksObj from './kbn_core_application_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_common.mdx b/api_docs/kbn_core_application_common.mdx index 3c991d270b0196..c132a1d9729cdb 100644 --- a/api_docs/kbn_core_application_common.mdx +++ b/api_docs/kbn_core_application_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-common title: "@kbn/core-application-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-common'] --- import kbnCoreApplicationCommonObj from './kbn_core_application_common.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_internal.mdx b/api_docs/kbn_core_apps_browser_internal.mdx index 1932dcde3a47d0..075bbecb17e059 100644 --- a/api_docs/kbn_core_apps_browser_internal.mdx +++ b/api_docs/kbn_core_apps_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-internal title: "@kbn/core-apps-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-internal'] --- import kbnCoreAppsBrowserInternalObj from './kbn_core_apps_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_mocks.mdx b/api_docs/kbn_core_apps_browser_mocks.mdx index ca218c4bb3b46c..37544708a1d518 100644 --- a/api_docs/kbn_core_apps_browser_mocks.mdx +++ b/api_docs/kbn_core_apps_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-mocks title: "@kbn/core-apps-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-mocks'] --- import kbnCoreAppsBrowserMocksObj from './kbn_core_apps_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_apps_server_internal.mdx b/api_docs/kbn_core_apps_server_internal.mdx index 94c00ca4bc4d8c..a25c0a92566797 100644 --- a/api_docs/kbn_core_apps_server_internal.mdx +++ b/api_docs/kbn_core_apps_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-server-internal title: "@kbn/core-apps-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-server-internal'] --- import kbnCoreAppsServerInternalObj from './kbn_core_apps_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_browser_mocks.mdx b/api_docs/kbn_core_base_browser_mocks.mdx index 436797aae1867d..133fe8d5d0ac61 100644 --- a/api_docs/kbn_core_base_browser_mocks.mdx +++ b/api_docs/kbn_core_base_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-browser-mocks title: "@kbn/core-base-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-browser-mocks'] --- import kbnCoreBaseBrowserMocksObj from './kbn_core_base_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_base_common.mdx b/api_docs/kbn_core_base_common.mdx index e2685cb32eeae7..0f9fab7f9e10f9 100644 --- a/api_docs/kbn_core_base_common.mdx +++ b/api_docs/kbn_core_base_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-common title: "@kbn/core-base-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-common'] --- import kbnCoreBaseCommonObj from './kbn_core_base_common.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_internal.mdx b/api_docs/kbn_core_base_server_internal.mdx index 391403e8eaf211..49a6bdb7980514 100644 --- a/api_docs/kbn_core_base_server_internal.mdx +++ b/api_docs/kbn_core_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-internal title: "@kbn/core-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-internal'] --- import kbnCoreBaseServerInternalObj from './kbn_core_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_mocks.mdx b/api_docs/kbn_core_base_server_mocks.mdx index 63bea1d19c0cd1..66724a4ae24ed3 100644 --- a/api_docs/kbn_core_base_server_mocks.mdx +++ b/api_docs/kbn_core_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-mocks title: "@kbn/core-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-mocks'] --- import kbnCoreBaseServerMocksObj from './kbn_core_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_browser_mocks.mdx b/api_docs/kbn_core_capabilities_browser_mocks.mdx index 092bd2e6b022a3..4e2b39ba4be196 100644 --- a/api_docs/kbn_core_capabilities_browser_mocks.mdx +++ b/api_docs/kbn_core_capabilities_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-browser-mocks title: "@kbn/core-capabilities-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-browser-mocks'] --- import kbnCoreCapabilitiesBrowserMocksObj from './kbn_core_capabilities_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_common.mdx b/api_docs/kbn_core_capabilities_common.mdx index f720b9bc00c637..2e5d3e00b298cf 100644 --- a/api_docs/kbn_core_capabilities_common.mdx +++ b/api_docs/kbn_core_capabilities_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-common title: "@kbn/core-capabilities-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-common'] --- import kbnCoreCapabilitiesCommonObj from './kbn_core_capabilities_common.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server.mdx b/api_docs/kbn_core_capabilities_server.mdx index bfb8dc7151ad17..a6766739a208c7 100644 --- a/api_docs/kbn_core_capabilities_server.mdx +++ b/api_docs/kbn_core_capabilities_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server title: "@kbn/core-capabilities-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server'] --- import kbnCoreCapabilitiesServerObj from './kbn_core_capabilities_server.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server_mocks.mdx b/api_docs/kbn_core_capabilities_server_mocks.mdx index 5eb95864800a19..498ced31dfea0a 100644 --- a/api_docs/kbn_core_capabilities_server_mocks.mdx +++ b/api_docs/kbn_core_capabilities_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server-mocks title: "@kbn/core-capabilities-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server-mocks'] --- import kbnCoreCapabilitiesServerMocksObj from './kbn_core_capabilities_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser.mdx b/api_docs/kbn_core_chrome_browser.mdx index ce1e91fcccef2c..16f1e6544cb752 100644 --- a/api_docs/kbn_core_chrome_browser.mdx +++ b/api_docs/kbn_core_chrome_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser title: "@kbn/core-chrome-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser'] --- import kbnCoreChromeBrowserObj from './kbn_core_chrome_browser.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser_mocks.mdx b/api_docs/kbn_core_chrome_browser_mocks.mdx index 7405bd06d70b9b..94b411a5918f87 100644 --- a/api_docs/kbn_core_chrome_browser_mocks.mdx +++ b/api_docs/kbn_core_chrome_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser-mocks title: "@kbn/core-chrome-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser-mocks'] --- import kbnCoreChromeBrowserMocksObj from './kbn_core_chrome_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_config_server_internal.mdx b/api_docs/kbn_core_config_server_internal.mdx index fc2d5b967447cd..149fa36665049e 100644 --- a/api_docs/kbn_core_config_server_internal.mdx +++ b/api_docs/kbn_core_config_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-config-server-internal title: "@kbn/core-config-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-config-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-config-server-internal'] --- import kbnCoreConfigServerInternalObj from './kbn_core_config_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser.mdx b/api_docs/kbn_core_custom_branding_browser.mdx index c7e24a0095dc9f..012d3778700f2c 100644 --- a/api_docs/kbn_core_custom_branding_browser.mdx +++ b/api_docs/kbn_core_custom_branding_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser title: "@kbn/core-custom-branding-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser'] --- import kbnCoreCustomBrandingBrowserObj from './kbn_core_custom_branding_browser.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_internal.mdx b/api_docs/kbn_core_custom_branding_browser_internal.mdx index 5623b0765bc44a..17629f45e1a681 100644 --- a/api_docs/kbn_core_custom_branding_browser_internal.mdx +++ b/api_docs/kbn_core_custom_branding_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-internal title: "@kbn/core-custom-branding-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-internal'] --- import kbnCoreCustomBrandingBrowserInternalObj from './kbn_core_custom_branding_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_mocks.mdx b/api_docs/kbn_core_custom_branding_browser_mocks.mdx index 59de9355d81cfe..08bbfa9b2a7b59 100644 --- a/api_docs/kbn_core_custom_branding_browser_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-mocks title: "@kbn/core-custom-branding-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-mocks'] --- import kbnCoreCustomBrandingBrowserMocksObj from './kbn_core_custom_branding_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_common.mdx b/api_docs/kbn_core_custom_branding_common.mdx index 5c27f728491dd5..25a383ca1fce5a 100644 --- a/api_docs/kbn_core_custom_branding_common.mdx +++ b/api_docs/kbn_core_custom_branding_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-common title: "@kbn/core-custom-branding-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-common'] --- import kbnCoreCustomBrandingCommonObj from './kbn_core_custom_branding_common.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server.mdx b/api_docs/kbn_core_custom_branding_server.mdx index 6aa4fe87e44cf7..f1b9bb01731e16 100644 --- a/api_docs/kbn_core_custom_branding_server.mdx +++ b/api_docs/kbn_core_custom_branding_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server title: "@kbn/core-custom-branding-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server'] --- import kbnCoreCustomBrandingServerObj from './kbn_core_custom_branding_server.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_internal.mdx b/api_docs/kbn_core_custom_branding_server_internal.mdx index a85f9ccdf1ea86..a684b9c852c0bd 100644 --- a/api_docs/kbn_core_custom_branding_server_internal.mdx +++ b/api_docs/kbn_core_custom_branding_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-internal title: "@kbn/core-custom-branding-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-internal'] --- import kbnCoreCustomBrandingServerInternalObj from './kbn_core_custom_branding_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_mocks.mdx b/api_docs/kbn_core_custom_branding_server_mocks.mdx index f44d37a55e645e..d0972edc825610 100644 --- a/api_docs/kbn_core_custom_branding_server_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-mocks title: "@kbn/core-custom-branding-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-mocks'] --- import kbnCoreCustomBrandingServerMocksObj from './kbn_core_custom_branding_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser.mdx b/api_docs/kbn_core_deprecations_browser.mdx index 91bd1367a3a5c5..a4c0a8e724f3a5 100644 --- a/api_docs/kbn_core_deprecations_browser.mdx +++ b/api_docs/kbn_core_deprecations_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser title: "@kbn/core-deprecations-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser'] --- import kbnCoreDeprecationsBrowserObj from './kbn_core_deprecations_browser.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_internal.mdx b/api_docs/kbn_core_deprecations_browser_internal.mdx index f109d2aedc03e3..31bdd83f4034d8 100644 --- a/api_docs/kbn_core_deprecations_browser_internal.mdx +++ b/api_docs/kbn_core_deprecations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-internal title: "@kbn/core-deprecations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-internal'] --- import kbnCoreDeprecationsBrowserInternalObj from './kbn_core_deprecations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_mocks.mdx b/api_docs/kbn_core_deprecations_browser_mocks.mdx index 5a1c4769a1e9ac..158fa044965949 100644 --- a/api_docs/kbn_core_deprecations_browser_mocks.mdx +++ b/api_docs/kbn_core_deprecations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-mocks title: "@kbn/core-deprecations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-mocks'] --- import kbnCoreDeprecationsBrowserMocksObj from './kbn_core_deprecations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_common.mdx b/api_docs/kbn_core_deprecations_common.mdx index 572d35a1c4528a..8d66bf1e64afbb 100644 --- a/api_docs/kbn_core_deprecations_common.mdx +++ b/api_docs/kbn_core_deprecations_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-common title: "@kbn/core-deprecations-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-common'] --- import kbnCoreDeprecationsCommonObj from './kbn_core_deprecations_common.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server.mdx b/api_docs/kbn_core_deprecations_server.mdx index 3cd81eb0286853..fbacc80f479ca4 100644 --- a/api_docs/kbn_core_deprecations_server.mdx +++ b/api_docs/kbn_core_deprecations_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server title: "@kbn/core-deprecations-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server'] --- import kbnCoreDeprecationsServerObj from './kbn_core_deprecations_server.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_internal.mdx b/api_docs/kbn_core_deprecations_server_internal.mdx index 7fe96775f1c5b1..daddc536a39d58 100644 --- a/api_docs/kbn_core_deprecations_server_internal.mdx +++ b/api_docs/kbn_core_deprecations_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-internal title: "@kbn/core-deprecations-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-internal'] --- import kbnCoreDeprecationsServerInternalObj from './kbn_core_deprecations_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_mocks.mdx b/api_docs/kbn_core_deprecations_server_mocks.mdx index bfd8bdc08926f9..89f35897122000 100644 --- a/api_docs/kbn_core_deprecations_server_mocks.mdx +++ b/api_docs/kbn_core_deprecations_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-mocks title: "@kbn/core-deprecations-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-mocks'] --- import kbnCoreDeprecationsServerMocksObj from './kbn_core_deprecations_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser.mdx b/api_docs/kbn_core_doc_links_browser.mdx index b64978c06220fa..71117c0ecb98eb 100644 --- a/api_docs/kbn_core_doc_links_browser.mdx +++ b/api_docs/kbn_core_doc_links_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser title: "@kbn/core-doc-links-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser'] --- import kbnCoreDocLinksBrowserObj from './kbn_core_doc_links_browser.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser_mocks.mdx b/api_docs/kbn_core_doc_links_browser_mocks.mdx index 52153034f0e71b..c648ea0f233d2c 100644 --- a/api_docs/kbn_core_doc_links_browser_mocks.mdx +++ b/api_docs/kbn_core_doc_links_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser-mocks title: "@kbn/core-doc-links-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser-mocks'] --- import kbnCoreDocLinksBrowserMocksObj from './kbn_core_doc_links_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server.mdx b/api_docs/kbn_core_doc_links_server.mdx index 1c4580d4c94c37..234fe1c5643402 100644 --- a/api_docs/kbn_core_doc_links_server.mdx +++ b/api_docs/kbn_core_doc_links_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server title: "@kbn/core-doc-links-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server'] --- import kbnCoreDocLinksServerObj from './kbn_core_doc_links_server.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server_mocks.mdx b/api_docs/kbn_core_doc_links_server_mocks.mdx index 0fe07a269cc0f2..b4cf0e2960f3c5 100644 --- a/api_docs/kbn_core_doc_links_server_mocks.mdx +++ b/api_docs/kbn_core_doc_links_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server-mocks title: "@kbn/core-doc-links-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server-mocks'] --- import kbnCoreDocLinksServerMocksObj from './kbn_core_doc_links_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx index cbfb2eb65187d0..07637ef174cf48 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-internal title: "@kbn/core-elasticsearch-client-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-internal'] --- import kbnCoreElasticsearchClientServerInternalObj from './kbn_core_elasticsearch_client_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx index 516218e676ee5a..c77a142339c07d 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-mocks title: "@kbn/core-elasticsearch-client-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-mocks'] --- import kbnCoreElasticsearchClientServerMocksObj from './kbn_core_elasticsearch_client_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server.mdx b/api_docs/kbn_core_elasticsearch_server.mdx index 1ec946214aa74b..999e8e7e8de25d 100644 --- a/api_docs/kbn_core_elasticsearch_server.mdx +++ b/api_docs/kbn_core_elasticsearch_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server title: "@kbn/core-elasticsearch-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server'] --- import kbnCoreElasticsearchServerObj from './kbn_core_elasticsearch_server.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_internal.mdx b/api_docs/kbn_core_elasticsearch_server_internal.mdx index 66df620a8d53b2..840d0a3ff5a01a 100644 --- a/api_docs/kbn_core_elasticsearch_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-internal title: "@kbn/core-elasticsearch-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-internal'] --- import kbnCoreElasticsearchServerInternalObj from './kbn_core_elasticsearch_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_server_mocks.mdx index 4c0e475c569524..218f8277240d9c 100644 --- a/api_docs/kbn_core_elasticsearch_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-mocks title: "@kbn/core-elasticsearch-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-mocks'] --- import kbnCoreElasticsearchServerMocksObj from './kbn_core_elasticsearch_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_internal.mdx b/api_docs/kbn_core_environment_server_internal.mdx index 44289fcc521c9c..221ddea8c4fe05 100644 --- a/api_docs/kbn_core_environment_server_internal.mdx +++ b/api_docs/kbn_core_environment_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-internal title: "@kbn/core-environment-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-internal'] --- import kbnCoreEnvironmentServerInternalObj from './kbn_core_environment_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_mocks.mdx b/api_docs/kbn_core_environment_server_mocks.mdx index a3e2cb37025087..f60a07ea83af38 100644 --- a/api_docs/kbn_core_environment_server_mocks.mdx +++ b/api_docs/kbn_core_environment_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-mocks title: "@kbn/core-environment-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-mocks'] --- import kbnCoreEnvironmentServerMocksObj from './kbn_core_environment_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser.mdx b/api_docs/kbn_core_execution_context_browser.mdx index 61bf94316f8503..52e645c46bcbcf 100644 --- a/api_docs/kbn_core_execution_context_browser.mdx +++ b/api_docs/kbn_core_execution_context_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser title: "@kbn/core-execution-context-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser'] --- import kbnCoreExecutionContextBrowserObj from './kbn_core_execution_context_browser.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_internal.mdx b/api_docs/kbn_core_execution_context_browser_internal.mdx index e9386fa60e6183..e8a6d538b29482 100644 --- a/api_docs/kbn_core_execution_context_browser_internal.mdx +++ b/api_docs/kbn_core_execution_context_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-internal title: "@kbn/core-execution-context-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-internal'] --- import kbnCoreExecutionContextBrowserInternalObj from './kbn_core_execution_context_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_mocks.mdx b/api_docs/kbn_core_execution_context_browser_mocks.mdx index 0a762ea6b382cc..446f3b905f8364 100644 --- a/api_docs/kbn_core_execution_context_browser_mocks.mdx +++ b/api_docs/kbn_core_execution_context_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-mocks title: "@kbn/core-execution-context-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-mocks'] --- import kbnCoreExecutionContextBrowserMocksObj from './kbn_core_execution_context_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_common.mdx b/api_docs/kbn_core_execution_context_common.mdx index f841aaca7b8c51..6a89b3ba9c0519 100644 --- a/api_docs/kbn_core_execution_context_common.mdx +++ b/api_docs/kbn_core_execution_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-common title: "@kbn/core-execution-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-common'] --- import kbnCoreExecutionContextCommonObj from './kbn_core_execution_context_common.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server.mdx b/api_docs/kbn_core_execution_context_server.mdx index 519491e41a6288..fc528df2a4b5a8 100644 --- a/api_docs/kbn_core_execution_context_server.mdx +++ b/api_docs/kbn_core_execution_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server title: "@kbn/core-execution-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server'] --- import kbnCoreExecutionContextServerObj from './kbn_core_execution_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_internal.mdx b/api_docs/kbn_core_execution_context_server_internal.mdx index 650ad2380c1c22..e881ccff0771c3 100644 --- a/api_docs/kbn_core_execution_context_server_internal.mdx +++ b/api_docs/kbn_core_execution_context_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-internal title: "@kbn/core-execution-context-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-internal'] --- import kbnCoreExecutionContextServerInternalObj from './kbn_core_execution_context_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_mocks.mdx b/api_docs/kbn_core_execution_context_server_mocks.mdx index 0f70f7d50282e6..84fbb1d5066adf 100644 --- a/api_docs/kbn_core_execution_context_server_mocks.mdx +++ b/api_docs/kbn_core_execution_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-mocks title: "@kbn/core-execution-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-mocks'] --- import kbnCoreExecutionContextServerMocksObj from './kbn_core_execution_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser.mdx b/api_docs/kbn_core_fatal_errors_browser.mdx index a0b31df8b4f462..c8da277c442f2d 100644 --- a/api_docs/kbn_core_fatal_errors_browser.mdx +++ b/api_docs/kbn_core_fatal_errors_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser title: "@kbn/core-fatal-errors-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser'] --- import kbnCoreFatalErrorsBrowserObj from './kbn_core_fatal_errors_browser.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx index 3933183c765d2a..02f5646698c32a 100644 --- a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx +++ b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser-mocks title: "@kbn/core-fatal-errors-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser-mocks'] --- import kbnCoreFatalErrorsBrowserMocksObj from './kbn_core_fatal_errors_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser.mdx b/api_docs/kbn_core_http_browser.mdx index 3819da2c492c94..df3f206cdd49f8 100644 --- a/api_docs/kbn_core_http_browser.mdx +++ b/api_docs/kbn_core_http_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser title: "@kbn/core-http-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser'] --- import kbnCoreHttpBrowserObj from './kbn_core_http_browser.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_internal.mdx b/api_docs/kbn_core_http_browser_internal.mdx index 413472b0d6f64b..6e502193079c99 100644 --- a/api_docs/kbn_core_http_browser_internal.mdx +++ b/api_docs/kbn_core_http_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-internal title: "@kbn/core-http-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-internal'] --- import kbnCoreHttpBrowserInternalObj from './kbn_core_http_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_mocks.mdx b/api_docs/kbn_core_http_browser_mocks.mdx index b44a7b09308e00..d222022972a9e3 100644 --- a/api_docs/kbn_core_http_browser_mocks.mdx +++ b/api_docs/kbn_core_http_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-mocks title: "@kbn/core-http-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-mocks'] --- import kbnCoreHttpBrowserMocksObj from './kbn_core_http_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_common.mdx b/api_docs/kbn_core_http_common.mdx index 089e389431685d..e08c254c9782a8 100644 --- a/api_docs/kbn_core_http_common.mdx +++ b/api_docs/kbn_core_http_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-common title: "@kbn/core-http-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-common'] --- import kbnCoreHttpCommonObj from './kbn_core_http_common.devdocs.json'; diff --git a/api_docs/kbn_core_http_context_server_mocks.mdx b/api_docs/kbn_core_http_context_server_mocks.mdx index 1f839e51297f42..d086ad563063b9 100644 --- a/api_docs/kbn_core_http_context_server_mocks.mdx +++ b/api_docs/kbn_core_http_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-context-server-mocks title: "@kbn/core-http-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-context-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-context-server-mocks'] --- import kbnCoreHttpContextServerMocksObj from './kbn_core_http_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_request_handler_context_server.mdx b/api_docs/kbn_core_http_request_handler_context_server.mdx index 8335df4c3e1bc3..853e9310ddb7b2 100644 --- a/api_docs/kbn_core_http_request_handler_context_server.mdx +++ b/api_docs/kbn_core_http_request_handler_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-request-handler-context-server title: "@kbn/core-http-request-handler-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-request-handler-context-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-request-handler-context-server'] --- import kbnCoreHttpRequestHandlerContextServerObj from './kbn_core_http_request_handler_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server.mdx b/api_docs/kbn_core_http_resources_server.mdx index c458757937705a..23bbbdcf3499bd 100644 --- a/api_docs/kbn_core_http_resources_server.mdx +++ b/api_docs/kbn_core_http_resources_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server title: "@kbn/core-http-resources-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server'] --- import kbnCoreHttpResourcesServerObj from './kbn_core_http_resources_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_internal.mdx b/api_docs/kbn_core_http_resources_server_internal.mdx index 86ffe0267a9528..8780809e2d14fe 100644 --- a/api_docs/kbn_core_http_resources_server_internal.mdx +++ b/api_docs/kbn_core_http_resources_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-internal title: "@kbn/core-http-resources-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-internal'] --- import kbnCoreHttpResourcesServerInternalObj from './kbn_core_http_resources_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_mocks.mdx b/api_docs/kbn_core_http_resources_server_mocks.mdx index 1c1935c5753844..0a9e58c7ee959a 100644 --- a/api_docs/kbn_core_http_resources_server_mocks.mdx +++ b/api_docs/kbn_core_http_resources_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-mocks title: "@kbn/core-http-resources-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-mocks'] --- import kbnCoreHttpResourcesServerMocksObj from './kbn_core_http_resources_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_internal.mdx b/api_docs/kbn_core_http_router_server_internal.mdx index 2624d8d35c719d..a8a077fd94dc55 100644 --- a/api_docs/kbn_core_http_router_server_internal.mdx +++ b/api_docs/kbn_core_http_router_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-internal title: "@kbn/core-http-router-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-internal'] --- import kbnCoreHttpRouterServerInternalObj from './kbn_core_http_router_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_mocks.mdx b/api_docs/kbn_core_http_router_server_mocks.mdx index 6429b4c5b1194f..c640879ca2530b 100644 --- a/api_docs/kbn_core_http_router_server_mocks.mdx +++ b/api_docs/kbn_core_http_router_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-mocks title: "@kbn/core-http-router-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-mocks'] --- import kbnCoreHttpRouterServerMocksObj from './kbn_core_http_router_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_server.mdx b/api_docs/kbn_core_http_server.mdx index 16147e901d3317..4805ec40dc10f1 100644 --- a/api_docs/kbn_core_http_server.mdx +++ b/api_docs/kbn_core_http_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server title: "@kbn/core-http-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server'] --- import kbnCoreHttpServerObj from './kbn_core_http_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_internal.mdx b/api_docs/kbn_core_http_server_internal.mdx index 9c97b619c4ddee..d52f85a688a128 100644 --- a/api_docs/kbn_core_http_server_internal.mdx +++ b/api_docs/kbn_core_http_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-internal title: "@kbn/core-http-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-internal'] --- import kbnCoreHttpServerInternalObj from './kbn_core_http_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_mocks.mdx b/api_docs/kbn_core_http_server_mocks.mdx index 21eca4d004303e..244728d0db23db 100644 --- a/api_docs/kbn_core_http_server_mocks.mdx +++ b/api_docs/kbn_core_http_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-mocks title: "@kbn/core-http-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-mocks'] --- import kbnCoreHttpServerMocksObj from './kbn_core_http_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser.mdx b/api_docs/kbn_core_i18n_browser.mdx index 1b011b4bf8b99c..f20b13be73b1f7 100644 --- a/api_docs/kbn_core_i18n_browser.mdx +++ b/api_docs/kbn_core_i18n_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser title: "@kbn/core-i18n-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser'] --- import kbnCoreI18nBrowserObj from './kbn_core_i18n_browser.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser_mocks.mdx b/api_docs/kbn_core_i18n_browser_mocks.mdx index 63d52c29615aea..14203627e8649b 100644 --- a/api_docs/kbn_core_i18n_browser_mocks.mdx +++ b/api_docs/kbn_core_i18n_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser-mocks title: "@kbn/core-i18n-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser-mocks'] --- import kbnCoreI18nBrowserMocksObj from './kbn_core_i18n_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server.mdx b/api_docs/kbn_core_i18n_server.mdx index 15580dfceacf3f..21a460bedc49fa 100644 --- a/api_docs/kbn_core_i18n_server.mdx +++ b/api_docs/kbn_core_i18n_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server title: "@kbn/core-i18n-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server'] --- import kbnCoreI18nServerObj from './kbn_core_i18n_server.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_internal.mdx b/api_docs/kbn_core_i18n_server_internal.mdx index f3e37142260bf2..7a93bddca8c089 100644 --- a/api_docs/kbn_core_i18n_server_internal.mdx +++ b/api_docs/kbn_core_i18n_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-internal title: "@kbn/core-i18n-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-internal'] --- import kbnCoreI18nServerInternalObj from './kbn_core_i18n_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_mocks.mdx b/api_docs/kbn_core_i18n_server_mocks.mdx index 37db7637433792..270aaa1923d40d 100644 --- a/api_docs/kbn_core_i18n_server_mocks.mdx +++ b/api_docs/kbn_core_i18n_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-mocks title: "@kbn/core-i18n-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-mocks'] --- import kbnCoreI18nServerMocksObj from './kbn_core_i18n_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx index 035a064c56fa8a..e6698ca132b157 100644 --- a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx +++ b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-injected-metadata-browser-mocks title: "@kbn/core-injected-metadata-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-injected-metadata-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-injected-metadata-browser-mocks'] --- import kbnCoreInjectedMetadataBrowserMocksObj from './kbn_core_injected_metadata_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_internal.mdx b/api_docs/kbn_core_integrations_browser_internal.mdx index 4f3fc548fcd713..63088b8e229ca9 100644 --- a/api_docs/kbn_core_integrations_browser_internal.mdx +++ b/api_docs/kbn_core_integrations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-internal title: "@kbn/core-integrations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-internal'] --- import kbnCoreIntegrationsBrowserInternalObj from './kbn_core_integrations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_mocks.mdx b/api_docs/kbn_core_integrations_browser_mocks.mdx index e9bcd5ae93044e..fc9c382e955b12 100644 --- a/api_docs/kbn_core_integrations_browser_mocks.mdx +++ b/api_docs/kbn_core_integrations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-mocks title: "@kbn/core-integrations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-mocks'] --- import kbnCoreIntegrationsBrowserMocksObj from './kbn_core_integrations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser.mdx b/api_docs/kbn_core_lifecycle_browser.mdx index e69d95e45ec7e8..7747b1cb5305e6 100644 --- a/api_docs/kbn_core_lifecycle_browser.mdx +++ b/api_docs/kbn_core_lifecycle_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser title: "@kbn/core-lifecycle-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser'] --- import kbnCoreLifecycleBrowserObj from './kbn_core_lifecycle_browser.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser_mocks.mdx b/api_docs/kbn_core_lifecycle_browser_mocks.mdx index 977d5fe2f7e071..4fde81e439322c 100644 --- a/api_docs/kbn_core_lifecycle_browser_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser-mocks title: "@kbn/core-lifecycle-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser-mocks'] --- import kbnCoreLifecycleBrowserMocksObj from './kbn_core_lifecycle_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server.mdx b/api_docs/kbn_core_lifecycle_server.mdx index f1cd30a7d508c2..c00b4be0ed2cac 100644 --- a/api_docs/kbn_core_lifecycle_server.mdx +++ b/api_docs/kbn_core_lifecycle_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server title: "@kbn/core-lifecycle-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server'] --- import kbnCoreLifecycleServerObj from './kbn_core_lifecycle_server.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server_mocks.mdx b/api_docs/kbn_core_lifecycle_server_mocks.mdx index dbab3f8fa361ee..a903c8f0dc294a 100644 --- a/api_docs/kbn_core_lifecycle_server_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server-mocks title: "@kbn/core-lifecycle-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server-mocks'] --- import kbnCoreLifecycleServerMocksObj from './kbn_core_lifecycle_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_browser_mocks.mdx b/api_docs/kbn_core_logging_browser_mocks.mdx index fd19626a61c4f6..950ed3746892ad 100644 --- a/api_docs/kbn_core_logging_browser_mocks.mdx +++ b/api_docs/kbn_core_logging_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-browser-mocks title: "@kbn/core-logging-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-browser-mocks'] --- import kbnCoreLoggingBrowserMocksObj from './kbn_core_logging_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_common_internal.mdx b/api_docs/kbn_core_logging_common_internal.mdx index 17ac15852ee0f6..13e258dc2ca757 100644 --- a/api_docs/kbn_core_logging_common_internal.mdx +++ b/api_docs/kbn_core_logging_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-common-internal title: "@kbn/core-logging-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-common-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-common-internal'] --- import kbnCoreLoggingCommonInternalObj from './kbn_core_logging_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server.mdx b/api_docs/kbn_core_logging_server.mdx index 184c5c95e838b5..16b640036d70a4 100644 --- a/api_docs/kbn_core_logging_server.mdx +++ b/api_docs/kbn_core_logging_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server title: "@kbn/core-logging-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server'] --- import kbnCoreLoggingServerObj from './kbn_core_logging_server.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_internal.mdx b/api_docs/kbn_core_logging_server_internal.mdx index 1951dfe89d3df1..044ad95e9350f6 100644 --- a/api_docs/kbn_core_logging_server_internal.mdx +++ b/api_docs/kbn_core_logging_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-internal title: "@kbn/core-logging-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-internal'] --- import kbnCoreLoggingServerInternalObj from './kbn_core_logging_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_mocks.mdx b/api_docs/kbn_core_logging_server_mocks.mdx index 9fe71518912abc..f8d000cd6df18a 100644 --- a/api_docs/kbn_core_logging_server_mocks.mdx +++ b/api_docs/kbn_core_logging_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-mocks title: "@kbn/core-logging-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-mocks'] --- import kbnCoreLoggingServerMocksObj from './kbn_core_logging_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_internal.mdx b/api_docs/kbn_core_metrics_collectors_server_internal.mdx index 1fda18ce8b4057..41a8e2cad0d347 100644 --- a/api_docs/kbn_core_metrics_collectors_server_internal.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-internal title: "@kbn/core-metrics-collectors-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-internal'] --- import kbnCoreMetricsCollectorsServerInternalObj from './kbn_core_metrics_collectors_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx index 8323f1459dafae..5f59371d7fa1b4 100644 --- a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-mocks title: "@kbn/core-metrics-collectors-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-mocks'] --- import kbnCoreMetricsCollectorsServerMocksObj from './kbn_core_metrics_collectors_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server.mdx b/api_docs/kbn_core_metrics_server.mdx index b9dad74738ed7a..299a13ed365c85 100644 --- a/api_docs/kbn_core_metrics_server.mdx +++ b/api_docs/kbn_core_metrics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server title: "@kbn/core-metrics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server'] --- import kbnCoreMetricsServerObj from './kbn_core_metrics_server.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_internal.mdx b/api_docs/kbn_core_metrics_server_internal.mdx index ee79e4012eddc6..ed8a8a74a05323 100644 --- a/api_docs/kbn_core_metrics_server_internal.mdx +++ b/api_docs/kbn_core_metrics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-internal title: "@kbn/core-metrics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-internal'] --- import kbnCoreMetricsServerInternalObj from './kbn_core_metrics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_mocks.mdx b/api_docs/kbn_core_metrics_server_mocks.mdx index c1002fcc6107f9..9b9823d0054077 100644 --- a/api_docs/kbn_core_metrics_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-mocks title: "@kbn/core-metrics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-mocks'] --- import kbnCoreMetricsServerMocksObj from './kbn_core_metrics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_mount_utils_browser.mdx b/api_docs/kbn_core_mount_utils_browser.mdx index a2a6a998125733..30d25035043bac 100644 --- a/api_docs/kbn_core_mount_utils_browser.mdx +++ b/api_docs/kbn_core_mount_utils_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-mount-utils-browser title: "@kbn/core-mount-utils-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-mount-utils-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-mount-utils-browser'] --- import kbnCoreMountUtilsBrowserObj from './kbn_core_mount_utils_browser.devdocs.json'; diff --git a/api_docs/kbn_core_node_server.mdx b/api_docs/kbn_core_node_server.mdx index 7e3ae64377268a..3e1f5c0c27290e 100644 --- a/api_docs/kbn_core_node_server.mdx +++ b/api_docs/kbn_core_node_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server title: "@kbn/core-node-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server'] --- import kbnCoreNodeServerObj from './kbn_core_node_server.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_internal.mdx b/api_docs/kbn_core_node_server_internal.mdx index b65b6c125b01e4..7c5db21547447e 100644 --- a/api_docs/kbn_core_node_server_internal.mdx +++ b/api_docs/kbn_core_node_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-internal title: "@kbn/core-node-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-internal'] --- import kbnCoreNodeServerInternalObj from './kbn_core_node_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_mocks.mdx b/api_docs/kbn_core_node_server_mocks.mdx index 876c93f78e574f..efd9b5fbbfec0c 100644 --- a/api_docs/kbn_core_node_server_mocks.mdx +++ b/api_docs/kbn_core_node_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-mocks title: "@kbn/core-node-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-mocks'] --- import kbnCoreNodeServerMocksObj from './kbn_core_node_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser.mdx b/api_docs/kbn_core_notifications_browser.mdx index c4ed79a951dbe6..fa45a22c1d4a6e 100644 --- a/api_docs/kbn_core_notifications_browser.mdx +++ b/api_docs/kbn_core_notifications_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser title: "@kbn/core-notifications-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser'] --- import kbnCoreNotificationsBrowserObj from './kbn_core_notifications_browser.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_internal.mdx b/api_docs/kbn_core_notifications_browser_internal.mdx index 57946f420f7e7c..4b68cf74c1be98 100644 --- a/api_docs/kbn_core_notifications_browser_internal.mdx +++ b/api_docs/kbn_core_notifications_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-internal title: "@kbn/core-notifications-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-internal'] --- import kbnCoreNotificationsBrowserInternalObj from './kbn_core_notifications_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_mocks.mdx b/api_docs/kbn_core_notifications_browser_mocks.mdx index ebbff5ba5ade1b..5517b40593197f 100644 --- a/api_docs/kbn_core_notifications_browser_mocks.mdx +++ b/api_docs/kbn_core_notifications_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-mocks title: "@kbn/core-notifications-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-mocks'] --- import kbnCoreNotificationsBrowserMocksObj from './kbn_core_notifications_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser.mdx b/api_docs/kbn_core_overlays_browser.mdx index 99f04fefa235b7..57e71cb66b7119 100644 --- a/api_docs/kbn_core_overlays_browser.mdx +++ b/api_docs/kbn_core_overlays_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser title: "@kbn/core-overlays-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser'] --- import kbnCoreOverlaysBrowserObj from './kbn_core_overlays_browser.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_internal.mdx b/api_docs/kbn_core_overlays_browser_internal.mdx index ff70e0182cbcb9..23e2fcc52f7621 100644 --- a/api_docs/kbn_core_overlays_browser_internal.mdx +++ b/api_docs/kbn_core_overlays_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-internal title: "@kbn/core-overlays-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-internal'] --- import kbnCoreOverlaysBrowserInternalObj from './kbn_core_overlays_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_mocks.mdx b/api_docs/kbn_core_overlays_browser_mocks.mdx index 662c77c6abe44c..b513a6a0210b3e 100644 --- a/api_docs/kbn_core_overlays_browser_mocks.mdx +++ b/api_docs/kbn_core_overlays_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-mocks title: "@kbn/core-overlays-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-mocks'] --- import kbnCoreOverlaysBrowserMocksObj from './kbn_core_overlays_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser.mdx b/api_docs/kbn_core_plugins_browser.mdx index 5979e283376dc3..80f96840b3a511 100644 --- a/api_docs/kbn_core_plugins_browser.mdx +++ b/api_docs/kbn_core_plugins_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser title: "@kbn/core-plugins-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser'] --- import kbnCorePluginsBrowserObj from './kbn_core_plugins_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser_mocks.mdx b/api_docs/kbn_core_plugins_browser_mocks.mdx index d96fdc72f4b3b0..653a2a64fa703d 100644 --- a/api_docs/kbn_core_plugins_browser_mocks.mdx +++ b/api_docs/kbn_core_plugins_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser-mocks title: "@kbn/core-plugins-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser-mocks'] --- import kbnCorePluginsBrowserMocksObj from './kbn_core_plugins_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_browser.mdx b/api_docs/kbn_core_plugins_contracts_browser.mdx index 2a11d8a6073c31..1249b549641b30 100644 --- a/api_docs/kbn_core_plugins_contracts_browser.mdx +++ b/api_docs/kbn_core_plugins_contracts_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-browser title: "@kbn/core-plugins-contracts-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-browser'] --- import kbnCorePluginsContractsBrowserObj from './kbn_core_plugins_contracts_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_server.mdx b/api_docs/kbn_core_plugins_contracts_server.mdx index 7cfe98b1ed3766..2cb14668eeeaea 100644 --- a/api_docs/kbn_core_plugins_contracts_server.mdx +++ b/api_docs/kbn_core_plugins_contracts_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-server title: "@kbn/core-plugins-contracts-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-server'] --- import kbnCorePluginsContractsServerObj from './kbn_core_plugins_contracts_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server.mdx b/api_docs/kbn_core_plugins_server.mdx index 889f0522e04002..0d7e55ef7fa246 100644 --- a/api_docs/kbn_core_plugins_server.mdx +++ b/api_docs/kbn_core_plugins_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server title: "@kbn/core-plugins-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server'] --- import kbnCorePluginsServerObj from './kbn_core_plugins_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server_mocks.mdx b/api_docs/kbn_core_plugins_server_mocks.mdx index 97e33bc936cec5..944d0697e3b810 100644 --- a/api_docs/kbn_core_plugins_server_mocks.mdx +++ b/api_docs/kbn_core_plugins_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server-mocks title: "@kbn/core-plugins-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server-mocks'] --- import kbnCorePluginsServerMocksObj from './kbn_core_plugins_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server.mdx b/api_docs/kbn_core_preboot_server.mdx index e513b39f126edd..aec40c6dce2083 100644 --- a/api_docs/kbn_core_preboot_server.mdx +++ b/api_docs/kbn_core_preboot_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server title: "@kbn/core-preboot-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server'] --- import kbnCorePrebootServerObj from './kbn_core_preboot_server.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server_mocks.mdx b/api_docs/kbn_core_preboot_server_mocks.mdx index 12546fe2a56d4e..bdfb9e4732c02c 100644 --- a/api_docs/kbn_core_preboot_server_mocks.mdx +++ b/api_docs/kbn_core_preboot_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server-mocks title: "@kbn/core-preboot-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server-mocks'] --- import kbnCorePrebootServerMocksObj from './kbn_core_preboot_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_browser_mocks.mdx b/api_docs/kbn_core_rendering_browser_mocks.mdx index 563d0db07b30ad..7379d7314fd796 100644 --- a/api_docs/kbn_core_rendering_browser_mocks.mdx +++ b/api_docs/kbn_core_rendering_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-browser-mocks title: "@kbn/core-rendering-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-browser-mocks'] --- import kbnCoreRenderingBrowserMocksObj from './kbn_core_rendering_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_internal.mdx b/api_docs/kbn_core_rendering_server_internal.mdx index bcdd352aac65c7..7af41059a03254 100644 --- a/api_docs/kbn_core_rendering_server_internal.mdx +++ b/api_docs/kbn_core_rendering_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-internal title: "@kbn/core-rendering-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-internal'] --- import kbnCoreRenderingServerInternalObj from './kbn_core_rendering_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_mocks.mdx b/api_docs/kbn_core_rendering_server_mocks.mdx index ab5f69f88b93dc..db90a4d6ba3176 100644 --- a/api_docs/kbn_core_rendering_server_mocks.mdx +++ b/api_docs/kbn_core_rendering_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-mocks title: "@kbn/core-rendering-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-mocks'] --- import kbnCoreRenderingServerMocksObj from './kbn_core_rendering_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_root_server_internal.mdx b/api_docs/kbn_core_root_server_internal.mdx index b5bbabf8f3423e..ad0186fed104e0 100644 --- a/api_docs/kbn_core_root_server_internal.mdx +++ b/api_docs/kbn_core_root_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-root-server-internal title: "@kbn/core-root-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-root-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-root-server-internal'] --- import kbnCoreRootServerInternalObj from './kbn_core_root_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_browser.mdx b/api_docs/kbn_core_saved_objects_api_browser.mdx index 58c712e564af48..1a07fde364f1a0 100644 --- a/api_docs/kbn_core_saved_objects_api_browser.mdx +++ b/api_docs/kbn_core_saved_objects_api_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-browser title: "@kbn/core-saved-objects-api-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-browser'] --- import kbnCoreSavedObjectsApiBrowserObj from './kbn_core_saved_objects_api_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server.mdx b/api_docs/kbn_core_saved_objects_api_server.mdx index 5fb942ed472363..21939150e979c3 100644 --- a/api_docs/kbn_core_saved_objects_api_server.mdx +++ b/api_docs/kbn_core_saved_objects_api_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server title: "@kbn/core-saved-objects-api-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server'] --- import kbnCoreSavedObjectsApiServerObj from './kbn_core_saved_objects_api_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx index 406f10dae499bc..4345d0e2cbd017 100644 --- a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server-mocks title: "@kbn/core-saved-objects-api-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server-mocks'] --- import kbnCoreSavedObjectsApiServerMocksObj from './kbn_core_saved_objects_api_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_internal.mdx b/api_docs/kbn_core_saved_objects_base_server_internal.mdx index c4b2ca14982af0..7e352ef3cf4c55 100644 --- a/api_docs/kbn_core_saved_objects_base_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-internal title: "@kbn/core-saved-objects-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-internal'] --- import kbnCoreSavedObjectsBaseServerInternalObj from './kbn_core_saved_objects_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx index 7a29e63f74d16b..220d3b99b512ba 100644 --- a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-mocks title: "@kbn/core-saved-objects-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-mocks'] --- import kbnCoreSavedObjectsBaseServerMocksObj from './kbn_core_saved_objects_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser.mdx b/api_docs/kbn_core_saved_objects_browser.mdx index c2c86eb57d244a..53c2af1ea4479d 100644 --- a/api_docs/kbn_core_saved_objects_browser.mdx +++ b/api_docs/kbn_core_saved_objects_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser title: "@kbn/core-saved-objects-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser'] --- import kbnCoreSavedObjectsBrowserObj from './kbn_core_saved_objects_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_internal.mdx b/api_docs/kbn_core_saved_objects_browser_internal.mdx index 37ab3eb5291dd3..94af7e2ad03730 100644 --- a/api_docs/kbn_core_saved_objects_browser_internal.mdx +++ b/api_docs/kbn_core_saved_objects_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-internal title: "@kbn/core-saved-objects-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-internal'] --- import kbnCoreSavedObjectsBrowserInternalObj from './kbn_core_saved_objects_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_mocks.mdx b/api_docs/kbn_core_saved_objects_browser_mocks.mdx index c4e77d0cee7274..45bfa55afa0b05 100644 --- a/api_docs/kbn_core_saved_objects_browser_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-mocks title: "@kbn/core-saved-objects-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-mocks'] --- import kbnCoreSavedObjectsBrowserMocksObj from './kbn_core_saved_objects_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_common.mdx b/api_docs/kbn_core_saved_objects_common.mdx index cd3afbd8d63835..141e41a7ac6a88 100644 --- a/api_docs/kbn_core_saved_objects_common.mdx +++ b/api_docs/kbn_core_saved_objects_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-common title: "@kbn/core-saved-objects-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-common'] --- import kbnCoreSavedObjectsCommonObj from './kbn_core_saved_objects_common.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx index 71eec5a7d3ff50..8695a33b845d10 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-internal title: "@kbn/core-saved-objects-import-export-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-internal'] --- import kbnCoreSavedObjectsImportExportServerInternalObj from './kbn_core_saved_objects_import_export_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx index af87b1132b7e7d..76c484025c00b2 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-mocks title: "@kbn/core-saved-objects-import-export-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-mocks'] --- import kbnCoreSavedObjectsImportExportServerMocksObj from './kbn_core_saved_objects_import_export_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx index f55eb471f2a0cc..2b10c291ca6972 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-internal title: "@kbn/core-saved-objects-migration-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-internal'] --- import kbnCoreSavedObjectsMigrationServerInternalObj from './kbn_core_saved_objects_migration_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx index e90b50e35b84df..3e4da598757df0 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-mocks title: "@kbn/core-saved-objects-migration-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-mocks'] --- import kbnCoreSavedObjectsMigrationServerMocksObj from './kbn_core_saved_objects_migration_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server.mdx b/api_docs/kbn_core_saved_objects_server.mdx index f196daef24be69..87b5b6fd05dd7a 100644 --- a/api_docs/kbn_core_saved_objects_server.mdx +++ b/api_docs/kbn_core_saved_objects_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server title: "@kbn/core-saved-objects-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server'] --- import kbnCoreSavedObjectsServerObj from './kbn_core_saved_objects_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_internal.mdx b/api_docs/kbn_core_saved_objects_server_internal.mdx index 3a5b03b96f4abd..b52ebd3690a588 100644 --- a/api_docs/kbn_core_saved_objects_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-internal title: "@kbn/core-saved-objects-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-internal'] --- import kbnCoreSavedObjectsServerInternalObj from './kbn_core_saved_objects_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_mocks.mdx b/api_docs/kbn_core_saved_objects_server_mocks.mdx index f28d90043de7a0..0374715542ebc1 100644 --- a/api_docs/kbn_core_saved_objects_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-mocks title: "@kbn/core-saved-objects-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-mocks'] --- import kbnCoreSavedObjectsServerMocksObj from './kbn_core_saved_objects_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_utils_server.mdx b/api_docs/kbn_core_saved_objects_utils_server.mdx index 2271152bd23773..2786fb415d2a90 100644 --- a/api_docs/kbn_core_saved_objects_utils_server.mdx +++ b/api_docs/kbn_core_saved_objects_utils_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-utils-server title: "@kbn/core-saved-objects-utils-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-utils-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-utils-server'] --- import kbnCoreSavedObjectsUtilsServerObj from './kbn_core_saved_objects_utils_server.devdocs.json'; diff --git a/api_docs/kbn_core_status_common.mdx b/api_docs/kbn_core_status_common.mdx index b3fade43c15de7..f322fac4c93f97 100644 --- a/api_docs/kbn_core_status_common.mdx +++ b/api_docs/kbn_core_status_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common title: "@kbn/core-status-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common'] --- import kbnCoreStatusCommonObj from './kbn_core_status_common.devdocs.json'; diff --git a/api_docs/kbn_core_status_common_internal.mdx b/api_docs/kbn_core_status_common_internal.mdx index 8b3151af99b479..39254035d3ecfd 100644 --- a/api_docs/kbn_core_status_common_internal.mdx +++ b/api_docs/kbn_core_status_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common-internal title: "@kbn/core-status-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common-internal'] --- import kbnCoreStatusCommonInternalObj from './kbn_core_status_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server.mdx b/api_docs/kbn_core_status_server.mdx index d0539dd404aaa7..7a4fbe9be16c8d 100644 --- a/api_docs/kbn_core_status_server.mdx +++ b/api_docs/kbn_core_status_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server title: "@kbn/core-status-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server'] --- import kbnCoreStatusServerObj from './kbn_core_status_server.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_internal.mdx b/api_docs/kbn_core_status_server_internal.mdx index 48715d5eeb8ead..9f0909d8c8cb6c 100644 --- a/api_docs/kbn_core_status_server_internal.mdx +++ b/api_docs/kbn_core_status_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-internal title: "@kbn/core-status-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-internal'] --- import kbnCoreStatusServerInternalObj from './kbn_core_status_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_mocks.mdx b/api_docs/kbn_core_status_server_mocks.mdx index efbd3cb294ef19..e97e9105b6b3d0 100644 --- a/api_docs/kbn_core_status_server_mocks.mdx +++ b/api_docs/kbn_core_status_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-mocks title: "@kbn/core-status-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-mocks'] --- import kbnCoreStatusServerMocksObj from './kbn_core_status_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx index d968791fb9e74f..4e7d764fef7342 100644 --- a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx +++ b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-deprecations-getters title: "@kbn/core-test-helpers-deprecations-getters" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-deprecations-getters plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-deprecations-getters'] --- import kbnCoreTestHelpersDeprecationsGettersObj from './kbn_core_test_helpers_deprecations_getters.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx index 019fc8605f430a..8ed48b359e5605 100644 --- a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx +++ b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-http-setup-browser title: "@kbn/core-test-helpers-http-setup-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-http-setup-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-http-setup-browser'] --- import kbnCoreTestHelpersHttpSetupBrowserObj from './kbn_core_test_helpers_http_setup_browser.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_kbn_server.mdx b/api_docs/kbn_core_test_helpers_kbn_server.mdx index 48fd816e0abe52..664d859671cfd0 100644 --- a/api_docs/kbn_core_test_helpers_kbn_server.mdx +++ b/api_docs/kbn_core_test_helpers_kbn_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-kbn-server title: "@kbn/core-test-helpers-kbn-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-kbn-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-kbn-server'] --- import kbnCoreTestHelpersKbnServerObj from './kbn_core_test_helpers_kbn_server.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_model_versions.mdx b/api_docs/kbn_core_test_helpers_model_versions.mdx index 3ee5efc4d02068..9df89898c6b224 100644 --- a/api_docs/kbn_core_test_helpers_model_versions.mdx +++ b/api_docs/kbn_core_test_helpers_model_versions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-model-versions title: "@kbn/core-test-helpers-model-versions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-model-versions plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-model-versions'] --- import kbnCoreTestHelpersModelVersionsObj from './kbn_core_test_helpers_model_versions.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx index da2e80f87aee1e..6e6e0657bcfa87 100644 --- a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx +++ b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-so-type-serializer title: "@kbn/core-test-helpers-so-type-serializer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-so-type-serializer plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-so-type-serializer'] --- import kbnCoreTestHelpersSoTypeSerializerObj from './kbn_core_test_helpers_so_type_serializer.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_test_utils.mdx b/api_docs/kbn_core_test_helpers_test_utils.mdx index ad542b8cdf9e9e..fc47046cc49a35 100644 --- a/api_docs/kbn_core_test_helpers_test_utils.mdx +++ b/api_docs/kbn_core_test_helpers_test_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-test-utils title: "@kbn/core-test-helpers-test-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-test-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-test-utils'] --- import kbnCoreTestHelpersTestUtilsObj from './kbn_core_test_helpers_test_utils.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser.mdx b/api_docs/kbn_core_theme_browser.mdx index e751a0e3cb66b1..6cd0189708317c 100644 --- a/api_docs/kbn_core_theme_browser.mdx +++ b/api_docs/kbn_core_theme_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser title: "@kbn/core-theme-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser'] --- import kbnCoreThemeBrowserObj from './kbn_core_theme_browser.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser_mocks.mdx b/api_docs/kbn_core_theme_browser_mocks.mdx index 85356ea918ed53..875904cd6ff04e 100644 --- a/api_docs/kbn_core_theme_browser_mocks.mdx +++ b/api_docs/kbn_core_theme_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser-mocks title: "@kbn/core-theme-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser-mocks'] --- import kbnCoreThemeBrowserMocksObj from './kbn_core_theme_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser.mdx b/api_docs/kbn_core_ui_settings_browser.mdx index 0bff09a952c685..473388766ad741 100644 --- a/api_docs/kbn_core_ui_settings_browser.mdx +++ b/api_docs/kbn_core_ui_settings_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser title: "@kbn/core-ui-settings-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser'] --- import kbnCoreUiSettingsBrowserObj from './kbn_core_ui_settings_browser.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_internal.mdx b/api_docs/kbn_core_ui_settings_browser_internal.mdx index c290b67a0afd9b..50f0f34e9ca64c 100644 --- a/api_docs/kbn_core_ui_settings_browser_internal.mdx +++ b/api_docs/kbn_core_ui_settings_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-internal title: "@kbn/core-ui-settings-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-internal'] --- import kbnCoreUiSettingsBrowserInternalObj from './kbn_core_ui_settings_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_mocks.mdx b/api_docs/kbn_core_ui_settings_browser_mocks.mdx index 207f5f09b57313..c5089386173859 100644 --- a/api_docs/kbn_core_ui_settings_browser_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-mocks title: "@kbn/core-ui-settings-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-mocks'] --- import kbnCoreUiSettingsBrowserMocksObj from './kbn_core_ui_settings_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_common.mdx b/api_docs/kbn_core_ui_settings_common.mdx index dcf575e18d9d02..d43b7d6dd11543 100644 --- a/api_docs/kbn_core_ui_settings_common.mdx +++ b/api_docs/kbn_core_ui_settings_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-common title: "@kbn/core-ui-settings-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-common'] --- import kbnCoreUiSettingsCommonObj from './kbn_core_ui_settings_common.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server.mdx b/api_docs/kbn_core_ui_settings_server.mdx index c72e821a69cb27..48680842fbb928 100644 --- a/api_docs/kbn_core_ui_settings_server.mdx +++ b/api_docs/kbn_core_ui_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server title: "@kbn/core-ui-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server'] --- import kbnCoreUiSettingsServerObj from './kbn_core_ui_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_internal.mdx b/api_docs/kbn_core_ui_settings_server_internal.mdx index 6854e76caa848a..76cb0ea66e0b69 100644 --- a/api_docs/kbn_core_ui_settings_server_internal.mdx +++ b/api_docs/kbn_core_ui_settings_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-internal title: "@kbn/core-ui-settings-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-internal'] --- import kbnCoreUiSettingsServerInternalObj from './kbn_core_ui_settings_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_mocks.mdx b/api_docs/kbn_core_ui_settings_server_mocks.mdx index 51578ddccb0b6a..f89be556c9535c 100644 --- a/api_docs/kbn_core_ui_settings_server_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-mocks title: "@kbn/core-ui-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-mocks'] --- import kbnCoreUiSettingsServerMocksObj from './kbn_core_ui_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server.mdx b/api_docs/kbn_core_usage_data_server.mdx index 58a59ec16dd77a..54044083584080 100644 --- a/api_docs/kbn_core_usage_data_server.mdx +++ b/api_docs/kbn_core_usage_data_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server title: "@kbn/core-usage-data-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server'] --- import kbnCoreUsageDataServerObj from './kbn_core_usage_data_server.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_internal.mdx b/api_docs/kbn_core_usage_data_server_internal.mdx index 4a51584904e112..ddd3619d913f1d 100644 --- a/api_docs/kbn_core_usage_data_server_internal.mdx +++ b/api_docs/kbn_core_usage_data_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-internal title: "@kbn/core-usage-data-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-internal'] --- import kbnCoreUsageDataServerInternalObj from './kbn_core_usage_data_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_mocks.mdx b/api_docs/kbn_core_usage_data_server_mocks.mdx index a534d737002762..46d50523cf9772 100644 --- a/api_docs/kbn_core_usage_data_server_mocks.mdx +++ b/api_docs/kbn_core_usage_data_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-mocks title: "@kbn/core-usage-data-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-mocks'] --- import kbnCoreUsageDataServerMocksObj from './kbn_core_usage_data_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server.mdx b/api_docs/kbn_core_user_settings_server.mdx index 023788dc0f44c0..ea81db9b5bc570 100644 --- a/api_docs/kbn_core_user_settings_server.mdx +++ b/api_docs/kbn_core_user_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server title: "@kbn/core-user-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server'] --- import kbnCoreUserSettingsServerObj from './kbn_core_user_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server_internal.mdx b/api_docs/kbn_core_user_settings_server_internal.mdx index 26e6458d9235bf..9140b5058ddb70 100644 --- a/api_docs/kbn_core_user_settings_server_internal.mdx +++ b/api_docs/kbn_core_user_settings_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server-internal title: "@kbn/core-user-settings-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server-internal plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server-internal'] --- import kbnCoreUserSettingsServerInternalObj from './kbn_core_user_settings_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server_mocks.mdx b/api_docs/kbn_core_user_settings_server_mocks.mdx index ebdb1898b7850a..91ba8ef78cf36a 100644 --- a/api_docs/kbn_core_user_settings_server_mocks.mdx +++ b/api_docs/kbn_core_user_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server-mocks title: "@kbn/core-user-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server-mocks'] --- import kbnCoreUserSettingsServerMocksObj from './kbn_core_user_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_crypto.mdx b/api_docs/kbn_crypto.mdx index 639da3133c3ce8..bb4e27dbdc21e8 100644 --- a/api_docs/kbn_crypto.mdx +++ b/api_docs/kbn_crypto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto title: "@kbn/crypto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto'] --- import kbnCryptoObj from './kbn_crypto.devdocs.json'; diff --git a/api_docs/kbn_crypto_browser.mdx b/api_docs/kbn_crypto_browser.mdx index 4d4135de0f95b2..9473e6ef4e7da0 100644 --- a/api_docs/kbn_crypto_browser.mdx +++ b/api_docs/kbn_crypto_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto-browser title: "@kbn/crypto-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto-browser'] --- import kbnCryptoBrowserObj from './kbn_crypto_browser.devdocs.json'; diff --git a/api_docs/kbn_custom_icons.devdocs.json b/api_docs/kbn_custom_icons.devdocs.json new file mode 100644 index 00000000000000..7bf78ecff15a24 --- /dev/null +++ b/api_docs/kbn_custom_icons.devdocs.json @@ -0,0 +1,369 @@ +{ + "id": "@kbn/custom-icons", + "client": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "server": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "common": { + "classes": [], + "functions": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.AgentIcon", + "type": "Function", + "tags": [], + "label": "AgentIcon", + "description": [], + "signature": [ + "({ agentName, size = 'l', ...props }: ", + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.AgentIconProps", + "text": "AgentIconProps" + }, + ") => JSX.Element" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.AgentIcon.$1", + "type": "Object", + "tags": [], + "label": "{ agentName, size = 'l', ...props }", + "description": [], + "signature": [ + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.AgentIconProps", + "text": "AgentIconProps" + } + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.CloudProviderIcon", + "type": "Function", + "tags": [], + "label": "CloudProviderIcon", + "description": [], + "signature": [ + "({ cloudProvider, ...props }: ", + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.CloudProviderIconProps", + "text": "CloudProviderIconProps" + }, + ") => JSX.Element" + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.CloudProviderIcon.$1", + "type": "Object", + "tags": [], + "label": "{ cloudProvider, ...props }", + "description": [], + "signature": [ + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.CloudProviderIconProps", + "text": "CloudProviderIconProps" + } + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getAgentIcon", + "type": "Function", + "tags": [], + "label": "getAgentIcon", + "description": [], + "signature": [ + "(agentName: string | undefined, isDarkMode: boolean) => string" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getAgentIcon.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getAgentIcon.$2", + "type": "boolean", + "tags": [], + "label": "isDarkMode", + "description": [], + "signature": [ + "boolean" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getCloudProviderIcon", + "type": "Function", + "tags": [], + "label": "getCloudProviderIcon", + "description": [], + "signature": [ + "(cloudProvider: ", + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.CloudProvider", + "text": "CloudProvider" + }, + ") => \"cloudSunny\" | \"logoAWS\" | \"logoAzure\" | \"logoGCP\"" + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getCloudProviderIcon.$1", + "type": "CompoundType", + "tags": [], + "label": "cloudProvider", + "description": [], + "signature": [ + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.CloudProvider", + "text": "CloudProvider" + } + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getServerlessIcon", + "type": "Function", + "tags": [], + "label": "getServerlessIcon", + "description": [], + "signature": [ + "(serverlessType: ", + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.ServerlessType", + "text": "ServerlessType" + }, + " | undefined) => string" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/get_serverless_icon.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getServerlessIcon.$1", + "type": "CompoundType", + "tags": [], + "label": "serverlessType", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.ServerlessType", + "text": "ServerlessType" + }, + " | undefined" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/get_serverless_icon.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + } + ], + "interfaces": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.AgentIconProps", + "type": "Interface", + "tags": [], + "label": "AgentIconProps", + "description": [], + "signature": [ + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.AgentIconProps", + "text": "AgentIconProps" + }, + " extends Omit<", + "EuiIconProps", + ", \"type\">" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.AgentIconProps.agentName", + "type": "CompoundType", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.AgentName", + "text": "AgentName" + }, + " | undefined" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/index.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.CloudProviderIconProps", + "type": "Interface", + "tags": [], + "label": "CloudProviderIconProps", + "description": [], + "signature": [ + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.CloudProviderIconProps", + "text": "CloudProviderIconProps" + }, + " extends Omit<", + "EuiIconProps", + ", \"type\">" + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.CloudProviderIconProps.cloudProvider", + "type": "CompoundType", + "tags": [], + "label": "cloudProvider", + "description": [], + "signature": [ + "\"aws\" | \"azure\" | \"gcp\" | \"unknownProvider\" | null | undefined" + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + } + ], + "enums": [], + "misc": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.CloudProvider", + "type": "Type", + "tags": [], + "label": "CloudProvider", + "description": [], + "signature": [ + "\"aws\" | \"azure\" | \"gcp\" | \"unknownProvider\" | null | undefined" + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + } + ], + "objects": [] + } +} \ No newline at end of file diff --git a/api_docs/kbn_custom_icons.mdx b/api_docs/kbn_custom_icons.mdx new file mode 100644 index 00000000000000..a530c63b54ce13 --- /dev/null +++ b/api_docs/kbn_custom_icons.mdx @@ -0,0 +1,36 @@ +--- +#### +#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system. +#### Reach out in #docs-engineering for more info. +#### +id: kibKbnCustomIconsPluginApi +slug: /kibana-dev-docs/api/kbn-custom-icons +title: "@kbn/custom-icons" +image: https://source.unsplash.com/400x175/?github +description: API docs for the @kbn/custom-icons plugin +date: 2023-11-21 +tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-icons'] +--- +import kbnCustomIconsObj from './kbn_custom_icons.devdocs.json'; + + + +Contact [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) for questions regarding this plugin. + +**Code health stats** + +| Public API count | Any count | Items lacking comments | Missing exports | +|-------------------|-----------|------------------------|-----------------| +| 16 | 0 | 16 | 0 | + +## Common + +### Functions + + +### Interfaces + + +### Consts, variables and types + + diff --git a/api_docs/kbn_custom_integrations.mdx b/api_docs/kbn_custom_integrations.mdx index c3c7c644cd2787..9bd7f13098f0f1 100644 --- a/api_docs/kbn_custom_integrations.mdx +++ b/api_docs/kbn_custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-integrations title: "@kbn/custom-integrations" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/custom-integrations plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-integrations'] --- import kbnCustomIntegrationsObj from './kbn_custom_integrations.devdocs.json'; diff --git a/api_docs/kbn_cypress_config.mdx b/api_docs/kbn_cypress_config.mdx index 304998f5c9c11e..c475e84616e81b 100644 --- a/api_docs/kbn_cypress_config.mdx +++ b/api_docs/kbn_cypress_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cypress-config title: "@kbn/cypress-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cypress-config plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cypress-config'] --- import kbnCypressConfigObj from './kbn_cypress_config.devdocs.json'; diff --git a/api_docs/kbn_data_service.mdx b/api_docs/kbn_data_service.mdx index 388323bc9ece98..dafcb8cc1ca205 100644 --- a/api_docs/kbn_data_service.mdx +++ b/api_docs/kbn_data_service.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-service title: "@kbn/data-service" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-service plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-service'] --- import kbnDataServiceObj from './kbn_data_service.devdocs.json'; diff --git a/api_docs/kbn_datemath.mdx b/api_docs/kbn_datemath.mdx index cf65b933467106..f7261735ec03bf 100644 --- a/api_docs/kbn_datemath.mdx +++ b/api_docs/kbn_datemath.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-datemath title: "@kbn/datemath" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/datemath plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/datemath'] --- import kbnDatemathObj from './kbn_datemath.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_analytics.mdx b/api_docs/kbn_deeplinks_analytics.mdx index 9080a68a684b95..2c5af8a45f1bf1 100644 --- a/api_docs/kbn_deeplinks_analytics.mdx +++ b/api_docs/kbn_deeplinks_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-analytics title: "@kbn/deeplinks-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-analytics plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-analytics'] --- import kbnDeeplinksAnalyticsObj from './kbn_deeplinks_analytics.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_devtools.mdx b/api_docs/kbn_deeplinks_devtools.mdx index 876a2df8cc4638..a38d853a60d425 100644 --- a/api_docs/kbn_deeplinks_devtools.mdx +++ b/api_docs/kbn_deeplinks_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-devtools title: "@kbn/deeplinks-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-devtools plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-devtools'] --- import kbnDeeplinksDevtoolsObj from './kbn_deeplinks_devtools.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_management.mdx b/api_docs/kbn_deeplinks_management.mdx index ea36f9e117afea..76c725964ca1bf 100644 --- a/api_docs/kbn_deeplinks_management.mdx +++ b/api_docs/kbn_deeplinks_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-management title: "@kbn/deeplinks-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-management plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-management'] --- import kbnDeeplinksManagementObj from './kbn_deeplinks_management.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_ml.mdx b/api_docs/kbn_deeplinks_ml.mdx index 3dd9655e9669f8..5348a11f084bcf 100644 --- a/api_docs/kbn_deeplinks_ml.mdx +++ b/api_docs/kbn_deeplinks_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-ml title: "@kbn/deeplinks-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-ml plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-ml'] --- import kbnDeeplinksMlObj from './kbn_deeplinks_ml.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_observability.mdx b/api_docs/kbn_deeplinks_observability.mdx index 19cf9dad9f037d..e9bc7f0f987ea6 100644 --- a/api_docs/kbn_deeplinks_observability.mdx +++ b/api_docs/kbn_deeplinks_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-observability title: "@kbn/deeplinks-observability" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-observability plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-observability'] --- import kbnDeeplinksObservabilityObj from './kbn_deeplinks_observability.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_search.mdx b/api_docs/kbn_deeplinks_search.mdx index 1b277e87400b16..5c8c6e826fbab4 100644 --- a/api_docs/kbn_deeplinks_search.mdx +++ b/api_docs/kbn_deeplinks_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-search title: "@kbn/deeplinks-search" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-search plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-search'] --- import kbnDeeplinksSearchObj from './kbn_deeplinks_search.devdocs.json'; diff --git a/api_docs/kbn_default_nav_analytics.mdx b/api_docs/kbn_default_nav_analytics.mdx index 12e1c3280a7add..5e25be6d1e5d6b 100644 --- a/api_docs/kbn_default_nav_analytics.mdx +++ b/api_docs/kbn_default_nav_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-analytics title: "@kbn/default-nav-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-analytics plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-analytics'] --- import kbnDefaultNavAnalyticsObj from './kbn_default_nav_analytics.devdocs.json'; diff --git a/api_docs/kbn_default_nav_devtools.mdx b/api_docs/kbn_default_nav_devtools.mdx index f1d81655b37048..274bdac2804241 100644 --- a/api_docs/kbn_default_nav_devtools.mdx +++ b/api_docs/kbn_default_nav_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-devtools title: "@kbn/default-nav-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-devtools plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-devtools'] --- import kbnDefaultNavDevtoolsObj from './kbn_default_nav_devtools.devdocs.json'; diff --git a/api_docs/kbn_default_nav_management.mdx b/api_docs/kbn_default_nav_management.mdx index 33504be87501e8..124d5f509930c0 100644 --- a/api_docs/kbn_default_nav_management.mdx +++ b/api_docs/kbn_default_nav_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-management title: "@kbn/default-nav-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-management plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-management'] --- import kbnDefaultNavManagementObj from './kbn_default_nav_management.devdocs.json'; diff --git a/api_docs/kbn_default_nav_ml.mdx b/api_docs/kbn_default_nav_ml.mdx index ebec5cdc14960b..510f1601fdd72b 100644 --- a/api_docs/kbn_default_nav_ml.mdx +++ b/api_docs/kbn_default_nav_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-ml title: "@kbn/default-nav-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-ml plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-ml'] --- import kbnDefaultNavMlObj from './kbn_default_nav_ml.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_errors.mdx b/api_docs/kbn_dev_cli_errors.mdx index c8271e54876aac..154ca5c93227d7 100644 --- a/api_docs/kbn_dev_cli_errors.mdx +++ b/api_docs/kbn_dev_cli_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-errors title: "@kbn/dev-cli-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-errors plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-errors'] --- import kbnDevCliErrorsObj from './kbn_dev_cli_errors.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_runner.mdx b/api_docs/kbn_dev_cli_runner.mdx index a6af1ccf172b12..9de640d5709aad 100644 --- a/api_docs/kbn_dev_cli_runner.mdx +++ b/api_docs/kbn_dev_cli_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-runner title: "@kbn/dev-cli-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-runner plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-runner'] --- import kbnDevCliRunnerObj from './kbn_dev_cli_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_proc_runner.mdx b/api_docs/kbn_dev_proc_runner.mdx index b722416e72a9df..adfc178275a9c7 100644 --- a/api_docs/kbn_dev_proc_runner.mdx +++ b/api_docs/kbn_dev_proc_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-proc-runner title: "@kbn/dev-proc-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-proc-runner plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-proc-runner'] --- import kbnDevProcRunnerObj from './kbn_dev_proc_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_utils.mdx b/api_docs/kbn_dev_utils.mdx index fb5abfbcd4bc7b..dcd983d3ceb074 100644 --- a/api_docs/kbn_dev_utils.mdx +++ b/api_docs/kbn_dev_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-utils title: "@kbn/dev-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-utils'] --- import kbnDevUtilsObj from './kbn_dev_utils.devdocs.json'; diff --git a/api_docs/kbn_discover_utils.mdx b/api_docs/kbn_discover_utils.mdx index b183ceac812522..693ffd9fc197bd 100644 --- a/api_docs/kbn_discover_utils.mdx +++ b/api_docs/kbn_discover_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-discover-utils title: "@kbn/discover-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/discover-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/discover-utils'] --- import kbnDiscoverUtilsObj from './kbn_discover_utils.devdocs.json'; diff --git a/api_docs/kbn_doc_links.mdx b/api_docs/kbn_doc_links.mdx index eacc20b47b5478..421f67945b0450 100644 --- a/api_docs/kbn_doc_links.mdx +++ b/api_docs/kbn_doc_links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-doc-links title: "@kbn/doc-links" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/doc-links plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/doc-links'] --- import kbnDocLinksObj from './kbn_doc_links.devdocs.json'; diff --git a/api_docs/kbn_docs_utils.mdx b/api_docs/kbn_docs_utils.mdx index 4737b7a9e492be..42347b3f85b09d 100644 --- a/api_docs/kbn_docs_utils.mdx +++ b/api_docs/kbn_docs_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-docs-utils title: "@kbn/docs-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/docs-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/docs-utils'] --- import kbnDocsUtilsObj from './kbn_docs_utils.devdocs.json'; diff --git a/api_docs/kbn_dom_drag_drop.mdx b/api_docs/kbn_dom_drag_drop.mdx index f2466feb2a991e..76a5ecbf01a147 100644 --- a/api_docs/kbn_dom_drag_drop.mdx +++ b/api_docs/kbn_dom_drag_drop.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dom-drag-drop title: "@kbn/dom-drag-drop" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dom-drag-drop plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dom-drag-drop'] --- import kbnDomDragDropObj from './kbn_dom_drag_drop.devdocs.json'; diff --git a/api_docs/kbn_ebt_tools.mdx b/api_docs/kbn_ebt_tools.mdx index 4d72ee3a6c036b..97065406dcbc8b 100644 --- a/api_docs/kbn_ebt_tools.mdx +++ b/api_docs/kbn_ebt_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ebt-tools title: "@kbn/ebt-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ebt-tools plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ebt-tools'] --- import kbnEbtToolsObj from './kbn_ebt_tools.devdocs.json'; diff --git a/api_docs/kbn_ecs.mdx b/api_docs/kbn_ecs.mdx index fe8f5d0158155b..91447abe9e29eb 100644 --- a/api_docs/kbn_ecs.mdx +++ b/api_docs/kbn_ecs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ecs title: "@kbn/ecs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ecs plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ecs'] --- import kbnEcsObj from './kbn_ecs.devdocs.json'; diff --git a/api_docs/kbn_ecs_data_quality_dashboard.mdx b/api_docs/kbn_ecs_data_quality_dashboard.mdx index 240972bce55053..4110be8a06e801 100644 --- a/api_docs/kbn_ecs_data_quality_dashboard.mdx +++ b/api_docs/kbn_ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ecs-data-quality-dashboard title: "@kbn/ecs-data-quality-dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ecs-data-quality-dashboard plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ecs-data-quality-dashboard'] --- import kbnEcsDataQualityDashboardObj from './kbn_ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/kbn_elastic_agent_utils.devdocs.json b/api_docs/kbn_elastic_agent_utils.devdocs.json new file mode 100644 index 00000000000000..84eff4c15229ae --- /dev/null +++ b/api_docs/kbn_elastic_agent_utils.devdocs.json @@ -0,0 +1,631 @@ +{ + "id": "@kbn/elastic-agent-utils", + "client": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "server": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "common": { + "classes": [], + "functions": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAndroidAgentName", + "type": "Function", + "tags": [], + "label": "isAndroidAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAndroidAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAWSLambdaAgentName", + "type": "Function", + "tags": [], + "label": "isAWSLambdaAgentName", + "description": [], + "signature": [ + "(serverlessType: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAWSLambdaAgentName.$1", + "type": "string", + "tags": [], + "label": "serverlessType", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAzureFunctionsAgentName", + "type": "Function", + "tags": [], + "label": "isAzureFunctionsAgentName", + "description": [], + "signature": [ + "(serverlessType: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAzureFunctionsAgentName.$1", + "type": "string", + "tags": [], + "label": "serverlessType", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isIosAgentName", + "type": "Function", + "tags": [], + "label": "isIosAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isIosAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isJavaAgentName", + "type": "Function", + "tags": [], + "label": "isJavaAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isJavaAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isJRubyAgentName", + "type": "Function", + "tags": [], + "label": "isJRubyAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined, runtimeName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isJRubyAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isJRubyAgentName.$2", + "type": "string", + "tags": [], + "label": "runtimeName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isMobileAgentName", + "type": "Function", + "tags": [], + "label": "isMobileAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isMobileAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isOpenTelemetryAgentName", + "type": "Function", + "tags": [], + "label": "isOpenTelemetryAgentName", + "description": [], + "signature": [ + "(agentName: string) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isOpenTelemetryAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isRumAgentName", + "type": "Function", + "tags": [], + "label": "isRumAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isRumAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isRumOrMobileAgentName", + "type": "Function", + "tags": [], + "label": "isRumOrMobileAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isRumOrMobileAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isServerlessAgentName", + "type": "Function", + "tags": [], + "label": "isServerlessAgentName", + "description": [], + "signature": [ + "(serverlessType: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isServerlessAgentName.$1", + "type": "string", + "tags": [], + "label": "serverlessType", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + } + ], + "interfaces": [], + "enums": [], + "misc": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.AGENT_NAMES", + "type": "Array", + "tags": [], + "label": "AGENT_NAMES", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.AgentName", + "text": "AgentName" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.AgentName", + "type": "Type", + "tags": [], + "label": "AgentName", + "description": [], + "signature": [ + "\"java\" | \"go\" | \"dotnet\" | \"php\" | \"ruby\" | \"otlp\" | \"android/java\" | \"iOS/swift\" | \"rum-js\" | \"js-base\" | \"opentelemetry/webjs\" | \"opentelemetry/java\" | \"nodejs\" | \"python\" | \"opentelemetry/cpp\" | \"opentelemetry/dotnet\" | \"opentelemetry/erlang\" | \"opentelemetry/go\" | \"opentelemetry/nodejs\" | \"opentelemetry/php\" | \"opentelemetry/python\" | \"opentelemetry/ruby\" | \"opentelemetry/rust\" | \"opentelemetry/swift\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.ELASTIC_AGENT_NAMES", + "type": "Array", + "tags": [], + "label": "ELASTIC_AGENT_NAMES", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.ElasticAgentName", + "text": "ElasticAgentName" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.ElasticAgentName", + "type": "Type", + "tags": [], + "label": "ElasticAgentName", + "description": [ + "\nWe cannot mark these arrays as const and derive their type\nbecause we need to be able to assign them as mutable entities for ES queries." + ], + "signature": [ + "\"java\" | \"go\" | \"dotnet\" | \"php\" | \"ruby\" | \"android/java\" | \"iOS/swift\" | \"rum-js\" | \"js-base\" | \"nodejs\" | \"python\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.JAVA_AGENT_NAMES", + "type": "Array", + "tags": [], + "label": "JAVA_AGENT_NAMES", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.JavaAgentName", + "text": "JavaAgentName" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.JavaAgentName", + "type": "Type", + "tags": [], + "label": "JavaAgentName", + "description": [], + "signature": [ + "\"java\" | \"opentelemetry/java\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.OPEN_TELEMETRY_AGENT_NAMES", + "type": "Array", + "tags": [], + "label": "OPEN_TELEMETRY_AGENT_NAMES", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.OpenTelemetryAgentName", + "text": "OpenTelemetryAgentName" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.OpenTelemetryAgentName", + "type": "Type", + "tags": [], + "label": "OpenTelemetryAgentName", + "description": [], + "signature": [ + "\"otlp\" | \"opentelemetry/webjs\" | \"opentelemetry/java\" | \"opentelemetry/cpp\" | \"opentelemetry/dotnet\" | \"opentelemetry/erlang\" | \"opentelemetry/go\" | \"opentelemetry/nodejs\" | \"opentelemetry/php\" | \"opentelemetry/python\" | \"opentelemetry/ruby\" | \"opentelemetry/rust\" | \"opentelemetry/swift\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.RUM_AGENT_NAMES", + "type": "Array", + "tags": [], + "label": "RUM_AGENT_NAMES", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.RumAgentName", + "text": "RumAgentName" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.RumAgentName", + "type": "Type", + "tags": [], + "label": "RumAgentName", + "description": [], + "signature": [ + "\"rum-js\" | \"js-base\" | \"opentelemetry/webjs\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.SERVERLESS_TYPE", + "type": "Array", + "tags": [], + "label": "SERVERLESS_TYPE", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.ServerlessType", + "text": "ServerlessType" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.ServerlessType", + "type": "Type", + "tags": [], + "label": "ServerlessType", + "description": [], + "signature": [ + "\"aws.lambda\" | \"azure.functions\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + } + ], + "objects": [] + } +} \ No newline at end of file diff --git a/api_docs/kbn_elastic_agent_utils.mdx b/api_docs/kbn_elastic_agent_utils.mdx new file mode 100644 index 00000000000000..f96d2d23ad4f8a --- /dev/null +++ b/api_docs/kbn_elastic_agent_utils.mdx @@ -0,0 +1,33 @@ +--- +#### +#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system. +#### Reach out in #docs-engineering for more info. +#### +id: kibKbnElasticAgentUtilsPluginApi +slug: /kibana-dev-docs/api/kbn-elastic-agent-utils +title: "@kbn/elastic-agent-utils" +image: https://source.unsplash.com/400x175/?github +description: API docs for the @kbn/elastic-agent-utils plugin +date: 2023-11-21 +tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-agent-utils'] +--- +import kbnElasticAgentUtilsObj from './kbn_elastic_agent_utils.devdocs.json'; + + + +Contact [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) for questions regarding this plugin. + +**Code health stats** + +| Public API count | Any count | Items lacking comments | Missing exports | +|-------------------|-----------|------------------------|-----------------| +| 35 | 0 | 34 | 0 | + +## Common + +### Functions + + +### Consts, variables and types + + diff --git a/api_docs/kbn_elastic_assistant.mdx b/api_docs/kbn_elastic_assistant.mdx index 9ce911bff0af94..486a464a743cb2 100644 --- a/api_docs/kbn_elastic_assistant.mdx +++ b/api_docs/kbn_elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant title: "@kbn/elastic-assistant" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-assistant plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant'] --- import kbnElasticAssistantObj from './kbn_elastic_assistant.devdocs.json'; diff --git a/api_docs/kbn_es.mdx b/api_docs/kbn_es.mdx index 749ea1a1b5d471..4d715135fc154d 100644 --- a/api_docs/kbn_es.mdx +++ b/api_docs/kbn_es.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es title: "@kbn/es" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es'] --- import kbnEsObj from './kbn_es.devdocs.json'; diff --git a/api_docs/kbn_es_archiver.mdx b/api_docs/kbn_es_archiver.mdx index 72ba16224bc4f1..3adc0ff6f35608 100644 --- a/api_docs/kbn_es_archiver.mdx +++ b/api_docs/kbn_es_archiver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-archiver title: "@kbn/es-archiver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-archiver plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-archiver'] --- import kbnEsArchiverObj from './kbn_es_archiver.devdocs.json'; diff --git a/api_docs/kbn_es_errors.mdx b/api_docs/kbn_es_errors.mdx index 0c6f0364781059..80a922840dbd3b 100644 --- a/api_docs/kbn_es_errors.mdx +++ b/api_docs/kbn_es_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-errors title: "@kbn/es-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-errors plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-errors'] --- import kbnEsErrorsObj from './kbn_es_errors.devdocs.json'; diff --git a/api_docs/kbn_es_query.mdx b/api_docs/kbn_es_query.mdx index 205e6b94f5be84..b37e32f1b39275 100644 --- a/api_docs/kbn_es_query.mdx +++ b/api_docs/kbn_es_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-query title: "@kbn/es-query" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-query plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-query'] --- import kbnEsQueryObj from './kbn_es_query.devdocs.json'; diff --git a/api_docs/kbn_es_types.mdx b/api_docs/kbn_es_types.mdx index 87fcda9328624a..84dafa401b1ffd 100644 --- a/api_docs/kbn_es_types.mdx +++ b/api_docs/kbn_es_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-types title: "@kbn/es-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-types plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-types'] --- import kbnEsTypesObj from './kbn_es_types.devdocs.json'; diff --git a/api_docs/kbn_eslint_plugin_imports.mdx b/api_docs/kbn_eslint_plugin_imports.mdx index fd5c9e7896f26f..8efe7adb441861 100644 --- a/api_docs/kbn_eslint_plugin_imports.mdx +++ b/api_docs/kbn_eslint_plugin_imports.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-eslint-plugin-imports title: "@kbn/eslint-plugin-imports" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/eslint-plugin-imports plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/eslint-plugin-imports'] --- import kbnEslintPluginImportsObj from './kbn_eslint_plugin_imports.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_common.mdx b/api_docs/kbn_event_annotation_common.mdx index 9ab57542c3d091..4580d05fb467a4 100644 --- a/api_docs/kbn_event_annotation_common.mdx +++ b/api_docs/kbn_event_annotation_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-common title: "@kbn/event-annotation-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-common'] --- import kbnEventAnnotationCommonObj from './kbn_event_annotation_common.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_components.mdx b/api_docs/kbn_event_annotation_components.mdx index e8561d3a8eab52..019d1468880855 100644 --- a/api_docs/kbn_event_annotation_components.mdx +++ b/api_docs/kbn_event_annotation_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-components title: "@kbn/event-annotation-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-components plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-components'] --- import kbnEventAnnotationComponentsObj from './kbn_event_annotation_components.devdocs.json'; diff --git a/api_docs/kbn_expandable_flyout.mdx b/api_docs/kbn_expandable_flyout.mdx index ce9fc06b3d66c0..166f3ed0b0b14d 100644 --- a/api_docs/kbn_expandable_flyout.mdx +++ b/api_docs/kbn_expandable_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-expandable-flyout title: "@kbn/expandable-flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/expandable-flyout plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/expandable-flyout'] --- import kbnExpandableFlyoutObj from './kbn_expandable_flyout.devdocs.json'; diff --git a/api_docs/kbn_field_types.mdx b/api_docs/kbn_field_types.mdx index 84b348eb81b186..6530d67e74dfb7 100644 --- a/api_docs/kbn_field_types.mdx +++ b/api_docs/kbn_field_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-types title: "@kbn/field-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-types plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-types'] --- import kbnFieldTypesObj from './kbn_field_types.devdocs.json'; diff --git a/api_docs/kbn_field_utils.mdx b/api_docs/kbn_field_utils.mdx index d3659ef9c61d86..94632df85bc830 100644 --- a/api_docs/kbn_field_utils.mdx +++ b/api_docs/kbn_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-utils title: "@kbn/field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-utils'] --- import kbnFieldUtilsObj from './kbn_field_utils.devdocs.json'; diff --git a/api_docs/kbn_find_used_node_modules.mdx b/api_docs/kbn_find_used_node_modules.mdx index 3977d256fa8d04..a0e32b99464662 100644 --- a/api_docs/kbn_find_used_node_modules.mdx +++ b/api_docs/kbn_find_used_node_modules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-find-used-node-modules title: "@kbn/find-used-node-modules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/find-used-node-modules plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/find-used-node-modules'] --- import kbnFindUsedNodeModulesObj from './kbn_find_used_node_modules.devdocs.json'; diff --git a/api_docs/kbn_ftr_common_functional_services.mdx b/api_docs/kbn_ftr_common_functional_services.mdx index 84b6cd33c85895..75f8fe4cf2b7bd 100644 --- a/api_docs/kbn_ftr_common_functional_services.mdx +++ b/api_docs/kbn_ftr_common_functional_services.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-services title: "@kbn/ftr-common-functional-services" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ftr-common-functional-services plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-services'] --- import kbnFtrCommonFunctionalServicesObj from './kbn_ftr_common_functional_services.devdocs.json'; diff --git a/api_docs/kbn_generate.mdx b/api_docs/kbn_generate.mdx index eefb6f1eb4bc27..001b92ac1b31c0 100644 --- a/api_docs/kbn_generate.mdx +++ b/api_docs/kbn_generate.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate title: "@kbn/generate" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate'] --- import kbnGenerateObj from './kbn_generate.devdocs.json'; diff --git a/api_docs/kbn_generate_console_definitions.mdx b/api_docs/kbn_generate_console_definitions.mdx index f3e34b74500a1d..a128e75d2bc350 100644 --- a/api_docs/kbn_generate_console_definitions.mdx +++ b/api_docs/kbn_generate_console_definitions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-console-definitions title: "@kbn/generate-console-definitions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-console-definitions plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-console-definitions'] --- import kbnGenerateConsoleDefinitionsObj from './kbn_generate_console_definitions.devdocs.json'; diff --git a/api_docs/kbn_generate_csv.mdx b/api_docs/kbn_generate_csv.mdx index 322451148e7afc..7a478239e99883 100644 --- a/api_docs/kbn_generate_csv.mdx +++ b/api_docs/kbn_generate_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-csv title: "@kbn/generate-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-csv plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-csv'] --- import kbnGenerateCsvObj from './kbn_generate_csv.devdocs.json'; diff --git a/api_docs/kbn_guided_onboarding.mdx b/api_docs/kbn_guided_onboarding.mdx index 5bbbde441b4962..a795592fc5d1cc 100644 --- a/api_docs/kbn_guided_onboarding.mdx +++ b/api_docs/kbn_guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-guided-onboarding title: "@kbn/guided-onboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/guided-onboarding plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/guided-onboarding'] --- import kbnGuidedOnboardingObj from './kbn_guided_onboarding.devdocs.json'; diff --git a/api_docs/kbn_handlebars.mdx b/api_docs/kbn_handlebars.mdx index e502bf7fea8581..cf41bad68261aa 100644 --- a/api_docs/kbn_handlebars.mdx +++ b/api_docs/kbn_handlebars.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-handlebars title: "@kbn/handlebars" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/handlebars plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/handlebars'] --- import kbnHandlebarsObj from './kbn_handlebars.devdocs.json'; diff --git a/api_docs/kbn_hapi_mocks.mdx b/api_docs/kbn_hapi_mocks.mdx index 69c8a5ed808522..16796582f8a72e 100644 --- a/api_docs/kbn_hapi_mocks.mdx +++ b/api_docs/kbn_hapi_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-hapi-mocks title: "@kbn/hapi-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/hapi-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/hapi-mocks'] --- import kbnHapiMocksObj from './kbn_hapi_mocks.devdocs.json'; diff --git a/api_docs/kbn_health_gateway_server.mdx b/api_docs/kbn_health_gateway_server.mdx index 4cb4807942d717..aacda0ded28a6e 100644 --- a/api_docs/kbn_health_gateway_server.mdx +++ b/api_docs/kbn_health_gateway_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-health-gateway-server title: "@kbn/health-gateway-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/health-gateway-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/health-gateway-server'] --- import kbnHealthGatewayServerObj from './kbn_health_gateway_server.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_card.mdx b/api_docs/kbn_home_sample_data_card.mdx index 1e7bc20bee9221..9a85a0f5cf515d 100644 --- a/api_docs/kbn_home_sample_data_card.mdx +++ b/api_docs/kbn_home_sample_data_card.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-card title: "@kbn/home-sample-data-card" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-card plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-card'] --- import kbnHomeSampleDataCardObj from './kbn_home_sample_data_card.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_tab.mdx b/api_docs/kbn_home_sample_data_tab.mdx index 19625a1647e5a8..94f5421a77cdef 100644 --- a/api_docs/kbn_home_sample_data_tab.mdx +++ b/api_docs/kbn_home_sample_data_tab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-tab title: "@kbn/home-sample-data-tab" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-tab plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-tab'] --- import kbnHomeSampleDataTabObj from './kbn_home_sample_data_tab.devdocs.json'; diff --git a/api_docs/kbn_i18n.mdx b/api_docs/kbn_i18n.mdx index a4421c2754cd91..c5f3b626d6c461 100644 --- a/api_docs/kbn_i18n.mdx +++ b/api_docs/kbn_i18n.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n title: "@kbn/i18n" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n'] --- import kbnI18nObj from './kbn_i18n.devdocs.json'; diff --git a/api_docs/kbn_i18n_react.mdx b/api_docs/kbn_i18n_react.mdx index 2ca86d88fe6506..855686c7e7515c 100644 --- a/api_docs/kbn_i18n_react.mdx +++ b/api_docs/kbn_i18n_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n-react title: "@kbn/i18n-react" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n-react plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n-react'] --- import kbnI18nReactObj from './kbn_i18n_react.devdocs.json'; diff --git a/api_docs/kbn_import_resolver.mdx b/api_docs/kbn_import_resolver.mdx index eab957c10a6eaf..6b2df4490beacd 100644 --- a/api_docs/kbn_import_resolver.mdx +++ b/api_docs/kbn_import_resolver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-import-resolver title: "@kbn/import-resolver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/import-resolver plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/import-resolver'] --- import kbnImportResolverObj from './kbn_import_resolver.devdocs.json'; diff --git a/api_docs/kbn_infra_forge.mdx b/api_docs/kbn_infra_forge.mdx index b789f4168f4b79..71a9a3c9628cef 100644 --- a/api_docs/kbn_infra_forge.mdx +++ b/api_docs/kbn_infra_forge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-infra-forge title: "@kbn/infra-forge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/infra-forge plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/infra-forge'] --- import kbnInfraForgeObj from './kbn_infra_forge.devdocs.json'; diff --git a/api_docs/kbn_interpreter.mdx b/api_docs/kbn_interpreter.mdx index f075f141ebcafd..81cbf3de7a0bc4 100644 --- a/api_docs/kbn_interpreter.mdx +++ b/api_docs/kbn_interpreter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-interpreter title: "@kbn/interpreter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/interpreter plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/interpreter'] --- import kbnInterpreterObj from './kbn_interpreter.devdocs.json'; diff --git a/api_docs/kbn_io_ts_utils.mdx b/api_docs/kbn_io_ts_utils.mdx index 7129be0fd704ae..baa2b7c59236b3 100644 --- a/api_docs/kbn_io_ts_utils.mdx +++ b/api_docs/kbn_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-io-ts-utils title: "@kbn/io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/io-ts-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/io-ts-utils'] --- import kbnIoTsUtilsObj from './kbn_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_jest_serializers.mdx b/api_docs/kbn_jest_serializers.mdx index e2848e17aed92e..7134a6b5111b36 100644 --- a/api_docs/kbn_jest_serializers.mdx +++ b/api_docs/kbn_jest_serializers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-jest-serializers title: "@kbn/jest-serializers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/jest-serializers plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/jest-serializers'] --- import kbnJestSerializersObj from './kbn_jest_serializers.devdocs.json'; diff --git a/api_docs/kbn_journeys.mdx b/api_docs/kbn_journeys.mdx index 5c2a9c465de874..4516c2a6fbcee8 100644 --- a/api_docs/kbn_journeys.mdx +++ b/api_docs/kbn_journeys.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-journeys title: "@kbn/journeys" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/journeys plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/journeys'] --- import kbnJourneysObj from './kbn_journeys.devdocs.json'; diff --git a/api_docs/kbn_json_ast.mdx b/api_docs/kbn_json_ast.mdx index fc7d536e75aca9..f7fc8909007f5a 100644 --- a/api_docs/kbn_json_ast.mdx +++ b/api_docs/kbn_json_ast.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-ast title: "@kbn/json-ast" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/json-ast plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-ast'] --- import kbnJsonAstObj from './kbn_json_ast.devdocs.json'; diff --git a/api_docs/kbn_kibana_manifest_schema.mdx b/api_docs/kbn_kibana_manifest_schema.mdx index 5b02bbd1e04fd8..920d818e7209ec 100644 --- a/api_docs/kbn_kibana_manifest_schema.mdx +++ b/api_docs/kbn_kibana_manifest_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-kibana-manifest-schema title: "@kbn/kibana-manifest-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/kibana-manifest-schema plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/kibana-manifest-schema'] --- import kbnKibanaManifestSchemaObj from './kbn_kibana_manifest_schema.devdocs.json'; diff --git a/api_docs/kbn_language_documentation_popover.mdx b/api_docs/kbn_language_documentation_popover.mdx index 14e79731584a4d..839aaebe18787e 100644 --- a/api_docs/kbn_language_documentation_popover.mdx +++ b/api_docs/kbn_language_documentation_popover.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-language-documentation-popover title: "@kbn/language-documentation-popover" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/language-documentation-popover plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/language-documentation-popover'] --- import kbnLanguageDocumentationPopoverObj from './kbn_language_documentation_popover.devdocs.json'; diff --git a/api_docs/kbn_lens_embeddable_utils.mdx b/api_docs/kbn_lens_embeddable_utils.mdx index 8542ef5cb08f47..25bf0d63914817 100644 --- a/api_docs/kbn_lens_embeddable_utils.mdx +++ b/api_docs/kbn_lens_embeddable_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-embeddable-utils title: "@kbn/lens-embeddable-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/lens-embeddable-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-embeddable-utils'] --- import kbnLensEmbeddableUtilsObj from './kbn_lens_embeddable_utils.devdocs.json'; diff --git a/api_docs/kbn_logging.mdx b/api_docs/kbn_logging.mdx index b444df2b6a9c24..3843787a91b241 100644 --- a/api_docs/kbn_logging.mdx +++ b/api_docs/kbn_logging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging title: "@kbn/logging" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging'] --- import kbnLoggingObj from './kbn_logging.devdocs.json'; diff --git a/api_docs/kbn_logging_mocks.mdx b/api_docs/kbn_logging_mocks.mdx index 745eb2bf99761f..1c4747f8f51283 100644 --- a/api_docs/kbn_logging_mocks.mdx +++ b/api_docs/kbn_logging_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging-mocks title: "@kbn/logging-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging-mocks'] --- import kbnLoggingMocksObj from './kbn_logging_mocks.devdocs.json'; diff --git a/api_docs/kbn_managed_vscode_config.mdx b/api_docs/kbn_managed_vscode_config.mdx index 6809746912d951..cc618d84008118 100644 --- a/api_docs/kbn_managed_vscode_config.mdx +++ b/api_docs/kbn_managed_vscode_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-vscode-config title: "@kbn/managed-vscode-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/managed-vscode-config plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-vscode-config'] --- import kbnManagedVscodeConfigObj from './kbn_managed_vscode_config.devdocs.json'; diff --git a/api_docs/kbn_management_cards_navigation.mdx b/api_docs/kbn_management_cards_navigation.mdx index 6f2cf4db750b5a..e3f1292bdaf72a 100644 --- a/api_docs/kbn_management_cards_navigation.mdx +++ b/api_docs/kbn_management_cards_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-cards-navigation title: "@kbn/management-cards-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-cards-navigation plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-cards-navigation'] --- import kbnManagementCardsNavigationObj from './kbn_management_cards_navigation.devdocs.json'; diff --git a/api_docs/kbn_management_settings_application.mdx b/api_docs/kbn_management_settings_application.mdx index 4345bf89fb98c3..c89f2595278ca9 100644 --- a/api_docs/kbn_management_settings_application.mdx +++ b/api_docs/kbn_management_settings_application.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-application title: "@kbn/management-settings-application" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-application plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-application'] --- import kbnManagementSettingsApplicationObj from './kbn_management_settings_application.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_category.mdx b/api_docs/kbn_management_settings_components_field_category.mdx index b4e54d84a14a81..a77ff49637cd58 100644 --- a/api_docs/kbn_management_settings_components_field_category.mdx +++ b/api_docs/kbn_management_settings_components_field_category.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-category title: "@kbn/management-settings-components-field-category" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-category plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-category'] --- import kbnManagementSettingsComponentsFieldCategoryObj from './kbn_management_settings_components_field_category.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_input.mdx b/api_docs/kbn_management_settings_components_field_input.mdx index cb85f07953dca9..93c1faa74c0a3e 100644 --- a/api_docs/kbn_management_settings_components_field_input.mdx +++ b/api_docs/kbn_management_settings_components_field_input.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-input title: "@kbn/management-settings-components-field-input" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-input plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-input'] --- import kbnManagementSettingsComponentsFieldInputObj from './kbn_management_settings_components_field_input.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_row.mdx b/api_docs/kbn_management_settings_components_field_row.mdx index 684ec37283db6f..d2c50166a0b277 100644 --- a/api_docs/kbn_management_settings_components_field_row.mdx +++ b/api_docs/kbn_management_settings_components_field_row.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-row title: "@kbn/management-settings-components-field-row" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-row plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-row'] --- import kbnManagementSettingsComponentsFieldRowObj from './kbn_management_settings_components_field_row.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_form.mdx b/api_docs/kbn_management_settings_components_form.mdx index 34f55e74b1e1e3..a4a182216dd2c8 100644 --- a/api_docs/kbn_management_settings_components_form.mdx +++ b/api_docs/kbn_management_settings_components_form.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-form title: "@kbn/management-settings-components-form" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-form plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-form'] --- import kbnManagementSettingsComponentsFormObj from './kbn_management_settings_components_form.devdocs.json'; diff --git a/api_docs/kbn_management_settings_field_definition.mdx b/api_docs/kbn_management_settings_field_definition.mdx index b252069868ee74..477bd6ec44800f 100644 --- a/api_docs/kbn_management_settings_field_definition.mdx +++ b/api_docs/kbn_management_settings_field_definition.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-field-definition title: "@kbn/management-settings-field-definition" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-field-definition plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-field-definition'] --- import kbnManagementSettingsFieldDefinitionObj from './kbn_management_settings_field_definition.devdocs.json'; diff --git a/api_docs/kbn_management_settings_ids.mdx b/api_docs/kbn_management_settings_ids.mdx index c9e121e75e6600..ddec605878f9db 100644 --- a/api_docs/kbn_management_settings_ids.mdx +++ b/api_docs/kbn_management_settings_ids.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-ids title: "@kbn/management-settings-ids" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-ids plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-ids'] --- import kbnManagementSettingsIdsObj from './kbn_management_settings_ids.devdocs.json'; diff --git a/api_docs/kbn_management_settings_section_registry.mdx b/api_docs/kbn_management_settings_section_registry.mdx index dd7da237a2d7ab..5f198ea5cdc0f1 100644 --- a/api_docs/kbn_management_settings_section_registry.mdx +++ b/api_docs/kbn_management_settings_section_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-section-registry title: "@kbn/management-settings-section-registry" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-section-registry plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-section-registry'] --- import kbnManagementSettingsSectionRegistryObj from './kbn_management_settings_section_registry.devdocs.json'; diff --git a/api_docs/kbn_management_settings_types.mdx b/api_docs/kbn_management_settings_types.mdx index 87a355c6e83d9f..5a4e3b875f24ff 100644 --- a/api_docs/kbn_management_settings_types.mdx +++ b/api_docs/kbn_management_settings_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-types title: "@kbn/management-settings-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-types plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-types'] --- import kbnManagementSettingsTypesObj from './kbn_management_settings_types.devdocs.json'; diff --git a/api_docs/kbn_management_settings_utilities.mdx b/api_docs/kbn_management_settings_utilities.mdx index 9663d51d3aa744..b4655ad105d36b 100644 --- a/api_docs/kbn_management_settings_utilities.mdx +++ b/api_docs/kbn_management_settings_utilities.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-utilities title: "@kbn/management-settings-utilities" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-utilities plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-utilities'] --- import kbnManagementSettingsUtilitiesObj from './kbn_management_settings_utilities.devdocs.json'; diff --git a/api_docs/kbn_management_storybook_config.mdx b/api_docs/kbn_management_storybook_config.mdx index 3bb13dbf524499..99d70b50b4948a 100644 --- a/api_docs/kbn_management_storybook_config.mdx +++ b/api_docs/kbn_management_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-storybook-config title: "@kbn/management-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-storybook-config plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-storybook-config'] --- import kbnManagementStorybookConfigObj from './kbn_management_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_mapbox_gl.mdx b/api_docs/kbn_mapbox_gl.mdx index 314b7504193255..d9461dc0769ce3 100644 --- a/api_docs/kbn_mapbox_gl.mdx +++ b/api_docs/kbn_mapbox_gl.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mapbox-gl title: "@kbn/mapbox-gl" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/mapbox-gl plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mapbox-gl'] --- import kbnMapboxGlObj from './kbn_mapbox_gl.devdocs.json'; diff --git a/api_docs/kbn_maps_vector_tile_utils.mdx b/api_docs/kbn_maps_vector_tile_utils.mdx index 2d2df16e28df56..5b6c9864c44794 100644 --- a/api_docs/kbn_maps_vector_tile_utils.mdx +++ b/api_docs/kbn_maps_vector_tile_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-maps-vector-tile-utils title: "@kbn/maps-vector-tile-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/maps-vector-tile-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/maps-vector-tile-utils'] --- import kbnMapsVectorTileUtilsObj from './kbn_maps_vector_tile_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_agg_utils.mdx b/api_docs/kbn_ml_agg_utils.mdx index e605980193eef7..66af525b30c8d3 100644 --- a/api_docs/kbn_ml_agg_utils.mdx +++ b/api_docs/kbn_ml_agg_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-agg-utils title: "@kbn/ml-agg-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-agg-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-agg-utils'] --- import kbnMlAggUtilsObj from './kbn_ml_agg_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_anomaly_utils.mdx b/api_docs/kbn_ml_anomaly_utils.mdx index 9f606e5bd3d2b3..87766229e87e41 100644 --- a/api_docs/kbn_ml_anomaly_utils.mdx +++ b/api_docs/kbn_ml_anomaly_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-anomaly-utils title: "@kbn/ml-anomaly-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-anomaly-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-anomaly-utils'] --- import kbnMlAnomalyUtilsObj from './kbn_ml_anomaly_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_category_validator.mdx b/api_docs/kbn_ml_category_validator.mdx index 925711cc067008..5b2662c1db45b7 100644 --- a/api_docs/kbn_ml_category_validator.mdx +++ b/api_docs/kbn_ml_category_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-category-validator title: "@kbn/ml-category-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-category-validator plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-category-validator'] --- import kbnMlCategoryValidatorObj from './kbn_ml_category_validator.devdocs.json'; diff --git a/api_docs/kbn_ml_chi2test.mdx b/api_docs/kbn_ml_chi2test.mdx index 33e332f902fb23..171e8d674af98b 100644 --- a/api_docs/kbn_ml_chi2test.mdx +++ b/api_docs/kbn_ml_chi2test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-chi2test title: "@kbn/ml-chi2test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-chi2test plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-chi2test'] --- import kbnMlChi2testObj from './kbn_ml_chi2test.devdocs.json'; diff --git a/api_docs/kbn_ml_data_frame_analytics_utils.mdx b/api_docs/kbn_ml_data_frame_analytics_utils.mdx index a57239d4cb4da9..a34d9281ce7adc 100644 --- a/api_docs/kbn_ml_data_frame_analytics_utils.mdx +++ b/api_docs/kbn_ml_data_frame_analytics_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-frame-analytics-utils title: "@kbn/ml-data-frame-analytics-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-frame-analytics-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-frame-analytics-utils'] --- import kbnMlDataFrameAnalyticsUtilsObj from './kbn_ml_data_frame_analytics_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_data_grid.mdx b/api_docs/kbn_ml_data_grid.mdx index 9f05470dfa0862..034a469710ce37 100644 --- a/api_docs/kbn_ml_data_grid.mdx +++ b/api_docs/kbn_ml_data_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-grid title: "@kbn/ml-data-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-grid plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-grid'] --- import kbnMlDataGridObj from './kbn_ml_data_grid.devdocs.json'; diff --git a/api_docs/kbn_ml_date_picker.mdx b/api_docs/kbn_ml_date_picker.mdx index d76cfdee18c9dd..a109a459e6ebbe 100644 --- a/api_docs/kbn_ml_date_picker.mdx +++ b/api_docs/kbn_ml_date_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-picker title: "@kbn/ml-date-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-picker plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-picker'] --- import kbnMlDatePickerObj from './kbn_ml_date_picker.devdocs.json'; diff --git a/api_docs/kbn_ml_date_utils.mdx b/api_docs/kbn_ml_date_utils.mdx index 84487050900b66..b77d4ec655867e 100644 --- a/api_docs/kbn_ml_date_utils.mdx +++ b/api_docs/kbn_ml_date_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-utils title: "@kbn/ml-date-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-utils'] --- import kbnMlDateUtilsObj from './kbn_ml_date_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_error_utils.mdx b/api_docs/kbn_ml_error_utils.mdx index 1905e5604f7b8d..a5b4715dfc9a39 100644 --- a/api_docs/kbn_ml_error_utils.mdx +++ b/api_docs/kbn_ml_error_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-error-utils title: "@kbn/ml-error-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-error-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-error-utils'] --- import kbnMlErrorUtilsObj from './kbn_ml_error_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_in_memory_table.mdx b/api_docs/kbn_ml_in_memory_table.mdx index b6c9697fe95a48..489901c47b997b 100644 --- a/api_docs/kbn_ml_in_memory_table.mdx +++ b/api_docs/kbn_ml_in_memory_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-in-memory-table title: "@kbn/ml-in-memory-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-in-memory-table plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-in-memory-table'] --- import kbnMlInMemoryTableObj from './kbn_ml_in_memory_table.devdocs.json'; diff --git a/api_docs/kbn_ml_is_defined.mdx b/api_docs/kbn_ml_is_defined.mdx index 3fb69c30356fd5..fb06e1275927e9 100644 --- a/api_docs/kbn_ml_is_defined.mdx +++ b/api_docs/kbn_ml_is_defined.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-defined title: "@kbn/ml-is-defined" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-defined plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-defined'] --- import kbnMlIsDefinedObj from './kbn_ml_is_defined.devdocs.json'; diff --git a/api_docs/kbn_ml_is_populated_object.mdx b/api_docs/kbn_ml_is_populated_object.mdx index db376f8b5ca1cc..0c038656400e1e 100644 --- a/api_docs/kbn_ml_is_populated_object.mdx +++ b/api_docs/kbn_ml_is_populated_object.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-populated-object title: "@kbn/ml-is-populated-object" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-populated-object plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-populated-object'] --- import kbnMlIsPopulatedObjectObj from './kbn_ml_is_populated_object.devdocs.json'; diff --git a/api_docs/kbn_ml_kibana_theme.mdx b/api_docs/kbn_ml_kibana_theme.mdx index eb26c32b7df24d..216fbeb7d9488a 100644 --- a/api_docs/kbn_ml_kibana_theme.mdx +++ b/api_docs/kbn_ml_kibana_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-kibana-theme title: "@kbn/ml-kibana-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-kibana-theme plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-kibana-theme'] --- import kbnMlKibanaThemeObj from './kbn_ml_kibana_theme.devdocs.json'; diff --git a/api_docs/kbn_ml_local_storage.mdx b/api_docs/kbn_ml_local_storage.mdx index 8a106162e07fbd..f01a54d575548b 100644 --- a/api_docs/kbn_ml_local_storage.mdx +++ b/api_docs/kbn_ml_local_storage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-local-storage title: "@kbn/ml-local-storage" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-local-storage plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-local-storage'] --- import kbnMlLocalStorageObj from './kbn_ml_local_storage.devdocs.json'; diff --git a/api_docs/kbn_ml_nested_property.mdx b/api_docs/kbn_ml_nested_property.mdx index d9a1736e42fe7b..0f8736f232a408 100644 --- a/api_docs/kbn_ml_nested_property.mdx +++ b/api_docs/kbn_ml_nested_property.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-nested-property title: "@kbn/ml-nested-property" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-nested-property plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-nested-property'] --- import kbnMlNestedPropertyObj from './kbn_ml_nested_property.devdocs.json'; diff --git a/api_docs/kbn_ml_number_utils.mdx b/api_docs/kbn_ml_number_utils.mdx index 39e6f11391016b..e56bbc95d1a70c 100644 --- a/api_docs/kbn_ml_number_utils.mdx +++ b/api_docs/kbn_ml_number_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-number-utils title: "@kbn/ml-number-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-number-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-number-utils'] --- import kbnMlNumberUtilsObj from './kbn_ml_number_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_query_utils.mdx b/api_docs/kbn_ml_query_utils.mdx index 8d92f762cfd0c1..9709c86c6b4d55 100644 --- a/api_docs/kbn_ml_query_utils.mdx +++ b/api_docs/kbn_ml_query_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-query-utils title: "@kbn/ml-query-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-query-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-query-utils'] --- import kbnMlQueryUtilsObj from './kbn_ml_query_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_random_sampler_utils.mdx b/api_docs/kbn_ml_random_sampler_utils.mdx index 3db2fed551ae0f..7df33cf629bc65 100644 --- a/api_docs/kbn_ml_random_sampler_utils.mdx +++ b/api_docs/kbn_ml_random_sampler_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-random-sampler-utils title: "@kbn/ml-random-sampler-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-random-sampler-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-random-sampler-utils'] --- import kbnMlRandomSamplerUtilsObj from './kbn_ml_random_sampler_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_route_utils.mdx b/api_docs/kbn_ml_route_utils.mdx index 92a17bfbabf1da..c4be68e7cb07e3 100644 --- a/api_docs/kbn_ml_route_utils.mdx +++ b/api_docs/kbn_ml_route_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-route-utils title: "@kbn/ml-route-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-route-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-route-utils'] --- import kbnMlRouteUtilsObj from './kbn_ml_route_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_runtime_field_utils.mdx b/api_docs/kbn_ml_runtime_field_utils.mdx index c138ae7f5edd90..f25c7a6feeeee8 100644 --- a/api_docs/kbn_ml_runtime_field_utils.mdx +++ b/api_docs/kbn_ml_runtime_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-runtime-field-utils title: "@kbn/ml-runtime-field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-runtime-field-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-runtime-field-utils'] --- import kbnMlRuntimeFieldUtilsObj from './kbn_ml_runtime_field_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_string_hash.mdx b/api_docs/kbn_ml_string_hash.mdx index e045c7a25011ca..ed89de867e986d 100644 --- a/api_docs/kbn_ml_string_hash.mdx +++ b/api_docs/kbn_ml_string_hash.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-string-hash title: "@kbn/ml-string-hash" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-string-hash plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-string-hash'] --- import kbnMlStringHashObj from './kbn_ml_string_hash.devdocs.json'; diff --git a/api_docs/kbn_ml_trained_models_utils.mdx b/api_docs/kbn_ml_trained_models_utils.mdx index ffa0b2bb055152..46ce7fb3d70fbe 100644 --- a/api_docs/kbn_ml_trained_models_utils.mdx +++ b/api_docs/kbn_ml_trained_models_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-trained-models-utils title: "@kbn/ml-trained-models-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-trained-models-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-trained-models-utils'] --- import kbnMlTrainedModelsUtilsObj from './kbn_ml_trained_models_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_url_state.mdx b/api_docs/kbn_ml_url_state.mdx index 7544033d6531ce..5bccc23c234fef 100644 --- a/api_docs/kbn_ml_url_state.mdx +++ b/api_docs/kbn_ml_url_state.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-url-state title: "@kbn/ml-url-state" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-url-state plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-url-state'] --- import kbnMlUrlStateObj from './kbn_ml_url_state.devdocs.json'; diff --git a/api_docs/kbn_monaco.mdx b/api_docs/kbn_monaco.mdx index 4407957a552bdb..583c7100a45f15 100644 --- a/api_docs/kbn_monaco.mdx +++ b/api_docs/kbn_monaco.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-monaco title: "@kbn/monaco" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/monaco plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/monaco'] --- import kbnMonacoObj from './kbn_monaco.devdocs.json'; diff --git a/api_docs/kbn_object_versioning.mdx b/api_docs/kbn_object_versioning.mdx index 24fbadbfc92830..112b328fe2149e 100644 --- a/api_docs/kbn_object_versioning.mdx +++ b/api_docs/kbn_object_versioning.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning title: "@kbn/object-versioning" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/object-versioning plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning'] --- import kbnObjectVersioningObj from './kbn_object_versioning.devdocs.json'; diff --git a/api_docs/kbn_observability_alert_details.mdx b/api_docs/kbn_observability_alert_details.mdx index e70139d098ccff..34e4428fac029c 100644 --- a/api_docs/kbn_observability_alert_details.mdx +++ b/api_docs/kbn_observability_alert_details.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alert-details title: "@kbn/observability-alert-details" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alert-details plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alert-details'] --- import kbnObservabilityAlertDetailsObj from './kbn_observability_alert_details.devdocs.json'; diff --git a/api_docs/kbn_observability_alerting_test_data.mdx b/api_docs/kbn_observability_alerting_test_data.mdx index d1aa83e90351b4..71d1e7bd002b62 100644 --- a/api_docs/kbn_observability_alerting_test_data.mdx +++ b/api_docs/kbn_observability_alerting_test_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-test-data title: "@kbn/observability-alerting-test-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alerting-test-data plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-test-data'] --- import kbnObservabilityAlertingTestDataObj from './kbn_observability_alerting_test_data.devdocs.json'; diff --git a/api_docs/kbn_openapi_generator.mdx b/api_docs/kbn_openapi_generator.mdx index 21ada11c9811ec..8e71595b35ad2f 100644 --- a/api_docs/kbn_openapi_generator.mdx +++ b/api_docs/kbn_openapi_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-generator title: "@kbn/openapi-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/openapi-generator plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-generator'] --- import kbnOpenapiGeneratorObj from './kbn_openapi_generator.devdocs.json'; diff --git a/api_docs/kbn_optimizer.mdx b/api_docs/kbn_optimizer.mdx index c46d59560bbc8b..9b0aadadedec85 100644 --- a/api_docs/kbn_optimizer.mdx +++ b/api_docs/kbn_optimizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer title: "@kbn/optimizer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer'] --- import kbnOptimizerObj from './kbn_optimizer.devdocs.json'; diff --git a/api_docs/kbn_optimizer_webpack_helpers.mdx b/api_docs/kbn_optimizer_webpack_helpers.mdx index 95c9d13161b4c7..10273abb264f81 100644 --- a/api_docs/kbn_optimizer_webpack_helpers.mdx +++ b/api_docs/kbn_optimizer_webpack_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer-webpack-helpers title: "@kbn/optimizer-webpack-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer-webpack-helpers plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer-webpack-helpers'] --- import kbnOptimizerWebpackHelpersObj from './kbn_optimizer_webpack_helpers.devdocs.json'; diff --git a/api_docs/kbn_osquery_io_ts_types.mdx b/api_docs/kbn_osquery_io_ts_types.mdx index b31e3a567bbf09..5bc660b19cc358 100644 --- a/api_docs/kbn_osquery_io_ts_types.mdx +++ b/api_docs/kbn_osquery_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-osquery-io-ts-types title: "@kbn/osquery-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/osquery-io-ts-types plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/osquery-io-ts-types'] --- import kbnOsqueryIoTsTypesObj from './kbn_osquery_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_performance_testing_dataset_extractor.mdx b/api_docs/kbn_performance_testing_dataset_extractor.mdx index 883421bd75b7da..a43e7de1ab37c7 100644 --- a/api_docs/kbn_performance_testing_dataset_extractor.mdx +++ b/api_docs/kbn_performance_testing_dataset_extractor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-performance-testing-dataset-extractor title: "@kbn/performance-testing-dataset-extractor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/performance-testing-dataset-extractor plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/performance-testing-dataset-extractor'] --- import kbnPerformanceTestingDatasetExtractorObj from './kbn_performance_testing_dataset_extractor.devdocs.json'; diff --git a/api_docs/kbn_plugin_generator.mdx b/api_docs/kbn_plugin_generator.mdx index f7f3056a4ad1e0..28ad7e5eb15531 100644 --- a/api_docs/kbn_plugin_generator.mdx +++ b/api_docs/kbn_plugin_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-generator title: "@kbn/plugin-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-generator plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-generator'] --- import kbnPluginGeneratorObj from './kbn_plugin_generator.devdocs.json'; diff --git a/api_docs/kbn_plugin_helpers.mdx b/api_docs/kbn_plugin_helpers.mdx index db9e258cd24521..2daa6c51a19cec 100644 --- a/api_docs/kbn_plugin_helpers.mdx +++ b/api_docs/kbn_plugin_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-helpers title: "@kbn/plugin-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-helpers plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-helpers'] --- import kbnPluginHelpersObj from './kbn_plugin_helpers.devdocs.json'; diff --git a/api_docs/kbn_profiling_utils.mdx b/api_docs/kbn_profiling_utils.mdx index 69d69300bf78e9..dc85eb5abc3ae5 100644 --- a/api_docs/kbn_profiling_utils.mdx +++ b/api_docs/kbn_profiling_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-profiling-utils title: "@kbn/profiling-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/profiling-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/profiling-utils'] --- import kbnProfilingUtilsObj from './kbn_profiling_utils.devdocs.json'; diff --git a/api_docs/kbn_random_sampling.mdx b/api_docs/kbn_random_sampling.mdx index ca81fbb704e2b2..afa6ab1eb712c1 100644 --- a/api_docs/kbn_random_sampling.mdx +++ b/api_docs/kbn_random_sampling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-random-sampling title: "@kbn/random-sampling" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/random-sampling plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/random-sampling'] --- import kbnRandomSamplingObj from './kbn_random_sampling.devdocs.json'; diff --git a/api_docs/kbn_react_field.mdx b/api_docs/kbn_react_field.mdx index 880cb9fd3a203e..0ad9f12676fe70 100644 --- a/api_docs/kbn_react_field.mdx +++ b/api_docs/kbn_react_field.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-field title: "@kbn/react-field" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-field plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-field'] --- import kbnReactFieldObj from './kbn_react_field.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_common.mdx b/api_docs/kbn_react_kibana_context_common.mdx index 640cc3b9e3450d..e8723b1caa7873 100644 --- a/api_docs/kbn_react_kibana_context_common.mdx +++ b/api_docs/kbn_react_kibana_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-common title: "@kbn/react-kibana-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-common'] --- import kbnReactKibanaContextCommonObj from './kbn_react_kibana_context_common.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_render.mdx b/api_docs/kbn_react_kibana_context_render.mdx index fb225a2857febe..cb89b8b76c61de 100644 --- a/api_docs/kbn_react_kibana_context_render.mdx +++ b/api_docs/kbn_react_kibana_context_render.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-render title: "@kbn/react-kibana-context-render" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-render plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-render'] --- import kbnReactKibanaContextRenderObj from './kbn_react_kibana_context_render.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_root.mdx b/api_docs/kbn_react_kibana_context_root.mdx index 306da5ba62a100..21e251bbfff34c 100644 --- a/api_docs/kbn_react_kibana_context_root.mdx +++ b/api_docs/kbn_react_kibana_context_root.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-root title: "@kbn/react-kibana-context-root" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-root plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-root'] --- import kbnReactKibanaContextRootObj from './kbn_react_kibana_context_root.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_styled.mdx b/api_docs/kbn_react_kibana_context_styled.mdx index 5ac8bdce24ac27..6dc5aa790f3be7 100644 --- a/api_docs/kbn_react_kibana_context_styled.mdx +++ b/api_docs/kbn_react_kibana_context_styled.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-styled title: "@kbn/react-kibana-context-styled" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-styled plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-styled'] --- import kbnReactKibanaContextStyledObj from './kbn_react_kibana_context_styled.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_theme.mdx b/api_docs/kbn_react_kibana_context_theme.mdx index 14da79a5e8315a..89d12c222a3082 100644 --- a/api_docs/kbn_react_kibana_context_theme.mdx +++ b/api_docs/kbn_react_kibana_context_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-theme title: "@kbn/react-kibana-context-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-theme plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-theme'] --- import kbnReactKibanaContextThemeObj from './kbn_react_kibana_context_theme.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_mount.mdx b/api_docs/kbn_react_kibana_mount.mdx index 1278197c1132f0..476500b25aba3c 100644 --- a/api_docs/kbn_react_kibana_mount.mdx +++ b/api_docs/kbn_react_kibana_mount.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-mount title: "@kbn/react-kibana-mount" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-mount plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-mount'] --- import kbnReactKibanaMountObj from './kbn_react_kibana_mount.devdocs.json'; diff --git a/api_docs/kbn_repo_file_maps.mdx b/api_docs/kbn_repo_file_maps.mdx index d6c36854a11bfd..96615412bf9888 100644 --- a/api_docs/kbn_repo_file_maps.mdx +++ b/api_docs/kbn_repo_file_maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-file-maps title: "@kbn/repo-file-maps" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-file-maps plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-file-maps'] --- import kbnRepoFileMapsObj from './kbn_repo_file_maps.devdocs.json'; diff --git a/api_docs/kbn_repo_linter.mdx b/api_docs/kbn_repo_linter.mdx index 8b8aac66746fa1..e27847ef6a5bdb 100644 --- a/api_docs/kbn_repo_linter.mdx +++ b/api_docs/kbn_repo_linter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-linter title: "@kbn/repo-linter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-linter plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-linter'] --- import kbnRepoLinterObj from './kbn_repo_linter.devdocs.json'; diff --git a/api_docs/kbn_repo_path.mdx b/api_docs/kbn_repo_path.mdx index dc0cb750746a78..6386639f48ccf4 100644 --- a/api_docs/kbn_repo_path.mdx +++ b/api_docs/kbn_repo_path.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-path title: "@kbn/repo-path" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-path plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-path'] --- import kbnRepoPathObj from './kbn_repo_path.devdocs.json'; diff --git a/api_docs/kbn_repo_source_classifier.mdx b/api_docs/kbn_repo_source_classifier.mdx index bd768dbed4d964..494b1d70e6f4b3 100644 --- a/api_docs/kbn_repo_source_classifier.mdx +++ b/api_docs/kbn_repo_source_classifier.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-source-classifier title: "@kbn/repo-source-classifier" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-source-classifier plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-source-classifier'] --- import kbnRepoSourceClassifierObj from './kbn_repo_source_classifier.devdocs.json'; diff --git a/api_docs/kbn_reporting_common.mdx b/api_docs/kbn_reporting_common.mdx index 1945bb42bb9961..bd31938fc50b27 100644 --- a/api_docs/kbn_reporting_common.mdx +++ b/api_docs/kbn_reporting_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-common title: "@kbn/reporting-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-common'] --- import kbnReportingCommonObj from './kbn_reporting_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv.mdx b/api_docs/kbn_reporting_export_types_csv.mdx index f64d7a52b7c1f3..4ec8465eb1a716 100644 --- a/api_docs/kbn_reporting_export_types_csv.mdx +++ b/api_docs/kbn_reporting_export_types_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv title: "@kbn/reporting-export-types-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv'] --- import kbnReportingExportTypesCsvObj from './kbn_reporting_export_types_csv.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv_common.mdx b/api_docs/kbn_reporting_export_types_csv_common.mdx index 58b0f5727afcb0..13af8078f5af55 100644 --- a/api_docs/kbn_reporting_export_types_csv_common.mdx +++ b/api_docs/kbn_reporting_export_types_csv_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv-common title: "@kbn/reporting-export-types-csv-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv-common'] --- import kbnReportingExportTypesCsvCommonObj from './kbn_reporting_export_types_csv_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf.mdx b/api_docs/kbn_reporting_export_types_pdf.mdx index d7b6516a641d6b..8c0c8851048c0b 100644 --- a/api_docs/kbn_reporting_export_types_pdf.mdx +++ b/api_docs/kbn_reporting_export_types_pdf.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf title: "@kbn/reporting-export-types-pdf" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf'] --- import kbnReportingExportTypesPdfObj from './kbn_reporting_export_types_pdf.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf_common.mdx b/api_docs/kbn_reporting_export_types_pdf_common.mdx index bba796202fedf2..5e8aedd41972a4 100644 --- a/api_docs/kbn_reporting_export_types_pdf_common.mdx +++ b/api_docs/kbn_reporting_export_types_pdf_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf-common title: "@kbn/reporting-export-types-pdf-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf-common'] --- import kbnReportingExportTypesPdfCommonObj from './kbn_reporting_export_types_pdf_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png.mdx b/api_docs/kbn_reporting_export_types_png.mdx index ff7eeb447e82a7..ab823856b9e5dc 100644 --- a/api_docs/kbn_reporting_export_types_png.mdx +++ b/api_docs/kbn_reporting_export_types_png.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png title: "@kbn/reporting-export-types-png" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png'] --- import kbnReportingExportTypesPngObj from './kbn_reporting_export_types_png.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png_common.mdx b/api_docs/kbn_reporting_export_types_png_common.mdx index 6bb4fc802bab7d..1e47c43bd02c29 100644 --- a/api_docs/kbn_reporting_export_types_png_common.mdx +++ b/api_docs/kbn_reporting_export_types_png_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png-common title: "@kbn/reporting-export-types-png-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png-common plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png-common'] --- import kbnReportingExportTypesPngCommonObj from './kbn_reporting_export_types_png_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_mocks_server.mdx b/api_docs/kbn_reporting_mocks_server.mdx index 3fccf66f2c5ab9..7efa8bd0e37910 100644 --- a/api_docs/kbn_reporting_mocks_server.mdx +++ b/api_docs/kbn_reporting_mocks_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-mocks-server title: "@kbn/reporting-mocks-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-mocks-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-mocks-server'] --- import kbnReportingMocksServerObj from './kbn_reporting_mocks_server.devdocs.json'; diff --git a/api_docs/kbn_reporting_public.mdx b/api_docs/kbn_reporting_public.mdx index 3cff1a40af9478..cc5685246d8c0a 100644 --- a/api_docs/kbn_reporting_public.mdx +++ b/api_docs/kbn_reporting_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-public title: "@kbn/reporting-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-public plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-public'] --- import kbnReportingPublicObj from './kbn_reporting_public.devdocs.json'; diff --git a/api_docs/kbn_reporting_server.mdx b/api_docs/kbn_reporting_server.mdx index 81112abbcf50c8..53127310cf9971 100644 --- a/api_docs/kbn_reporting_server.mdx +++ b/api_docs/kbn_reporting_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-server title: "@kbn/reporting-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-server plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-server'] --- import kbnReportingServerObj from './kbn_reporting_server.devdocs.json'; diff --git a/api_docs/kbn_resizable_layout.mdx b/api_docs/kbn_resizable_layout.mdx index dce63f8d3e5c32..7f4c0213c2c391 100644 --- a/api_docs/kbn_resizable_layout.mdx +++ b/api_docs/kbn_resizable_layout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-resizable-layout title: "@kbn/resizable-layout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/resizable-layout plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/resizable-layout'] --- import kbnResizableLayoutObj from './kbn_resizable_layout.devdocs.json'; diff --git a/api_docs/kbn_rison.mdx b/api_docs/kbn_rison.mdx index 5e7a54903e5675..7e6fea8f1c1892 100644 --- a/api_docs/kbn_rison.mdx +++ b/api_docs/kbn_rison.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rison title: "@kbn/rison" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rison plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rison'] --- import kbnRisonObj from './kbn_rison.devdocs.json'; diff --git a/api_docs/kbn_rrule.mdx b/api_docs/kbn_rrule.mdx index e16a02b56a146e..4c5ad7bc8637b1 100644 --- a/api_docs/kbn_rrule.mdx +++ b/api_docs/kbn_rrule.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rrule title: "@kbn/rrule" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rrule plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rrule'] --- import kbnRruleObj from './kbn_rrule.devdocs.json'; diff --git a/api_docs/kbn_rule_data_utils.mdx b/api_docs/kbn_rule_data_utils.mdx index e91e7911d0a0a9..468c67967ce83e 100644 --- a/api_docs/kbn_rule_data_utils.mdx +++ b/api_docs/kbn_rule_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rule-data-utils title: "@kbn/rule-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rule-data-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rule-data-utils'] --- import kbnRuleDataUtilsObj from './kbn_rule_data_utils.devdocs.json'; diff --git a/api_docs/kbn_saved_objects_settings.mdx b/api_docs/kbn_saved_objects_settings.mdx index f2cc0e2e21ebb6..930579816d6585 100644 --- a/api_docs/kbn_saved_objects_settings.mdx +++ b/api_docs/kbn_saved_objects_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-saved-objects-settings title: "@kbn/saved-objects-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/saved-objects-settings plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/saved-objects-settings'] --- import kbnSavedObjectsSettingsObj from './kbn_saved_objects_settings.devdocs.json'; diff --git a/api_docs/kbn_search_api_panels.mdx b/api_docs/kbn_search_api_panels.mdx index f39f0eaa16ea5f..985b62362071be 100644 --- a/api_docs/kbn_search_api_panels.mdx +++ b/api_docs/kbn_search_api_panels.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-panels title: "@kbn/search-api-panels" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-api-panels plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-panels'] --- import kbnSearchApiPanelsObj from './kbn_search_api_panels.devdocs.json'; diff --git a/api_docs/kbn_search_connectors.mdx b/api_docs/kbn_search_connectors.mdx index d27360310fe644..24f1c1909efcc0 100644 --- a/api_docs/kbn_search_connectors.mdx +++ b/api_docs/kbn_search_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-connectors title: "@kbn/search-connectors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-connectors plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-connectors'] --- import kbnSearchConnectorsObj from './kbn_search_connectors.devdocs.json'; diff --git a/api_docs/kbn_search_response_warnings.mdx b/api_docs/kbn_search_response_warnings.mdx index 108d62860e0047..f87a2cb615af5e 100644 --- a/api_docs/kbn_search_response_warnings.mdx +++ b/api_docs/kbn_search_response_warnings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-response-warnings title: "@kbn/search-response-warnings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-response-warnings plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-response-warnings'] --- import kbnSearchResponseWarningsObj from './kbn_search_response_warnings.devdocs.json'; diff --git a/api_docs/kbn_security_solution_features.mdx b/api_docs/kbn_security_solution_features.mdx index 6383494f242029..44bcf2e3c72135 100644 --- a/api_docs/kbn_security_solution_features.mdx +++ b/api_docs/kbn_security_solution_features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-features title: "@kbn/security-solution-features" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-features plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-features'] --- import kbnSecuritySolutionFeaturesObj from './kbn_security_solution_features.devdocs.json'; diff --git a/api_docs/kbn_security_solution_navigation.mdx b/api_docs/kbn_security_solution_navigation.mdx index 5166a693d9dc43..ad8a5390022e28 100644 --- a/api_docs/kbn_security_solution_navigation.mdx +++ b/api_docs/kbn_security_solution_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-navigation title: "@kbn/security-solution-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-navigation plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-navigation'] --- import kbnSecuritySolutionNavigationObj from './kbn_security_solution_navigation.devdocs.json'; diff --git a/api_docs/kbn_security_solution_side_nav.mdx b/api_docs/kbn_security_solution_side_nav.mdx index 79f604c8f6dbe5..dcd439b7285512 100644 --- a/api_docs/kbn_security_solution_side_nav.mdx +++ b/api_docs/kbn_security_solution_side_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-side-nav title: "@kbn/security-solution-side-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-side-nav plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-side-nav'] --- import kbnSecuritySolutionSideNavObj from './kbn_security_solution_side_nav.devdocs.json'; diff --git a/api_docs/kbn_security_solution_storybook_config.mdx b/api_docs/kbn_security_solution_storybook_config.mdx index 503de2ba0297d8..1c90ef6ef1f5cf 100644 --- a/api_docs/kbn_security_solution_storybook_config.mdx +++ b/api_docs/kbn_security_solution_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-storybook-config title: "@kbn/security-solution-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-storybook-config plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-storybook-config'] --- import kbnSecuritySolutionStorybookConfigObj from './kbn_security_solution_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_autocomplete.mdx b/api_docs/kbn_securitysolution_autocomplete.mdx index c425308c91058a..9da8887a096df3 100644 --- a/api_docs/kbn_securitysolution_autocomplete.mdx +++ b/api_docs/kbn_securitysolution_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-autocomplete title: "@kbn/securitysolution-autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-autocomplete plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-autocomplete'] --- import kbnSecuritysolutionAutocompleteObj from './kbn_securitysolution_autocomplete.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_data_table.mdx b/api_docs/kbn_securitysolution_data_table.mdx index f28dbfc8b97dc0..e7ea75549ee484 100644 --- a/api_docs/kbn_securitysolution_data_table.mdx +++ b/api_docs/kbn_securitysolution_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-data-table title: "@kbn/securitysolution-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-data-table plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-data-table'] --- import kbnSecuritysolutionDataTableObj from './kbn_securitysolution_data_table.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_ecs.mdx b/api_docs/kbn_securitysolution_ecs.mdx index b48b058c0b8254..9b2b7c58cde22c 100644 --- a/api_docs/kbn_securitysolution_ecs.mdx +++ b/api_docs/kbn_securitysolution_ecs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-ecs title: "@kbn/securitysolution-ecs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-ecs plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-ecs'] --- import kbnSecuritysolutionEcsObj from './kbn_securitysolution_ecs.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_es_utils.mdx b/api_docs/kbn_securitysolution_es_utils.mdx index 13ab264ef2d75e..afb4c599cbd331 100644 --- a/api_docs/kbn_securitysolution_es_utils.mdx +++ b/api_docs/kbn_securitysolution_es_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-es-utils title: "@kbn/securitysolution-es-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-es-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-es-utils'] --- import kbnSecuritysolutionEsUtilsObj from './kbn_securitysolution_es_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_exception_list_components.mdx b/api_docs/kbn_securitysolution_exception_list_components.mdx index 97fcdc6481e831..0ddc8aa14343f5 100644 --- a/api_docs/kbn_securitysolution_exception_list_components.mdx +++ b/api_docs/kbn_securitysolution_exception_list_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-exception-list-components title: "@kbn/securitysolution-exception-list-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-exception-list-components plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-exception-list-components'] --- import kbnSecuritysolutionExceptionListComponentsObj from './kbn_securitysolution_exception_list_components.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_grouping.mdx b/api_docs/kbn_securitysolution_grouping.mdx index 341a4c0723609d..8550f363fe228f 100644 --- a/api_docs/kbn_securitysolution_grouping.mdx +++ b/api_docs/kbn_securitysolution_grouping.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-grouping title: "@kbn/securitysolution-grouping" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-grouping plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-grouping'] --- import kbnSecuritysolutionGroupingObj from './kbn_securitysolution_grouping.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_hook_utils.mdx b/api_docs/kbn_securitysolution_hook_utils.mdx index 65163c71c87be3..4da7a082bf9c3d 100644 --- a/api_docs/kbn_securitysolution_hook_utils.mdx +++ b/api_docs/kbn_securitysolution_hook_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-hook-utils title: "@kbn/securitysolution-hook-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-hook-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-hook-utils'] --- import kbnSecuritysolutionHookUtilsObj from './kbn_securitysolution_hook_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx index 22d4c1f38baabd..d454a89e70d85e 100644 --- a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-alerting-types title: "@kbn/securitysolution-io-ts-alerting-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-alerting-types plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-alerting-types'] --- import kbnSecuritysolutionIoTsAlertingTypesObj from './kbn_securitysolution_io_ts_alerting_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_list_types.mdx b/api_docs/kbn_securitysolution_io_ts_list_types.mdx index dd413403d45b44..ceef74614e7f60 100644 --- a/api_docs/kbn_securitysolution_io_ts_list_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_list_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-list-types title: "@kbn/securitysolution-io-ts-list-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-list-types plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-list-types'] --- import kbnSecuritysolutionIoTsListTypesObj from './kbn_securitysolution_io_ts_list_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_types.mdx b/api_docs/kbn_securitysolution_io_ts_types.mdx index b91247199d7c5c..01a9adc1acf566 100644 --- a/api_docs/kbn_securitysolution_io_ts_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-types title: "@kbn/securitysolution-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-types plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-types'] --- import kbnSecuritysolutionIoTsTypesObj from './kbn_securitysolution_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_utils.mdx b/api_docs/kbn_securitysolution_io_ts_utils.mdx index ac59698afcc0e2..f0981d3a9212d7 100644 --- a/api_docs/kbn_securitysolution_io_ts_utils.mdx +++ b/api_docs/kbn_securitysolution_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-utils title: "@kbn/securitysolution-io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-utils'] --- import kbnSecuritysolutionIoTsUtilsObj from './kbn_securitysolution_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_api.mdx b/api_docs/kbn_securitysolution_list_api.mdx index 07aa091f750f14..36f572d4bc4777 100644 --- a/api_docs/kbn_securitysolution_list_api.mdx +++ b/api_docs/kbn_securitysolution_list_api.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-api title: "@kbn/securitysolution-list-api" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-api plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-api'] --- import kbnSecuritysolutionListApiObj from './kbn_securitysolution_list_api.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_constants.mdx b/api_docs/kbn_securitysolution_list_constants.mdx index e112792cd82303..00049806daf0da 100644 --- a/api_docs/kbn_securitysolution_list_constants.mdx +++ b/api_docs/kbn_securitysolution_list_constants.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-constants title: "@kbn/securitysolution-list-constants" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-constants plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-constants'] --- import kbnSecuritysolutionListConstantsObj from './kbn_securitysolution_list_constants.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_hooks.mdx b/api_docs/kbn_securitysolution_list_hooks.mdx index f4936f013f7a26..9e714b18523500 100644 --- a/api_docs/kbn_securitysolution_list_hooks.mdx +++ b/api_docs/kbn_securitysolution_list_hooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-hooks title: "@kbn/securitysolution-list-hooks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-hooks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-hooks'] --- import kbnSecuritysolutionListHooksObj from './kbn_securitysolution_list_hooks.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_utils.mdx b/api_docs/kbn_securitysolution_list_utils.mdx index bab08ecc17f488..1d89917256ea98 100644 --- a/api_docs/kbn_securitysolution_list_utils.mdx +++ b/api_docs/kbn_securitysolution_list_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-utils title: "@kbn/securitysolution-list-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-utils'] --- import kbnSecuritysolutionListUtilsObj from './kbn_securitysolution_list_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_rules.mdx b/api_docs/kbn_securitysolution_rules.mdx index 39e6d8edaa1511..c2649d95a964ce 100644 --- a/api_docs/kbn_securitysolution_rules.mdx +++ b/api_docs/kbn_securitysolution_rules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-rules title: "@kbn/securitysolution-rules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-rules plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-rules'] --- import kbnSecuritysolutionRulesObj from './kbn_securitysolution_rules.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_t_grid.mdx b/api_docs/kbn_securitysolution_t_grid.mdx index dde606c2c90205..a9333f01a83093 100644 --- a/api_docs/kbn_securitysolution_t_grid.mdx +++ b/api_docs/kbn_securitysolution_t_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-t-grid title: "@kbn/securitysolution-t-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-t-grid plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-t-grid'] --- import kbnSecuritysolutionTGridObj from './kbn_securitysolution_t_grid.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_utils.mdx b/api_docs/kbn_securitysolution_utils.mdx index 5c20a029f908d0..315665ac905410 100644 --- a/api_docs/kbn_securitysolution_utils.mdx +++ b/api_docs/kbn_securitysolution_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-utils title: "@kbn/securitysolution-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-utils'] --- import kbnSecuritysolutionUtilsObj from './kbn_securitysolution_utils.devdocs.json'; diff --git a/api_docs/kbn_server_http_tools.mdx b/api_docs/kbn_server_http_tools.mdx index d77278df772514..8ebf8129ead4c9 100644 --- a/api_docs/kbn_server_http_tools.mdx +++ b/api_docs/kbn_server_http_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-http-tools title: "@kbn/server-http-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-http-tools plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-http-tools'] --- import kbnServerHttpToolsObj from './kbn_server_http_tools.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository.mdx b/api_docs/kbn_server_route_repository.mdx index c6eb315e59a054..572897df0e4c95 100644 --- a/api_docs/kbn_server_route_repository.mdx +++ b/api_docs/kbn_server_route_repository.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository title: "@kbn/server-route-repository" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository'] --- import kbnServerRouteRepositoryObj from './kbn_server_route_repository.devdocs.json'; diff --git a/api_docs/kbn_serverless_common_settings.mdx b/api_docs/kbn_serverless_common_settings.mdx index 71bd5a34b3771c..b4993205dc039d 100644 --- a/api_docs/kbn_serverless_common_settings.mdx +++ b/api_docs/kbn_serverless_common_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-common-settings title: "@kbn/serverless-common-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-common-settings plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-common-settings'] --- import kbnServerlessCommonSettingsObj from './kbn_serverless_common_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_observability_settings.mdx b/api_docs/kbn_serverless_observability_settings.mdx index 077249f5781abc..d83199ba1a4d2d 100644 --- a/api_docs/kbn_serverless_observability_settings.mdx +++ b/api_docs/kbn_serverless_observability_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-observability-settings title: "@kbn/serverless-observability-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-observability-settings plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-observability-settings'] --- import kbnServerlessObservabilitySettingsObj from './kbn_serverless_observability_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_project_switcher.mdx b/api_docs/kbn_serverless_project_switcher.mdx index 0a57ea5465b627..cf0f23471f868b 100644 --- a/api_docs/kbn_serverless_project_switcher.mdx +++ b/api_docs/kbn_serverless_project_switcher.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-project-switcher title: "@kbn/serverless-project-switcher" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-project-switcher plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-project-switcher'] --- import kbnServerlessProjectSwitcherObj from './kbn_serverless_project_switcher.devdocs.json'; diff --git a/api_docs/kbn_serverless_search_settings.mdx b/api_docs/kbn_serverless_search_settings.mdx index 7ef6f41d68135c..78d35f9df96928 100644 --- a/api_docs/kbn_serverless_search_settings.mdx +++ b/api_docs/kbn_serverless_search_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-search-settings title: "@kbn/serverless-search-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-search-settings plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-search-settings'] --- import kbnServerlessSearchSettingsObj from './kbn_serverless_search_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_security_settings.mdx b/api_docs/kbn_serverless_security_settings.mdx index 702cc3e752bef0..4c28b967851926 100644 --- a/api_docs/kbn_serverless_security_settings.mdx +++ b/api_docs/kbn_serverless_security_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-security-settings title: "@kbn/serverless-security-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-security-settings plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-security-settings'] --- import kbnServerlessSecuritySettingsObj from './kbn_serverless_security_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_storybook_config.mdx b/api_docs/kbn_serverless_storybook_config.mdx index 4d77efff4504d3..ccc464bbb29ca0 100644 --- a/api_docs/kbn_serverless_storybook_config.mdx +++ b/api_docs/kbn_serverless_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-storybook-config title: "@kbn/serverless-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-storybook-config plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-storybook-config'] --- import kbnServerlessStorybookConfigObj from './kbn_serverless_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_svg.mdx b/api_docs/kbn_shared_svg.mdx index a9795587045a43..f39e950bb881dc 100644 --- a/api_docs/kbn_shared_svg.mdx +++ b/api_docs/kbn_shared_svg.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-svg title: "@kbn/shared-svg" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-svg plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-svg'] --- import kbnSharedSvgObj from './kbn_shared_svg.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_avatar_solution.mdx b/api_docs/kbn_shared_ux_avatar_solution.mdx index d28e6c7d1393ec..044babbc061fee 100644 --- a/api_docs/kbn_shared_ux_avatar_solution.mdx +++ b/api_docs/kbn_shared_ux_avatar_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-avatar-solution title: "@kbn/shared-ux-avatar-solution" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-avatar-solution plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-avatar-solution'] --- import kbnSharedUxAvatarSolutionObj from './kbn_shared_ux_avatar_solution.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx index 306eba3e85d3a2..e1c0809aaa7d6f 100644 --- a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx +++ b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-exit-full-screen title: "@kbn/shared-ux-button-exit-full-screen" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-exit-full-screen plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-exit-full-screen'] --- import kbnSharedUxButtonExitFullScreenObj from './kbn_shared_ux_button_exit_full_screen.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_toolbar.mdx b/api_docs/kbn_shared_ux_button_toolbar.mdx index d71d9bcb3107e7..44e04bb592dd28 100644 --- a/api_docs/kbn_shared_ux_button_toolbar.mdx +++ b/api_docs/kbn_shared_ux_button_toolbar.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-toolbar title: "@kbn/shared-ux-button-toolbar" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-toolbar plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-toolbar'] --- import kbnSharedUxButtonToolbarObj from './kbn_shared_ux_button_toolbar.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data.mdx b/api_docs/kbn_shared_ux_card_no_data.mdx index e4be7a54f41e3a..f5a7ce28fcf1b2 100644 --- a/api_docs/kbn_shared_ux_card_no_data.mdx +++ b/api_docs/kbn_shared_ux_card_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data title: "@kbn/shared-ux-card-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data'] --- import kbnSharedUxCardNoDataObj from './kbn_shared_ux_card_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx index 173a9a006010c8..5b28cc95d6e2b8 100644 --- a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data-mocks title: "@kbn/shared-ux-card-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data-mocks'] --- import kbnSharedUxCardNoDataMocksObj from './kbn_shared_ux_card_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_chrome_navigation.mdx b/api_docs/kbn_shared_ux_chrome_navigation.mdx index 005d42eff160b2..5d07ffe90bcf3f 100644 --- a/api_docs/kbn_shared_ux_chrome_navigation.mdx +++ b/api_docs/kbn_shared_ux_chrome_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-chrome-navigation title: "@kbn/shared-ux-chrome-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-chrome-navigation plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-chrome-navigation'] --- import kbnSharedUxChromeNavigationObj from './kbn_shared_ux_chrome_navigation.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_error_boundary.mdx b/api_docs/kbn_shared_ux_error_boundary.mdx index 8e76d3f3dfdbf8..9cb4bb95c3ee05 100644 --- a/api_docs/kbn_shared_ux_error_boundary.mdx +++ b/api_docs/kbn_shared_ux_error_boundary.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-error-boundary title: "@kbn/shared-ux-error-boundary" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-error-boundary plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-error-boundary'] --- import kbnSharedUxErrorBoundaryObj from './kbn_shared_ux_error_boundary.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_context.mdx b/api_docs/kbn_shared_ux_file_context.mdx index 2a8d1e0f178b3e..48cde294cc5986 100644 --- a/api_docs/kbn_shared_ux_file_context.mdx +++ b/api_docs/kbn_shared_ux_file_context.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-context title: "@kbn/shared-ux-file-context" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-context plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-context'] --- import kbnSharedUxFileContextObj from './kbn_shared_ux_file_context.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image.mdx b/api_docs/kbn_shared_ux_file_image.mdx index dab3c73e2adc22..5ebbe3a3a2e458 100644 --- a/api_docs/kbn_shared_ux_file_image.mdx +++ b/api_docs/kbn_shared_ux_file_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image title: "@kbn/shared-ux-file-image" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image'] --- import kbnSharedUxFileImageObj from './kbn_shared_ux_file_image.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image_mocks.mdx b/api_docs/kbn_shared_ux_file_image_mocks.mdx index a68f16a663fe1b..ebf709b516c0db 100644 --- a/api_docs/kbn_shared_ux_file_image_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_image_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image-mocks title: "@kbn/shared-ux-file-image-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image-mocks'] --- import kbnSharedUxFileImageMocksObj from './kbn_shared_ux_file_image_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_mocks.mdx b/api_docs/kbn_shared_ux_file_mocks.mdx index 40757b0e653d01..f4d07e35c15b4c 100644 --- a/api_docs/kbn_shared_ux_file_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-mocks title: "@kbn/shared-ux-file-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-mocks'] --- import kbnSharedUxFileMocksObj from './kbn_shared_ux_file_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_picker.mdx b/api_docs/kbn_shared_ux_file_picker.mdx index cfb8052084cb80..4f5c6b375d507f 100644 --- a/api_docs/kbn_shared_ux_file_picker.mdx +++ b/api_docs/kbn_shared_ux_file_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-picker title: "@kbn/shared-ux-file-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-picker plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-picker'] --- import kbnSharedUxFilePickerObj from './kbn_shared_ux_file_picker.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_types.mdx b/api_docs/kbn_shared_ux_file_types.mdx index 8aefae217ea7b0..482d2c34d828ec 100644 --- a/api_docs/kbn_shared_ux_file_types.mdx +++ b/api_docs/kbn_shared_ux_file_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-types title: "@kbn/shared-ux-file-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-types plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-types'] --- import kbnSharedUxFileTypesObj from './kbn_shared_ux_file_types.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_upload.mdx b/api_docs/kbn_shared_ux_file_upload.mdx index 9efdd47b3c3935..1bb6f2fe5a0299 100644 --- a/api_docs/kbn_shared_ux_file_upload.mdx +++ b/api_docs/kbn_shared_ux_file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-upload title: "@kbn/shared-ux-file-upload" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-upload plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-upload'] --- import kbnSharedUxFileUploadObj from './kbn_shared_ux_file_upload.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_util.mdx b/api_docs/kbn_shared_ux_file_util.mdx index 7a80792a66949f..c5d4aa744aff65 100644 --- a/api_docs/kbn_shared_ux_file_util.mdx +++ b/api_docs/kbn_shared_ux_file_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-util title: "@kbn/shared-ux-file-util" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-util plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-util'] --- import kbnSharedUxFileUtilObj from './kbn_shared_ux_file_util.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app.mdx b/api_docs/kbn_shared_ux_link_redirect_app.mdx index 92ed2d2ca18b40..33898faff6450d 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app title: "@kbn/shared-ux-link-redirect-app" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app'] --- import kbnSharedUxLinkRedirectAppObj from './kbn_shared_ux_link_redirect_app.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx index eed013888cb07b..b3929fd1d94a90 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app-mocks title: "@kbn/shared-ux-link-redirect-app-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app-mocks'] --- import kbnSharedUxLinkRedirectAppMocksObj from './kbn_shared_ux_link_redirect_app_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown.mdx b/api_docs/kbn_shared_ux_markdown.mdx index 59624d87fde61d..8c6c28af8793aa 100644 --- a/api_docs/kbn_shared_ux_markdown.mdx +++ b/api_docs/kbn_shared_ux_markdown.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown title: "@kbn/shared-ux-markdown" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown'] --- import kbnSharedUxMarkdownObj from './kbn_shared_ux_markdown.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown_mocks.mdx b/api_docs/kbn_shared_ux_markdown_mocks.mdx index 630748863d624c..dae4a7a431af82 100644 --- a/api_docs/kbn_shared_ux_markdown_mocks.mdx +++ b/api_docs/kbn_shared_ux_markdown_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown-mocks title: "@kbn/shared-ux-markdown-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown-mocks'] --- import kbnSharedUxMarkdownMocksObj from './kbn_shared_ux_markdown_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx index d3fa09d279fe60..69f1a53e997733 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data title: "@kbn/shared-ux-page-analytics-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data'] --- import kbnSharedUxPageAnalyticsNoDataObj from './kbn_shared_ux_page_analytics_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx index a4930b7abb3a8e..9565f422810d8d 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data-mocks title: "@kbn/shared-ux-page-analytics-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data-mocks'] --- import kbnSharedUxPageAnalyticsNoDataMocksObj from './kbn_shared_ux_page_analytics_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx index 8409ac2e0a0fa5..2612e20256c197 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data title: "@kbn/shared-ux-page-kibana-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data'] --- import kbnSharedUxPageKibanaNoDataObj from './kbn_shared_ux_page_kibana_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx index 906772d9b71e2c..01c42b69b0959c 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data-mocks title: "@kbn/shared-ux-page-kibana-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data-mocks'] --- import kbnSharedUxPageKibanaNoDataMocksObj from './kbn_shared_ux_page_kibana_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template.mdx b/api_docs/kbn_shared_ux_page_kibana_template.mdx index 8e736f8116cd6c..6286732801e10e 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template title: "@kbn/shared-ux-page-kibana-template" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template'] --- import kbnSharedUxPageKibanaTemplateObj from './kbn_shared_ux_page_kibana_template.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx index 22da3c5651f054..e90b7cb6e700a7 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template-mocks title: "@kbn/shared-ux-page-kibana-template-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template-mocks'] --- import kbnSharedUxPageKibanaTemplateMocksObj from './kbn_shared_ux_page_kibana_template_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data.mdx b/api_docs/kbn_shared_ux_page_no_data.mdx index a1c2a6a062620f..7a6ea0b4710acc 100644 --- a/api_docs/kbn_shared_ux_page_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data title: "@kbn/shared-ux-page-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data'] --- import kbnSharedUxPageNoDataObj from './kbn_shared_ux_page_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config.mdx b/api_docs/kbn_shared_ux_page_no_data_config.mdx index 330d50e8d736ac..fac085487858de 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config title: "@kbn/shared-ux-page-no-data-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config'] --- import kbnSharedUxPageNoDataConfigObj from './kbn_shared_ux_page_no_data_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx index 9564bf9190bb25..c5ee65582d264d 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config-mocks title: "@kbn/shared-ux-page-no-data-config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config-mocks'] --- import kbnSharedUxPageNoDataConfigMocksObj from './kbn_shared_ux_page_no_data_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx index b745305f3074c5..28e34a5504d254 100644 --- a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-mocks title: "@kbn/shared-ux-page-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-mocks'] --- import kbnSharedUxPageNoDataMocksObj from './kbn_shared_ux_page_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_solution_nav.mdx b/api_docs/kbn_shared_ux_page_solution_nav.mdx index 655966d9427292..38fe94ee77ae27 100644 --- a/api_docs/kbn_shared_ux_page_solution_nav.mdx +++ b/api_docs/kbn_shared_ux_page_solution_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-solution-nav title: "@kbn/shared-ux-page-solution-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-solution-nav plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-solution-nav'] --- import kbnSharedUxPageSolutionNavObj from './kbn_shared_ux_page_solution_nav.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx index 5615e1cacfa68c..ebf52258593cc3 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views title: "@kbn/shared-ux-prompt-no-data-views" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views'] --- import kbnSharedUxPromptNoDataViewsObj from './kbn_shared_ux_prompt_no_data_views.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx index 34c23bb26bcfbb..af53fa0f9cb159 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views-mocks title: "@kbn/shared-ux-prompt-no-data-views-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views-mocks'] --- import kbnSharedUxPromptNoDataViewsMocksObj from './kbn_shared_ux_prompt_no_data_views_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_not_found.mdx b/api_docs/kbn_shared_ux_prompt_not_found.mdx index bfe48076240074..f88cf7ca6300dd 100644 --- a/api_docs/kbn_shared_ux_prompt_not_found.mdx +++ b/api_docs/kbn_shared_ux_prompt_not_found.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-not-found title: "@kbn/shared-ux-prompt-not-found" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-not-found plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-not-found'] --- import kbnSharedUxPromptNotFoundObj from './kbn_shared_ux_prompt_not_found.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router.mdx b/api_docs/kbn_shared_ux_router.mdx index 3596a552630d37..9bbb77007d7e72 100644 --- a/api_docs/kbn_shared_ux_router.mdx +++ b/api_docs/kbn_shared_ux_router.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router title: "@kbn/shared-ux-router" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router'] --- import kbnSharedUxRouterObj from './kbn_shared_ux_router.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router_mocks.mdx b/api_docs/kbn_shared_ux_router_mocks.mdx index c6ef7549138c43..432e103cf09b8a 100644 --- a/api_docs/kbn_shared_ux_router_mocks.mdx +++ b/api_docs/kbn_shared_ux_router_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router-mocks title: "@kbn/shared-ux-router-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router-mocks plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router-mocks'] --- import kbnSharedUxRouterMocksObj from './kbn_shared_ux_router_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_config.mdx b/api_docs/kbn_shared_ux_storybook_config.mdx index 2601645d2fee0a..4b5d1525d6b7b0 100644 --- a/api_docs/kbn_shared_ux_storybook_config.mdx +++ b/api_docs/kbn_shared_ux_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-config title: "@kbn/shared-ux-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-config plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-config'] --- import kbnSharedUxStorybookConfigObj from './kbn_shared_ux_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_mock.mdx b/api_docs/kbn_shared_ux_storybook_mock.mdx index 0bdde4dcc12355..feba597cc96dd6 100644 --- a/api_docs/kbn_shared_ux_storybook_mock.mdx +++ b/api_docs/kbn_shared_ux_storybook_mock.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-mock title: "@kbn/shared-ux-storybook-mock" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-mock plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-mock'] --- import kbnSharedUxStorybookMockObj from './kbn_shared_ux_storybook_mock.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_utility.mdx b/api_docs/kbn_shared_ux_utility.mdx index 1d62af94bad1af..33a3c406786f43 100644 --- a/api_docs/kbn_shared_ux_utility.mdx +++ b/api_docs/kbn_shared_ux_utility.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-utility title: "@kbn/shared-ux-utility" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-utility plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-utility'] --- import kbnSharedUxUtilityObj from './kbn_shared_ux_utility.devdocs.json'; diff --git a/api_docs/kbn_slo_schema.mdx b/api_docs/kbn_slo_schema.mdx index 8c0bc12623adf2..30f7bc3efe5882 100644 --- a/api_docs/kbn_slo_schema.mdx +++ b/api_docs/kbn_slo_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-slo-schema title: "@kbn/slo-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/slo-schema plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/slo-schema'] --- import kbnSloSchemaObj from './kbn_slo_schema.devdocs.json'; diff --git a/api_docs/kbn_some_dev_log.mdx b/api_docs/kbn_some_dev_log.mdx index 22e00965205cef..ba0a18d3720489 100644 --- a/api_docs/kbn_some_dev_log.mdx +++ b/api_docs/kbn_some_dev_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-some-dev-log title: "@kbn/some-dev-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/some-dev-log plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/some-dev-log'] --- import kbnSomeDevLogObj from './kbn_some_dev_log.devdocs.json'; diff --git a/api_docs/kbn_std.mdx b/api_docs/kbn_std.mdx index cc500bab1058b2..f9d1c61dd66dbb 100644 --- a/api_docs/kbn_std.mdx +++ b/api_docs/kbn_std.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-std title: "@kbn/std" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/std plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/std'] --- import kbnStdObj from './kbn_std.devdocs.json'; diff --git a/api_docs/kbn_stdio_dev_helpers.mdx b/api_docs/kbn_stdio_dev_helpers.mdx index b77cbff0f25369..45e0e1f4abdc7a 100644 --- a/api_docs/kbn_stdio_dev_helpers.mdx +++ b/api_docs/kbn_stdio_dev_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-stdio-dev-helpers title: "@kbn/stdio-dev-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/stdio-dev-helpers plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/stdio-dev-helpers'] --- import kbnStdioDevHelpersObj from './kbn_stdio_dev_helpers.devdocs.json'; diff --git a/api_docs/kbn_storybook.mdx b/api_docs/kbn_storybook.mdx index 96695e7c309c49..9798e5c54454c2 100644 --- a/api_docs/kbn_storybook.mdx +++ b/api_docs/kbn_storybook.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-storybook title: "@kbn/storybook" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/storybook plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/storybook'] --- import kbnStorybookObj from './kbn_storybook.devdocs.json'; diff --git a/api_docs/kbn_subscription_tracking.mdx b/api_docs/kbn_subscription_tracking.mdx index 83406d2ad24c05..9273dfdfa1a6db 100644 --- a/api_docs/kbn_subscription_tracking.mdx +++ b/api_docs/kbn_subscription_tracking.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-subscription-tracking title: "@kbn/subscription-tracking" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/subscription-tracking plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/subscription-tracking'] --- import kbnSubscriptionTrackingObj from './kbn_subscription_tracking.devdocs.json'; diff --git a/api_docs/kbn_telemetry_tools.mdx b/api_docs/kbn_telemetry_tools.mdx index 00d271549b4472..35cc27ca79e453 100644 --- a/api_docs/kbn_telemetry_tools.mdx +++ b/api_docs/kbn_telemetry_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-telemetry-tools title: "@kbn/telemetry-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/telemetry-tools plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/telemetry-tools'] --- import kbnTelemetryToolsObj from './kbn_telemetry_tools.devdocs.json'; diff --git a/api_docs/kbn_test.mdx b/api_docs/kbn_test.mdx index 94a5f0eb912620..782ec763571eaa 100644 --- a/api_docs/kbn_test.mdx +++ b/api_docs/kbn_test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test title: "@kbn/test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test'] --- import kbnTestObj from './kbn_test.devdocs.json'; diff --git a/api_docs/kbn_test_jest_helpers.mdx b/api_docs/kbn_test_jest_helpers.mdx index a6d112f6c80fe4..3dd1da7d64aaa9 100644 --- a/api_docs/kbn_test_jest_helpers.mdx +++ b/api_docs/kbn_test_jest_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-jest-helpers title: "@kbn/test-jest-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-jest-helpers plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-jest-helpers'] --- import kbnTestJestHelpersObj from './kbn_test_jest_helpers.devdocs.json'; diff --git a/api_docs/kbn_test_subj_selector.mdx b/api_docs/kbn_test_subj_selector.mdx index 58c007f855cdb8..f63211ae1df14a 100644 --- a/api_docs/kbn_test_subj_selector.mdx +++ b/api_docs/kbn_test_subj_selector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-subj-selector title: "@kbn/test-subj-selector" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-subj-selector plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-subj-selector'] --- import kbnTestSubjSelectorObj from './kbn_test_subj_selector.devdocs.json'; diff --git a/api_docs/kbn_text_based_editor.mdx b/api_docs/kbn_text_based_editor.mdx index f81914c4d777b4..1d29acdde4aff2 100644 --- a/api_docs/kbn_text_based_editor.mdx +++ b/api_docs/kbn_text_based_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-text-based-editor title: "@kbn/text-based-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/text-based-editor plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/text-based-editor'] --- import kbnTextBasedEditorObj from './kbn_text_based_editor.devdocs.json'; diff --git a/api_docs/kbn_tooling_log.mdx b/api_docs/kbn_tooling_log.mdx index 4cb58a9db36687..da958cebd845dc 100644 --- a/api_docs/kbn_tooling_log.mdx +++ b/api_docs/kbn_tooling_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-tooling-log title: "@kbn/tooling-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/tooling-log plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/tooling-log'] --- import kbnToolingLogObj from './kbn_tooling_log.devdocs.json'; diff --git a/api_docs/kbn_ts_projects.mdx b/api_docs/kbn_ts_projects.mdx index e8ae01d01d94a2..1d8534e9fb3ac1 100644 --- a/api_docs/kbn_ts_projects.mdx +++ b/api_docs/kbn_ts_projects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ts-projects title: "@kbn/ts-projects" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ts-projects plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ts-projects'] --- import kbnTsProjectsObj from './kbn_ts_projects.devdocs.json'; diff --git a/api_docs/kbn_typed_react_router_config.mdx b/api_docs/kbn_typed_react_router_config.mdx index 7cdfb5a4c62e75..20708e11cee2cb 100644 --- a/api_docs/kbn_typed_react_router_config.mdx +++ b/api_docs/kbn_typed_react_router_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-typed-react-router-config title: "@kbn/typed-react-router-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/typed-react-router-config plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/typed-react-router-config'] --- import kbnTypedReactRouterConfigObj from './kbn_typed_react_router_config.devdocs.json'; diff --git a/api_docs/kbn_ui_actions_browser.mdx b/api_docs/kbn_ui_actions_browser.mdx index 4c2dc2ceedef64..030069abf84c0c 100644 --- a/api_docs/kbn_ui_actions_browser.mdx +++ b/api_docs/kbn_ui_actions_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-actions-browser title: "@kbn/ui-actions-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-actions-browser plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-actions-browser'] --- import kbnUiActionsBrowserObj from './kbn_ui_actions_browser.devdocs.json'; diff --git a/api_docs/kbn_ui_shared_deps_src.mdx b/api_docs/kbn_ui_shared_deps_src.mdx index 13dddb0cce1491..0d69082ef1ca37 100644 --- a/api_docs/kbn_ui_shared_deps_src.mdx +++ b/api_docs/kbn_ui_shared_deps_src.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-shared-deps-src title: "@kbn/ui-shared-deps-src" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-shared-deps-src plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-shared-deps-src'] --- import kbnUiSharedDepsSrcObj from './kbn_ui_shared_deps_src.devdocs.json'; diff --git a/api_docs/kbn_ui_theme.mdx b/api_docs/kbn_ui_theme.mdx index 253b48ee825fd0..f067c6d18e68f0 100644 --- a/api_docs/kbn_ui_theme.mdx +++ b/api_docs/kbn_ui_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-theme title: "@kbn/ui-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-theme plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-theme'] --- import kbnUiThemeObj from './kbn_ui_theme.devdocs.json'; diff --git a/api_docs/kbn_unified_data_table.mdx b/api_docs/kbn_unified_data_table.mdx index e61ac0ce5d0861..e072f1adf9c166 100644 --- a/api_docs/kbn_unified_data_table.mdx +++ b/api_docs/kbn_unified_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-data-table title: "@kbn/unified-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-data-table plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-data-table'] --- import kbnUnifiedDataTableObj from './kbn_unified_data_table.devdocs.json'; diff --git a/api_docs/kbn_unified_doc_viewer.mdx b/api_docs/kbn_unified_doc_viewer.mdx index 157706fb195486..113cc75baeae12 100644 --- a/api_docs/kbn_unified_doc_viewer.mdx +++ b/api_docs/kbn_unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-doc-viewer title: "@kbn/unified-doc-viewer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-doc-viewer plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-doc-viewer'] --- import kbnUnifiedDocViewerObj from './kbn_unified_doc_viewer.devdocs.json'; diff --git a/api_docs/kbn_unified_field_list.mdx b/api_docs/kbn_unified_field_list.mdx index c235b7e0334694..9e49d8e9b662dc 100644 --- a/api_docs/kbn_unified_field_list.mdx +++ b/api_docs/kbn_unified_field_list.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-field-list title: "@kbn/unified-field-list" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-field-list plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-field-list'] --- import kbnUnifiedFieldListObj from './kbn_unified_field_list.devdocs.json'; diff --git a/api_docs/kbn_unsaved_changes_badge.mdx b/api_docs/kbn_unsaved_changes_badge.mdx index e8c462182d4ab9..37ea9f303e50c1 100644 --- a/api_docs/kbn_unsaved_changes_badge.mdx +++ b/api_docs/kbn_unsaved_changes_badge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-badge title: "@kbn/unsaved-changes-badge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unsaved-changes-badge plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-badge'] --- import kbnUnsavedChangesBadgeObj from './kbn_unsaved_changes_badge.devdocs.json'; diff --git a/api_docs/kbn_url_state.mdx b/api_docs/kbn_url_state.mdx index fe8be4c2721113..58bb87a765ad3e 100644 --- a/api_docs/kbn_url_state.mdx +++ b/api_docs/kbn_url_state.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-url-state title: "@kbn/url-state" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/url-state plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/url-state'] --- import kbnUrlStateObj from './kbn_url_state.devdocs.json'; diff --git a/api_docs/kbn_use_tracked_promise.mdx b/api_docs/kbn_use_tracked_promise.mdx index 4432df8e631210..3d63e715cb4fae 100644 --- a/api_docs/kbn_use_tracked_promise.mdx +++ b/api_docs/kbn_use_tracked_promise.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-use-tracked-promise title: "@kbn/use-tracked-promise" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/use-tracked-promise plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/use-tracked-promise'] --- import kbnUseTrackedPromiseObj from './kbn_use_tracked_promise.devdocs.json'; diff --git a/api_docs/kbn_user_profile_components.mdx b/api_docs/kbn_user_profile_components.mdx index f4d254baa34bc0..cb8eb608b9412d 100644 --- a/api_docs/kbn_user_profile_components.mdx +++ b/api_docs/kbn_user_profile_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-user-profile-components title: "@kbn/user-profile-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/user-profile-components plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/user-profile-components'] --- import kbnUserProfileComponentsObj from './kbn_user_profile_components.devdocs.json'; diff --git a/api_docs/kbn_utility_types.mdx b/api_docs/kbn_utility_types.mdx index 3bb6217fc3e00c..1cfc9e7bd1638f 100644 --- a/api_docs/kbn_utility_types.mdx +++ b/api_docs/kbn_utility_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types title: "@kbn/utility-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types'] --- import kbnUtilityTypesObj from './kbn_utility_types.devdocs.json'; diff --git a/api_docs/kbn_utility_types_jest.mdx b/api_docs/kbn_utility_types_jest.mdx index 989ad206f40dd5..c1f18027fc667d 100644 --- a/api_docs/kbn_utility_types_jest.mdx +++ b/api_docs/kbn_utility_types_jest.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types-jest title: "@kbn/utility-types-jest" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types-jest plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types-jest'] --- import kbnUtilityTypesJestObj from './kbn_utility_types_jest.devdocs.json'; diff --git a/api_docs/kbn_utils.mdx b/api_docs/kbn_utils.mdx index 6fa7d9782c3bfb..ae9f9ea0ee5ecb 100644 --- a/api_docs/kbn_utils.mdx +++ b/api_docs/kbn_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utils title: "@kbn/utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utils'] --- import kbnUtilsObj from './kbn_utils.devdocs.json'; diff --git a/api_docs/kbn_visualization_ui_components.mdx b/api_docs/kbn_visualization_ui_components.mdx index 1984ebefe744fb..73830e2d04dbcc 100644 --- a/api_docs/kbn_visualization_ui_components.mdx +++ b/api_docs/kbn_visualization_ui_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-ui-components title: "@kbn/visualization-ui-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/visualization-ui-components plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-ui-components'] --- import kbnVisualizationUiComponentsObj from './kbn_visualization_ui_components.devdocs.json'; diff --git a/api_docs/kbn_xstate_utils.mdx b/api_docs/kbn_xstate_utils.mdx index 8b55918f23917a..486044b0a279fc 100644 --- a/api_docs/kbn_xstate_utils.mdx +++ b/api_docs/kbn_xstate_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-xstate-utils title: "@kbn/xstate-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/xstate-utils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/xstate-utils'] --- import kbnXstateUtilsObj from './kbn_xstate_utils.devdocs.json'; diff --git a/api_docs/kbn_yarn_lock_validator.mdx b/api_docs/kbn_yarn_lock_validator.mdx index 98e63d31c4aaee..9debee10dff4c3 100644 --- a/api_docs/kbn_yarn_lock_validator.mdx +++ b/api_docs/kbn_yarn_lock_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-yarn-lock-validator title: "@kbn/yarn-lock-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/yarn-lock-validator plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/yarn-lock-validator'] --- import kbnYarnLockValidatorObj from './kbn_yarn_lock_validator.devdocs.json'; diff --git a/api_docs/kbn_zod_helpers.mdx b/api_docs/kbn_zod_helpers.mdx index 71fa1067ab242e..045dc345ae558f 100644 --- a/api_docs/kbn_zod_helpers.mdx +++ b/api_docs/kbn_zod_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod-helpers title: "@kbn/zod-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/zod-helpers plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod-helpers'] --- import kbnZodHelpersObj from './kbn_zod_helpers.devdocs.json'; diff --git a/api_docs/kibana_overview.mdx b/api_docs/kibana_overview.mdx index b5f41ffa895529..64c56fa357f4f8 100644 --- a/api_docs/kibana_overview.mdx +++ b/api_docs/kibana_overview.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaOverview title: "kibanaOverview" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaOverview plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaOverview'] --- import kibanaOverviewObj from './kibana_overview.devdocs.json'; diff --git a/api_docs/kibana_react.mdx b/api_docs/kibana_react.mdx index 99e81172badb64..15e6f3725eab1f 100644 --- a/api_docs/kibana_react.mdx +++ b/api_docs/kibana_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaReact title: "kibanaReact" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaReact plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaReact'] --- import kibanaReactObj from './kibana_react.devdocs.json'; diff --git a/api_docs/kibana_utils.mdx b/api_docs/kibana_utils.mdx index 350d863b3b12ca..0d76b07b1a5583 100644 --- a/api_docs/kibana_utils.mdx +++ b/api_docs/kibana_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaUtils title: "kibanaUtils" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaUtils plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaUtils'] --- import kibanaUtilsObj from './kibana_utils.devdocs.json'; diff --git a/api_docs/kubernetes_security.mdx b/api_docs/kubernetes_security.mdx index c531e986e73645..dfa21718784cac 100644 --- a/api_docs/kubernetes_security.mdx +++ b/api_docs/kubernetes_security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kubernetesSecurity title: "kubernetesSecurity" image: https://source.unsplash.com/400x175/?github description: API docs for the kubernetesSecurity plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kubernetesSecurity'] --- import kubernetesSecurityObj from './kubernetes_security.devdocs.json'; diff --git a/api_docs/lens.mdx b/api_docs/lens.mdx index a2d155256e3eb4..f15b4eca50c2ea 100644 --- a/api_docs/lens.mdx +++ b/api_docs/lens.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lens title: "lens" image: https://source.unsplash.com/400x175/?github description: API docs for the lens plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lens'] --- import lensObj from './lens.devdocs.json'; diff --git a/api_docs/license_api_guard.mdx b/api_docs/license_api_guard.mdx index 62b4915b83072b..091d06c133ae36 100644 --- a/api_docs/license_api_guard.mdx +++ b/api_docs/license_api_guard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseApiGuard title: "licenseApiGuard" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseApiGuard plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseApiGuard'] --- import licenseApiGuardObj from './license_api_guard.devdocs.json'; diff --git a/api_docs/license_management.mdx b/api_docs/license_management.mdx index e9fae7c3ab322a..d44c992a0c2c90 100644 --- a/api_docs/license_management.mdx +++ b/api_docs/license_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseManagement title: "licenseManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseManagement plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseManagement'] --- import licenseManagementObj from './license_management.devdocs.json'; diff --git a/api_docs/licensing.mdx b/api_docs/licensing.mdx index d82fcfb98255f5..b23db6581fdcdd 100644 --- a/api_docs/licensing.mdx +++ b/api_docs/licensing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licensing title: "licensing" image: https://source.unsplash.com/400x175/?github description: API docs for the licensing plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licensing'] --- import licensingObj from './licensing.devdocs.json'; diff --git a/api_docs/links.mdx b/api_docs/links.mdx index 3b659afb2850e0..e77b2d86d9bd5d 100644 --- a/api_docs/links.mdx +++ b/api_docs/links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/links title: "links" image: https://source.unsplash.com/400x175/?github description: API docs for the links plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'links'] --- import linksObj from './links.devdocs.json'; diff --git a/api_docs/lists.mdx b/api_docs/lists.mdx index f66ec9449dc675..5b5a940efadcd9 100644 --- a/api_docs/lists.mdx +++ b/api_docs/lists.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lists title: "lists" image: https://source.unsplash.com/400x175/?github description: API docs for the lists plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lists'] --- import listsObj from './lists.devdocs.json'; diff --git a/api_docs/log_explorer.mdx b/api_docs/log_explorer.mdx index 625af016378c2e..24d9d3b82f0b97 100644 --- a/api_docs/log_explorer.mdx +++ b/api_docs/log_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logExplorer title: "logExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the logExplorer plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logExplorer'] --- import logExplorerObj from './log_explorer.devdocs.json'; diff --git a/api_docs/logs_shared.mdx b/api_docs/logs_shared.mdx index 41c09bbbb0d2ec..599557e17c8c22 100644 --- a/api_docs/logs_shared.mdx +++ b/api_docs/logs_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsShared title: "logsShared" image: https://source.unsplash.com/400x175/?github description: API docs for the logsShared plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsShared'] --- import logsSharedObj from './logs_shared.devdocs.json'; diff --git a/api_docs/management.mdx b/api_docs/management.mdx index 576f29cd6247b3..8d362cce9f08ef 100644 --- a/api_docs/management.mdx +++ b/api_docs/management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/management title: "management" image: https://source.unsplash.com/400x175/?github description: API docs for the management plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'management'] --- import managementObj from './management.devdocs.json'; diff --git a/api_docs/maps.mdx b/api_docs/maps.mdx index 7f4be7989c117a..a301fe2968307f 100644 --- a/api_docs/maps.mdx +++ b/api_docs/maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/maps title: "maps" image: https://source.unsplash.com/400x175/?github description: API docs for the maps plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'maps'] --- import mapsObj from './maps.devdocs.json'; diff --git a/api_docs/maps_ems.mdx b/api_docs/maps_ems.mdx index 2634faac7c3756..b107dbfa783dae 100644 --- a/api_docs/maps_ems.mdx +++ b/api_docs/maps_ems.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mapsEms title: "mapsEms" image: https://source.unsplash.com/400x175/?github description: API docs for the mapsEms plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mapsEms'] --- import mapsEmsObj from './maps_ems.devdocs.json'; diff --git a/api_docs/metrics_data_access.mdx b/api_docs/metrics_data_access.mdx index 5b9186f6c33e23..b3baddff3454a8 100644 --- a/api_docs/metrics_data_access.mdx +++ b/api_docs/metrics_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/metricsDataAccess title: "metricsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the metricsDataAccess plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'metricsDataAccess'] --- import metricsDataAccessObj from './metrics_data_access.devdocs.json'; diff --git a/api_docs/ml.mdx b/api_docs/ml.mdx index e3c44fc59ef055..fd51fef94cf70c 100644 --- a/api_docs/ml.mdx +++ b/api_docs/ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ml title: "ml" image: https://source.unsplash.com/400x175/?github description: API docs for the ml plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ml'] --- import mlObj from './ml.devdocs.json'; diff --git a/api_docs/monitoring.mdx b/api_docs/monitoring.mdx index 56a4f06c4dda11..b3da30cf84ebb4 100644 --- a/api_docs/monitoring.mdx +++ b/api_docs/monitoring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoring title: "monitoring" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoring plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoring'] --- import monitoringObj from './monitoring.devdocs.json'; diff --git a/api_docs/monitoring_collection.mdx b/api_docs/monitoring_collection.mdx index 4b470da8c04f61..69a47820bf089c 100644 --- a/api_docs/monitoring_collection.mdx +++ b/api_docs/monitoring_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoringCollection title: "monitoringCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoringCollection plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoringCollection'] --- import monitoringCollectionObj from './monitoring_collection.devdocs.json'; diff --git a/api_docs/navigation.mdx b/api_docs/navigation.mdx index bf5144f7ed192f..f4a834374010bb 100644 --- a/api_docs/navigation.mdx +++ b/api_docs/navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/navigation title: "navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the navigation plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'navigation'] --- import navigationObj from './navigation.devdocs.json'; diff --git a/api_docs/newsfeed.mdx b/api_docs/newsfeed.mdx index 4fd34879242114..515bcb3e629afc 100644 --- a/api_docs/newsfeed.mdx +++ b/api_docs/newsfeed.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/newsfeed title: "newsfeed" image: https://source.unsplash.com/400x175/?github description: API docs for the newsfeed plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'newsfeed'] --- import newsfeedObj from './newsfeed.devdocs.json'; diff --git a/api_docs/no_data_page.mdx b/api_docs/no_data_page.mdx index bbecb8303b5375..3ab4fa66b297c5 100644 --- a/api_docs/no_data_page.mdx +++ b/api_docs/no_data_page.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/noDataPage title: "noDataPage" image: https://source.unsplash.com/400x175/?github description: API docs for the noDataPage plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'noDataPage'] --- import noDataPageObj from './no_data_page.devdocs.json'; diff --git a/api_docs/notifications.mdx b/api_docs/notifications.mdx index 3440fa9c6c881e..36b41b51f574ee 100644 --- a/api_docs/notifications.mdx +++ b/api_docs/notifications.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/notifications title: "notifications" image: https://source.unsplash.com/400x175/?github description: API docs for the notifications plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'notifications'] --- import notificationsObj from './notifications.devdocs.json'; diff --git a/api_docs/observability.mdx b/api_docs/observability.mdx index fc5ddbd9f82248..b664fe6968a182 100644 --- a/api_docs/observability.mdx +++ b/api_docs/observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observability title: "observability" image: https://source.unsplash.com/400x175/?github description: API docs for the observability plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observability'] --- import observabilityObj from './observability.devdocs.json'; diff --git a/api_docs/observability_a_i_assistant.mdx b/api_docs/observability_a_i_assistant.mdx index ab91a05f671fe6..2be9d6e6315659 100644 --- a/api_docs/observability_a_i_assistant.mdx +++ b/api_docs/observability_a_i_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistant title: "observabilityAIAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAIAssistant plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistant'] --- import observabilityAIAssistantObj from './observability_a_i_assistant.devdocs.json'; diff --git a/api_docs/observability_log_explorer.mdx b/api_docs/observability_log_explorer.mdx index a3f7012161494e..9053799ca3c532 100644 --- a/api_docs/observability_log_explorer.mdx +++ b/api_docs/observability_log_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityLogExplorer title: "observabilityLogExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityLogExplorer plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityLogExplorer'] --- import observabilityLogExplorerObj from './observability_log_explorer.devdocs.json'; diff --git a/api_docs/observability_onboarding.mdx b/api_docs/observability_onboarding.mdx index 5f72d59c3218c7..d53de7acc2f484 100644 --- a/api_docs/observability_onboarding.mdx +++ b/api_docs/observability_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityOnboarding title: "observabilityOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityOnboarding plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityOnboarding'] --- import observabilityOnboardingObj from './observability_onboarding.devdocs.json'; diff --git a/api_docs/observability_shared.mdx b/api_docs/observability_shared.mdx index 583059a6590007..d81c20b490014d 100644 --- a/api_docs/observability_shared.mdx +++ b/api_docs/observability_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityShared title: "observabilityShared" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityShared plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityShared'] --- import observabilitySharedObj from './observability_shared.devdocs.json'; diff --git a/api_docs/osquery.mdx b/api_docs/osquery.mdx index ce16f8c4e521d1..631e0b09710621 100644 --- a/api_docs/osquery.mdx +++ b/api_docs/osquery.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/osquery title: "osquery" image: https://source.unsplash.com/400x175/?github description: API docs for the osquery plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'osquery'] --- import osqueryObj from './osquery.devdocs.json'; diff --git a/api_docs/painless_lab.mdx b/api_docs/painless_lab.mdx index 8a3a0ab634b1ac..e9fbdf587dbf69 100644 --- a/api_docs/painless_lab.mdx +++ b/api_docs/painless_lab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/painlessLab title: "painlessLab" image: https://source.unsplash.com/400x175/?github description: API docs for the painlessLab plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'painlessLab'] --- import painlessLabObj from './painless_lab.devdocs.json'; diff --git a/api_docs/plugin_directory.mdx b/api_docs/plugin_directory.mdx index 6140c6378d6ff4..631c90f2dd3f34 100644 --- a/api_docs/plugin_directory.mdx +++ b/api_docs/plugin_directory.mdx @@ -7,7 +7,7 @@ id: kibDevDocsPluginDirectory slug: /kibana-dev-docs/api-meta/plugin-api-directory title: Directory description: Directory of public APIs available through plugins or packages. -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -15,13 +15,13 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | Count | Plugins or Packages with a
public API | Number of teams | |--------------|----------|------------------------| -| 712 | 604 | 40 | +| 714 | 606 | 40 | ### Public API health stats | API Count | Any Count | Missing comments | Missing exports | |--------------|----------|-----------------|--------| -| 76393 | 235 | 65329 | 1606 | +| 76426 | 235 | 65361 | 1606 | ## Plugin Directory @@ -90,7 +90,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds 'shape' function and renderer to expressions | 148 | 0 | 146 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Expression Tagcloud plugin adds a `tagcloud` renderer and function to the expression plugin. The renderer will display the `Wordcloud` chart. | 6 | 0 | 6 | 2 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Expression XY plugin adds a `xy` renderer and function to the expression plugin. The renderer will display the `xy` chart. | 176 | 0 | 166 | 13 | -| | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Adds expression runtime to Kibana | 2224 | 17 | 1765 | 5 | +| | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Adds expression runtime to Kibana | 2208 | 17 | 1749 | 5 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 235 | 0 | 99 | 2 | | | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Index pattern fields and ambiguous values formatters | 292 | 5 | 253 | 3 | | | [@elastic/kibana-gis](https://github.com/orgs/elastic/teams/kibana-gis) | The file upload plugin contains components and services for uploading a file, analyzing its data, and then importing the data into an Elasticsearch index. Supported file types include CSV, TSV, newline-delimited JSON and GeoJSON. | 59 | 0 | 59 | 2 | @@ -240,7 +240,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-qa](https://github.com/orgs/elastic/teams/kibana-qa) | - | 12 | 0 | 12 | 0 | | | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 10 | 0 | 10 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 19 | 0 | 16 | 0 | -| | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 62 | 1 | 44 | 3 | +| | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 60 | 1 | 42 | 3 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 14 | 0 | 10 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 78 | 0 | 78 | 0 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 7 | 0 | 2 | 0 | @@ -418,6 +418,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 3 | 0 | 3 | 0 | | | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 13 | 0 | 7 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 10 | 0 | 10 | 0 | +| | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 16 | 0 | 16 | 0 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 19 | 0 | 17 | 6 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 2 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 14 | 0 | 9 | 0 | @@ -443,6 +444,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 19 | 0 | 11 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 35125 | 0 | 34718 | 0 | | | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | - | 13 | 0 | 5 | 0 | +| | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 35 | 0 | 34 | 0 | | | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | - | 96 | 0 | 76 | 6 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 48 | 0 | 33 | 7 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 27 | 0 | 14 | 1 | diff --git a/api_docs/presentation_util.mdx b/api_docs/presentation_util.mdx index 631f92388b1b12..23946072908f8e 100644 --- a/api_docs/presentation_util.mdx +++ b/api_docs/presentation_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationUtil title: "presentationUtil" image: https://source.unsplash.com/400x175/?github description: API docs for the presentationUtil plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationUtil'] --- import presentationUtilObj from './presentation_util.devdocs.json'; diff --git a/api_docs/profiling.mdx b/api_docs/profiling.mdx index 349689887af9b2..53f9e92add84dc 100644 --- a/api_docs/profiling.mdx +++ b/api_docs/profiling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profiling title: "profiling" image: https://source.unsplash.com/400x175/?github description: API docs for the profiling plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profiling'] --- import profilingObj from './profiling.devdocs.json'; diff --git a/api_docs/profiling_data_access.mdx b/api_docs/profiling_data_access.mdx index a17655192d09f0..3b7404480742e4 100644 --- a/api_docs/profiling_data_access.mdx +++ b/api_docs/profiling_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profilingDataAccess title: "profilingDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the profilingDataAccess plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profilingDataAccess'] --- import profilingDataAccessObj from './profiling_data_access.devdocs.json'; diff --git a/api_docs/remote_clusters.mdx b/api_docs/remote_clusters.mdx index 8e2e975660535b..070cf277c3d283 100644 --- a/api_docs/remote_clusters.mdx +++ b/api_docs/remote_clusters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/remoteClusters title: "remoteClusters" image: https://source.unsplash.com/400x175/?github description: API docs for the remoteClusters plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'remoteClusters'] --- import remoteClustersObj from './remote_clusters.devdocs.json'; diff --git a/api_docs/reporting.mdx b/api_docs/reporting.mdx index 558ccd7f542d57..57e1d42fc66486 100644 --- a/api_docs/reporting.mdx +++ b/api_docs/reporting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/reporting title: "reporting" image: https://source.unsplash.com/400x175/?github description: API docs for the reporting plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'reporting'] --- import reportingObj from './reporting.devdocs.json'; diff --git a/api_docs/rollup.mdx b/api_docs/rollup.mdx index 202f6d8e192b8d..93c8309731e924 100644 --- a/api_docs/rollup.mdx +++ b/api_docs/rollup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/rollup title: "rollup" image: https://source.unsplash.com/400x175/?github description: API docs for the rollup plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'rollup'] --- import rollupObj from './rollup.devdocs.json'; diff --git a/api_docs/rule_registry.mdx b/api_docs/rule_registry.mdx index 864629c2ef496b..82412e0806e8db 100644 --- a/api_docs/rule_registry.mdx +++ b/api_docs/rule_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ruleRegistry title: "ruleRegistry" image: https://source.unsplash.com/400x175/?github description: API docs for the ruleRegistry plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ruleRegistry'] --- import ruleRegistryObj from './rule_registry.devdocs.json'; diff --git a/api_docs/runtime_fields.mdx b/api_docs/runtime_fields.mdx index 04f0ebda952cd6..ba2aa31e600379 100644 --- a/api_docs/runtime_fields.mdx +++ b/api_docs/runtime_fields.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/runtimeFields title: "runtimeFields" image: https://source.unsplash.com/400x175/?github description: API docs for the runtimeFields plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'runtimeFields'] --- import runtimeFieldsObj from './runtime_fields.devdocs.json'; diff --git a/api_docs/saved_objects.mdx b/api_docs/saved_objects.mdx index e767a5df11f078..60d9a14501a717 100644 --- a/api_docs/saved_objects.mdx +++ b/api_docs/saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjects title: "savedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjects plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjects'] --- import savedObjectsObj from './saved_objects.devdocs.json'; diff --git a/api_docs/saved_objects_finder.mdx b/api_docs/saved_objects_finder.mdx index 99e88dc965a621..baa06ee207dd26 100644 --- a/api_docs/saved_objects_finder.mdx +++ b/api_docs/saved_objects_finder.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsFinder title: "savedObjectsFinder" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsFinder plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsFinder'] --- import savedObjectsFinderObj from './saved_objects_finder.devdocs.json'; diff --git a/api_docs/saved_objects_management.mdx b/api_docs/saved_objects_management.mdx index 38eaa0410ff18a..1005a80975a949 100644 --- a/api_docs/saved_objects_management.mdx +++ b/api_docs/saved_objects_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsManagement title: "savedObjectsManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsManagement plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsManagement'] --- import savedObjectsManagementObj from './saved_objects_management.devdocs.json'; diff --git a/api_docs/saved_objects_tagging.mdx b/api_docs/saved_objects_tagging.mdx index 0af43a80f8805f..aacaabfc7dedeb 100644 --- a/api_docs/saved_objects_tagging.mdx +++ b/api_docs/saved_objects_tagging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTagging title: "savedObjectsTagging" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTagging plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTagging'] --- import savedObjectsTaggingObj from './saved_objects_tagging.devdocs.json'; diff --git a/api_docs/saved_objects_tagging_oss.mdx b/api_docs/saved_objects_tagging_oss.mdx index dcc3a4d44e9570..80cef8add385e7 100644 --- a/api_docs/saved_objects_tagging_oss.mdx +++ b/api_docs/saved_objects_tagging_oss.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTaggingOss title: "savedObjectsTaggingOss" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTaggingOss plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTaggingOss'] --- import savedObjectsTaggingOssObj from './saved_objects_tagging_oss.devdocs.json'; diff --git a/api_docs/saved_search.mdx b/api_docs/saved_search.mdx index 6a107eb290dab9..0440633fabda5a 100644 --- a/api_docs/saved_search.mdx +++ b/api_docs/saved_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedSearch title: "savedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the savedSearch plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedSearch'] --- import savedSearchObj from './saved_search.devdocs.json'; diff --git a/api_docs/screenshot_mode.mdx b/api_docs/screenshot_mode.mdx index f0ac1b842f8ef4..6f704e31c384f8 100644 --- a/api_docs/screenshot_mode.mdx +++ b/api_docs/screenshot_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotMode title: "screenshotMode" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotMode plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotMode'] --- import screenshotModeObj from './screenshot_mode.devdocs.json'; diff --git a/api_docs/screenshotting.mdx b/api_docs/screenshotting.mdx index f5e32ae5a372c4..9794c59a122989 100644 --- a/api_docs/screenshotting.mdx +++ b/api_docs/screenshotting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotting title: "screenshotting" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotting plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotting'] --- import screenshottingObj from './screenshotting.devdocs.json'; diff --git a/api_docs/security.mdx b/api_docs/security.mdx index aab98ee9a12ffb..71afdc49a95c6e 100644 --- a/api_docs/security.mdx +++ b/api_docs/security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/security title: "security" image: https://source.unsplash.com/400x175/?github description: API docs for the security plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'security'] --- import securityObj from './security.devdocs.json'; diff --git a/api_docs/security_solution.mdx b/api_docs/security_solution.mdx index 6b70eca76a8ac3..5450e147125ad6 100644 --- a/api_docs/security_solution.mdx +++ b/api_docs/security_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolution title: "securitySolution" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolution plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolution'] --- import securitySolutionObj from './security_solution.devdocs.json'; diff --git a/api_docs/security_solution_ess.mdx b/api_docs/security_solution_ess.mdx index 5f10c1639302eb..5bbfe83899cea2 100644 --- a/api_docs/security_solution_ess.mdx +++ b/api_docs/security_solution_ess.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionEss title: "securitySolutionEss" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionEss plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionEss'] --- import securitySolutionEssObj from './security_solution_ess.devdocs.json'; diff --git a/api_docs/security_solution_serverless.mdx b/api_docs/security_solution_serverless.mdx index ea9372868fa04d..9fe12f3dda9923 100644 --- a/api_docs/security_solution_serverless.mdx +++ b/api_docs/security_solution_serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionServerless title: "securitySolutionServerless" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionServerless plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionServerless'] --- import securitySolutionServerlessObj from './security_solution_serverless.devdocs.json'; diff --git a/api_docs/serverless.mdx b/api_docs/serverless.mdx index d24185bdb147ef..3b5ace3dee12b9 100644 --- a/api_docs/serverless.mdx +++ b/api_docs/serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverless title: "serverless" image: https://source.unsplash.com/400x175/?github description: API docs for the serverless plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverless'] --- import serverlessObj from './serverless.devdocs.json'; diff --git a/api_docs/serverless_observability.mdx b/api_docs/serverless_observability.mdx index 47727bf0dd7e88..87d382dc7db13f 100644 --- a/api_docs/serverless_observability.mdx +++ b/api_docs/serverless_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessObservability title: "serverlessObservability" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessObservability plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessObservability'] --- import serverlessObservabilityObj from './serverless_observability.devdocs.json'; diff --git a/api_docs/serverless_search.mdx b/api_docs/serverless_search.mdx index 83b4720142b222..6efa6ca0697be2 100644 --- a/api_docs/serverless_search.mdx +++ b/api_docs/serverless_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessSearch title: "serverlessSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessSearch plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessSearch'] --- import serverlessSearchObj from './serverless_search.devdocs.json'; diff --git a/api_docs/session_view.mdx b/api_docs/session_view.mdx index 0c26f7ba80c724..5faff7bc9428f5 100644 --- a/api_docs/session_view.mdx +++ b/api_docs/session_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/sessionView title: "sessionView" image: https://source.unsplash.com/400x175/?github description: API docs for the sessionView plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'sessionView'] --- import sessionViewObj from './session_view.devdocs.json'; diff --git a/api_docs/share.mdx b/api_docs/share.mdx index 3def4bd9bd2741..8481b3fb9a2cb3 100644 --- a/api_docs/share.mdx +++ b/api_docs/share.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/share title: "share" image: https://source.unsplash.com/400x175/?github description: API docs for the share plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'share'] --- import shareObj from './share.devdocs.json'; diff --git a/api_docs/snapshot_restore.mdx b/api_docs/snapshot_restore.mdx index cc111008227a69..0159382bf9e20e 100644 --- a/api_docs/snapshot_restore.mdx +++ b/api_docs/snapshot_restore.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/snapshotRestore title: "snapshotRestore" image: https://source.unsplash.com/400x175/?github description: API docs for the snapshotRestore plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'snapshotRestore'] --- import snapshotRestoreObj from './snapshot_restore.devdocs.json'; diff --git a/api_docs/spaces.mdx b/api_docs/spaces.mdx index 7fe4340f7825e2..e70cdce709a490 100644 --- a/api_docs/spaces.mdx +++ b/api_docs/spaces.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/spaces title: "spaces" image: https://source.unsplash.com/400x175/?github description: API docs for the spaces plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'spaces'] --- import spacesObj from './spaces.devdocs.json'; diff --git a/api_docs/stack_alerts.mdx b/api_docs/stack_alerts.mdx index 5780e55925fd80..792699a25fe93c 100644 --- a/api_docs/stack_alerts.mdx +++ b/api_docs/stack_alerts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackAlerts title: "stackAlerts" image: https://source.unsplash.com/400x175/?github description: API docs for the stackAlerts plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackAlerts'] --- import stackAlertsObj from './stack_alerts.devdocs.json'; diff --git a/api_docs/stack_connectors.mdx b/api_docs/stack_connectors.mdx index f0f55a32f801e8..b3ea1b2a30e192 100644 --- a/api_docs/stack_connectors.mdx +++ b/api_docs/stack_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackConnectors title: "stackConnectors" image: https://source.unsplash.com/400x175/?github description: API docs for the stackConnectors plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackConnectors'] --- import stackConnectorsObj from './stack_connectors.devdocs.json'; diff --git a/api_docs/task_manager.mdx b/api_docs/task_manager.mdx index a39bf979554b62..684fa40edd9db2 100644 --- a/api_docs/task_manager.mdx +++ b/api_docs/task_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/taskManager title: "taskManager" image: https://source.unsplash.com/400x175/?github description: API docs for the taskManager plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'taskManager'] --- import taskManagerObj from './task_manager.devdocs.json'; diff --git a/api_docs/telemetry.mdx b/api_docs/telemetry.mdx index afba5f81a4b3c0..b8ad82872374ec 100644 --- a/api_docs/telemetry.mdx +++ b/api_docs/telemetry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetry title: "telemetry" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetry plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetry'] --- import telemetryObj from './telemetry.devdocs.json'; diff --git a/api_docs/telemetry_collection_manager.mdx b/api_docs/telemetry_collection_manager.mdx index 4ace48af9f2c0d..70e3e36ba45c6a 100644 --- a/api_docs/telemetry_collection_manager.mdx +++ b/api_docs/telemetry_collection_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionManager title: "telemetryCollectionManager" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionManager plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionManager'] --- import telemetryCollectionManagerObj from './telemetry_collection_manager.devdocs.json'; diff --git a/api_docs/telemetry_collection_xpack.mdx b/api_docs/telemetry_collection_xpack.mdx index 6c4c611f8ccf2e..fb2e7b5b1ab5aa 100644 --- a/api_docs/telemetry_collection_xpack.mdx +++ b/api_docs/telemetry_collection_xpack.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionXpack title: "telemetryCollectionXpack" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionXpack plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionXpack'] --- import telemetryCollectionXpackObj from './telemetry_collection_xpack.devdocs.json'; diff --git a/api_docs/telemetry_management_section.mdx b/api_docs/telemetry_management_section.mdx index 1998ddcad82410..920b3058129766 100644 --- a/api_docs/telemetry_management_section.mdx +++ b/api_docs/telemetry_management_section.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryManagementSection title: "telemetryManagementSection" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryManagementSection plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryManagementSection'] --- import telemetryManagementSectionObj from './telemetry_management_section.devdocs.json'; diff --git a/api_docs/text_based_languages.mdx b/api_docs/text_based_languages.mdx index a7d570013407b3..0cd5b475d9197c 100644 --- a/api_docs/text_based_languages.mdx +++ b/api_docs/text_based_languages.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/textBasedLanguages title: "textBasedLanguages" image: https://source.unsplash.com/400x175/?github description: API docs for the textBasedLanguages plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'textBasedLanguages'] --- import textBasedLanguagesObj from './text_based_languages.devdocs.json'; diff --git a/api_docs/threat_intelligence.mdx b/api_docs/threat_intelligence.mdx index aac037def1de7c..c0bb245253e834 100644 --- a/api_docs/threat_intelligence.mdx +++ b/api_docs/threat_intelligence.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/threatIntelligence title: "threatIntelligence" image: https://source.unsplash.com/400x175/?github description: API docs for the threatIntelligence plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'threatIntelligence'] --- import threatIntelligenceObj from './threat_intelligence.devdocs.json'; diff --git a/api_docs/timelines.mdx b/api_docs/timelines.mdx index 3d8282b9285a64..cbbd6f3001ea04 100644 --- a/api_docs/timelines.mdx +++ b/api_docs/timelines.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/timelines title: "timelines" image: https://source.unsplash.com/400x175/?github description: API docs for the timelines plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'timelines'] --- import timelinesObj from './timelines.devdocs.json'; diff --git a/api_docs/transform.mdx b/api_docs/transform.mdx index 826edf1115d2d1..b62fb485b54284 100644 --- a/api_docs/transform.mdx +++ b/api_docs/transform.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/transform title: "transform" image: https://source.unsplash.com/400x175/?github description: API docs for the transform plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'transform'] --- import transformObj from './transform.devdocs.json'; diff --git a/api_docs/triggers_actions_ui.mdx b/api_docs/triggers_actions_ui.mdx index e23129996be5bf..0d0c10fe2d7d7c 100644 --- a/api_docs/triggers_actions_ui.mdx +++ b/api_docs/triggers_actions_ui.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/triggersActionsUi title: "triggersActionsUi" image: https://source.unsplash.com/400x175/?github description: API docs for the triggersActionsUi plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'triggersActionsUi'] --- import triggersActionsUiObj from './triggers_actions_ui.devdocs.json'; diff --git a/api_docs/ui_actions.mdx b/api_docs/ui_actions.mdx index 1c3f811e0765e8..119d19b676dd8b 100644 --- a/api_docs/ui_actions.mdx +++ b/api_docs/ui_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActions title: "uiActions" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActions plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActions'] --- import uiActionsObj from './ui_actions.devdocs.json'; diff --git a/api_docs/ui_actions_enhanced.mdx b/api_docs/ui_actions_enhanced.mdx index c6c9084eac6d40..b35189fa9f3381 100644 --- a/api_docs/ui_actions_enhanced.mdx +++ b/api_docs/ui_actions_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActionsEnhanced title: "uiActionsEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActionsEnhanced plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActionsEnhanced'] --- import uiActionsEnhancedObj from './ui_actions_enhanced.devdocs.json'; diff --git a/api_docs/unified_doc_viewer.mdx b/api_docs/unified_doc_viewer.mdx index e78492dd5784f5..fcb42f4995b93b 100644 --- a/api_docs/unified_doc_viewer.mdx +++ b/api_docs/unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedDocViewer title: "unifiedDocViewer" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedDocViewer plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedDocViewer'] --- import unifiedDocViewerObj from './unified_doc_viewer.devdocs.json'; diff --git a/api_docs/unified_histogram.mdx b/api_docs/unified_histogram.mdx index e56b5aa1af7275..435cf6852c1f3e 100644 --- a/api_docs/unified_histogram.mdx +++ b/api_docs/unified_histogram.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedHistogram title: "unifiedHistogram" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedHistogram plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedHistogram'] --- import unifiedHistogramObj from './unified_histogram.devdocs.json'; diff --git a/api_docs/unified_search.mdx b/api_docs/unified_search.mdx index 086aae0e7335f8..e25eb9f07c7928 100644 --- a/api_docs/unified_search.mdx +++ b/api_docs/unified_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch title: "unifiedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch'] --- import unifiedSearchObj from './unified_search.devdocs.json'; diff --git a/api_docs/unified_search_autocomplete.mdx b/api_docs/unified_search_autocomplete.mdx index 39b680d93e7559..80770fd0906a81 100644 --- a/api_docs/unified_search_autocomplete.mdx +++ b/api_docs/unified_search_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch-autocomplete title: "unifiedSearch.autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch.autocomplete plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch.autocomplete'] --- import unifiedSearchAutocompleteObj from './unified_search_autocomplete.devdocs.json'; diff --git a/api_docs/uptime.mdx b/api_docs/uptime.mdx index 7bed2e8d487f37..eb3d2fe74b6b84 100644 --- a/api_docs/uptime.mdx +++ b/api_docs/uptime.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uptime title: "uptime" image: https://source.unsplash.com/400x175/?github description: API docs for the uptime plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uptime'] --- import uptimeObj from './uptime.devdocs.json'; diff --git a/api_docs/url_forwarding.mdx b/api_docs/url_forwarding.mdx index 42ba2d06625436..0adcc2b86110b3 100644 --- a/api_docs/url_forwarding.mdx +++ b/api_docs/url_forwarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/urlForwarding title: "urlForwarding" image: https://source.unsplash.com/400x175/?github description: API docs for the urlForwarding plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'urlForwarding'] --- import urlForwardingObj from './url_forwarding.devdocs.json'; diff --git a/api_docs/usage_collection.mdx b/api_docs/usage_collection.mdx index 248b414085ee3b..64a089c595d76e 100644 --- a/api_docs/usage_collection.mdx +++ b/api_docs/usage_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/usageCollection title: "usageCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the usageCollection plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'usageCollection'] --- import usageCollectionObj from './usage_collection.devdocs.json'; diff --git a/api_docs/ux.mdx b/api_docs/ux.mdx index 30752ad5ebae21..e4620d3b85b511 100644 --- a/api_docs/ux.mdx +++ b/api_docs/ux.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ux title: "ux" image: https://source.unsplash.com/400x175/?github description: API docs for the ux plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ux'] --- import uxObj from './ux.devdocs.json'; diff --git a/api_docs/vis_default_editor.mdx b/api_docs/vis_default_editor.mdx index 4c49e27edacc0a..b053b0378685cd 100644 --- a/api_docs/vis_default_editor.mdx +++ b/api_docs/vis_default_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visDefaultEditor title: "visDefaultEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the visDefaultEditor plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visDefaultEditor'] --- import visDefaultEditorObj from './vis_default_editor.devdocs.json'; diff --git a/api_docs/vis_type_gauge.mdx b/api_docs/vis_type_gauge.mdx index e29a4b98355f12..750deacc01e93b 100644 --- a/api_docs/vis_type_gauge.mdx +++ b/api_docs/vis_type_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeGauge title: "visTypeGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeGauge plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeGauge'] --- import visTypeGaugeObj from './vis_type_gauge.devdocs.json'; diff --git a/api_docs/vis_type_heatmap.mdx b/api_docs/vis_type_heatmap.mdx index 50a08bccf19baf..57fa856dc54de1 100644 --- a/api_docs/vis_type_heatmap.mdx +++ b/api_docs/vis_type_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeHeatmap title: "visTypeHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeHeatmap plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeHeatmap'] --- import visTypeHeatmapObj from './vis_type_heatmap.devdocs.json'; diff --git a/api_docs/vis_type_pie.mdx b/api_docs/vis_type_pie.mdx index 4597d3787cda62..0f0badc0c55686 100644 --- a/api_docs/vis_type_pie.mdx +++ b/api_docs/vis_type_pie.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypePie title: "visTypePie" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypePie plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypePie'] --- import visTypePieObj from './vis_type_pie.devdocs.json'; diff --git a/api_docs/vis_type_table.mdx b/api_docs/vis_type_table.mdx index 8766e94d7e2036..d7550681770c1e 100644 --- a/api_docs/vis_type_table.mdx +++ b/api_docs/vis_type_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTable title: "visTypeTable" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTable plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTable'] --- import visTypeTableObj from './vis_type_table.devdocs.json'; diff --git a/api_docs/vis_type_timelion.mdx b/api_docs/vis_type_timelion.mdx index d8fcc74b363ec9..c0159abeeaa676 100644 --- a/api_docs/vis_type_timelion.mdx +++ b/api_docs/vis_type_timelion.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimelion title: "visTypeTimelion" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimelion plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimelion'] --- import visTypeTimelionObj from './vis_type_timelion.devdocs.json'; diff --git a/api_docs/vis_type_timeseries.mdx b/api_docs/vis_type_timeseries.mdx index a0d783bce4b678..bf4e8cbb0c907e 100644 --- a/api_docs/vis_type_timeseries.mdx +++ b/api_docs/vis_type_timeseries.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimeseries title: "visTypeTimeseries" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimeseries plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimeseries'] --- import visTypeTimeseriesObj from './vis_type_timeseries.devdocs.json'; diff --git a/api_docs/vis_type_vega.mdx b/api_docs/vis_type_vega.mdx index 8e897b1af30dd5..215b5087405254 100644 --- a/api_docs/vis_type_vega.mdx +++ b/api_docs/vis_type_vega.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVega title: "visTypeVega" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVega plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVega'] --- import visTypeVegaObj from './vis_type_vega.devdocs.json'; diff --git a/api_docs/vis_type_vislib.mdx b/api_docs/vis_type_vislib.mdx index 4a0ff7e403efa4..9c92d4649afd2e 100644 --- a/api_docs/vis_type_vislib.mdx +++ b/api_docs/vis_type_vislib.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVislib title: "visTypeVislib" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVislib plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVislib'] --- import visTypeVislibObj from './vis_type_vislib.devdocs.json'; diff --git a/api_docs/vis_type_xy.mdx b/api_docs/vis_type_xy.mdx index 40ebbe2c78bdd4..c1e88b69f7acb0 100644 --- a/api_docs/vis_type_xy.mdx +++ b/api_docs/vis_type_xy.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeXy title: "visTypeXy" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeXy plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeXy'] --- import visTypeXyObj from './vis_type_xy.devdocs.json'; diff --git a/api_docs/visualizations.mdx b/api_docs/visualizations.mdx index f17cba637e7c4f..678ee4d217f204 100644 --- a/api_docs/visualizations.mdx +++ b/api_docs/visualizations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visualizations title: "visualizations" image: https://source.unsplash.com/400x175/?github description: API docs for the visualizations plugin -date: 2023-11-19 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visualizations'] --- import visualizationsObj from './visualizations.devdocs.json'; diff --git a/catalog-info.yaml b/catalog-info.yaml index e7aa1200044861..96b4c146590a63 100644 --- a/catalog-info.yaml +++ b/catalog-info.yaml @@ -54,6 +54,8 @@ spec: provider_settings: trigger_mode: none teams: + kibana-release-operators: + access_level: MANAGE_BUILD_AND_READ kibana-operations: access_level: MANAGE_BUILD_AND_READ appex-qa: diff --git a/docs/user/dashboard/images/dashboard_links_panel.png b/docs/user/dashboard/images/dashboard_links_panel.png index f6334f4df29f48..23b37879378ef4 100644 Binary files a/docs/user/dashboard/images/dashboard_links_panel.png and b/docs/user/dashboard/images/dashboard_links_panel.png differ diff --git a/docs/user/plugins.asciidoc b/docs/user/plugins.asciidoc index 0bf407ac1ff900..8dc3d8b6e9e0d5 100644 --- a/docs/user/plugins.asciidoc +++ b/docs/user/plugins.asciidoc @@ -81,7 +81,6 @@ Use it to create, edit and embed visualizations, and also to search inside an em * https://github.com/sw-jung/kibana_markdown_doc_view[Markdown Doc View] (sw-jung) - A plugin for custom doc view using markdown+handlebars template. * https://github.com/datasweet-fr/kibana-datasweet-formula[Datasweet Formula] (datasweet) - enables calculated metric on any standard Kibana visualization. -* https://github.com/pjhampton/kibana-prometheus-exporter[Prometheus Exporter] - exports the Kibana metrics in the prometheus format NOTE: To add your plugin to this page, open a {kib-repo}tree/{branch}/docs/plugins/known-plugins.asciidoc[pull request]. @@ -183,4 +182,4 @@ you must specify the path to that configuration file each time you use the `bin/ 0:: Success 64:: Unknown command or incorrect option parameter 74:: I/O error -70:: Other error +70:: Other error \ No newline at end of file diff --git a/package.json b/package.json index fd9c91a03d08a5..b2ef6e211107c1 100644 --- a/package.json +++ b/package.json @@ -353,6 +353,7 @@ "@kbn/crypto": "link:packages/kbn-crypto", "@kbn/crypto-browser": "link:packages/kbn-crypto-browser", "@kbn/custom-branding-plugin": "link:x-pack/plugins/custom_branding", + "@kbn/custom-icons": "link:packages/kbn-custom-icons", "@kbn/custom-integrations": "link:packages/kbn-custom-integrations", "@kbn/custom-integrations-plugin": "link:src/plugins/custom_integrations", "@kbn/dashboard-enhanced-plugin": "link:x-pack/plugins/dashboard_enhanced", @@ -390,6 +391,7 @@ "@kbn/ecs": "link:packages/kbn-ecs", "@kbn/ecs-data-quality-dashboard": "link:x-pack/packages/security-solution/ecs_data_quality_dashboard", "@kbn/ecs-data-quality-dashboard-plugin": "link:x-pack/plugins/ecs_data_quality_dashboard", + "@kbn/elastic-agent-utils": "link:packages/kbn-elastic-agent-utils", "@kbn/elastic-assistant": "link:x-pack/packages/kbn-elastic-assistant", "@kbn/elastic-assistant-plugin": "link:x-pack/plugins/elastic_assistant", "@kbn/elasticsearch-client-plugin": "link:test/plugin_functional/plugins/elasticsearch_client_plugin", @@ -922,7 +924,7 @@ "getos": "^3.1.0", "globby": "^11.1.0", "gpt-tokenizer": "^2.1.2", - "handlebars": "4.7.7", + "handlebars": "4.7.8", "he": "^1.2.0", "history": "^4.9.0", "hjson": "3.2.1", @@ -1467,7 +1469,7 @@ "blob-polyfill": "^7.0.20220408", "callsites": "^3.1.0", "chance": "1.0.18", - "chromedriver": "^119.0.0", + "chromedriver": "^119.0.1", "clean-webpack-plugin": "^3.0.0", "cli-table3": "^0.6.1", "copy-webpack-plugin": "^6.0.2", diff --git a/packages/analytics/shippers/fullstory/src/fullstory_shipper.test.mocks.ts b/packages/analytics/shippers/fullstory/src/fullstory_shipper.test.mocks.ts index fadd1ffee2ae0f..7608606c39395c 100644 --- a/packages/analytics/shippers/fullstory/src/fullstory_shipper.test.mocks.ts +++ b/packages/analytics/shippers/fullstory/src/fullstory_shipper.test.mocks.ts @@ -6,6 +6,7 @@ * Side Public License, v 1. */ +import * as RxJS from 'rxjs'; import type { FullStoryApi } from './types'; export const fullStoryApiMock: jest.Mocked = { @@ -22,3 +23,10 @@ jest.doMock('./load_snippet', () => { loadSnippet: () => fullStoryApiMock, }; }); + +jest.doMock('rxjs', () => { + return { + ...RxJS, + debounceTime: () => RxJS.identity, + }; +}); diff --git a/packages/analytics/shippers/fullstory/src/fullstory_shipper.test.ts b/packages/analytics/shippers/fullstory/src/fullstory_shipper.test.ts index 4e874b405add1d..88f53fd7f837d0 100644 --- a/packages/analytics/shippers/fullstory/src/fullstory_shipper.test.ts +++ b/packages/analytics/shippers/fullstory/src/fullstory_shipper.test.ts @@ -28,6 +28,10 @@ describe('FullStoryShipper', () => { ); }); + afterEach(() => { + fullstoryShipper.shutdown(); + }); + describe('extendContext', () => { describe('FS.identify', () => { test('calls `identify` when the userId is provided', () => { @@ -119,6 +123,21 @@ describe('FullStoryShipper', () => { labels: { serverless_str: 'test' }, }); }); + + test('emits once only if nothing changes', () => { + const context = { + userId: 'test-user-id', + version: '1.2.3', + cloudId: 'test-es-org-id', + labels: { serverless: 'test' }, + foo: 'bar', + }; + fullstoryShipper.extendContext(context); + fullstoryShipper.extendContext(context); + expect(fullStoryApiMock.setVars).toHaveBeenCalledTimes(1); + fullstoryShipper.extendContext(context); + expect(fullStoryApiMock.setVars).toHaveBeenCalledTimes(1); + }); }); }); diff --git a/packages/analytics/shippers/fullstory/src/fullstory_shipper.ts b/packages/analytics/shippers/fullstory/src/fullstory_shipper.ts index bcb95ae38f1fb1..a4ad730f87b2e1 100644 --- a/packages/analytics/shippers/fullstory/src/fullstory_shipper.ts +++ b/packages/analytics/shippers/fullstory/src/fullstory_shipper.ts @@ -12,6 +12,7 @@ import type { Event, IShipper, } from '@kbn/analytics-client'; +import { Subject, distinct, debounceTime, map, filter, Subscription } from 'rxjs'; import { get, has } from 'lodash'; import { set } from '@kbn/safer-lodash-set'; import type { FullStoryApi } from './types'; @@ -55,8 +56,18 @@ export interface FullStoryShipperConfig extends FullStorySnippetConfig { * If this setting is provided, it'll only send the event types specified in this list. */ eventTypesAllowlist?: string[]; + pageVarsDebounceTimeMs?: number; } +interface FullStoryUserVars { + userId?: string; + isElasticCloudUser?: boolean; + cloudIsElasticStaffOwned?: boolean; + cloudTrialEndDate?: string; +} + +type FullStoryPageContext = Pick; + /** * FullStory shipper. */ @@ -67,6 +78,9 @@ export class FullStoryShipper implements IShipper { private readonly fullStoryApi: FullStoryApi; private lastUserId: string | undefined; private readonly eventTypesAllowlist?: string[]; + private readonly pageContext$ = new Subject(); + private readonly userContext$ = new Subject(); + private readonly subscriptions = new Subscription(); /** * Creates a new instance of the FullStoryShipper. @@ -77,9 +91,54 @@ export class FullStoryShipper implements IShipper { config: FullStoryShipperConfig, private readonly initContext: AnalyticsClientInitContext ) { - const { eventTypesAllowlist, ...snippetConfig } = config; + const { eventTypesAllowlist, pageVarsDebounceTimeMs = 500, ...snippetConfig } = config; this.fullStoryApi = loadSnippet(snippetConfig); this.eventTypesAllowlist = eventTypesAllowlist; + + this.subscriptions.add( + this.userContext$ + .pipe( + distinct(({ userId, isElasticCloudUser, cloudIsElasticStaffOwned, cloudTrialEndDate }) => + [userId, isElasticCloudUser, cloudIsElasticStaffOwned, cloudTrialEndDate].join('-') + ) + ) + .subscribe((userVars) => this.updateUserVars(userVars)) + ); + + this.subscriptions.add( + this.pageContext$ + .pipe( + map((newContext) => { + // Cherry-picking fields because FS limits the number of fields that can be sent. + // > Note: You can capture up to 20 unique page properties (exclusive of pageName) for any given page + // > and up to 500 unique page properties across all pages. + // https://help.fullstory.com/hc/en-us/articles/1500004101581-FS-setVars-API-Sending-custom-page-data-to-FullStory + return PAGE_VARS_KEYS.reduce((acc, key) => { + if (has(newContext, key)) { + set(acc, key, get(newContext, key)); + } + return acc; + }, {} as Partial & Record); + }), + filter((pageVars) => Object.keys(pageVars).length > 0), + // Wait for anything to actually change. + distinct((pageVars) => { + const sortedKeys = Object.keys(pageVars).sort(); + return sortedKeys.map((key) => pageVars[key]).join('-'); + }), + // We need some debounce time to ensure everything is updated before calling FS because some properties cannot be changed twice for the same URL. + debounceTime(pageVarsDebounceTimeMs) + ) + .subscribe((pageVars) => { + this.initContext.logger.debug( + `Calling FS.setVars with context ${JSON.stringify(pageVars)}` + ); + this.fullStoryApi.setVars('page', { + ...formatPayload(pageVars), + ...(pageVars.version ? getParsedVersion(pageVars.version) : {}), + }); + }) + ); } /** @@ -89,57 +148,11 @@ export class FullStoryShipper implements IShipper { public extendContext(newContext: EventContext): void { this.initContext.logger.debug(`Received context ${JSON.stringify(newContext)}`); - // FullStory requires different APIs for different type of contexts. - const { - userId, - isElasticCloudUser, - cloudIsElasticStaffOwned, - cloudTrialEndDate, - ...nonUserContext - } = newContext; - - // Call it only when the userId changes - if (userId && userId !== this.lastUserId) { - this.initContext.logger.debug(`Calling FS.identify with userId ${userId}`); - // We need to call the API for every new userId (restarting the session). - this.fullStoryApi.identify(userId); - this.lastUserId = userId; - } - - // User-level context - if ( - typeof isElasticCloudUser === 'boolean' || - typeof cloudIsElasticStaffOwned === 'boolean' || - cloudTrialEndDate - ) { - const userVars = { - isElasticCloudUser, - cloudIsElasticStaffOwned, - cloudTrialEndDate, - }; - this.initContext.logger.debug(`Calling FS.setUserVars with ${JSON.stringify(userVars)}`); - this.fullStoryApi.setUserVars(formatPayload(userVars)); - } - - // Cherry-picking fields because FS limits the number of fields that can be sent. - // > Note: You can capture up to 20 unique page properties (exclusive of pageName) for any given page - // > and up to 500 unique page properties across all pages. - // https://help.fullstory.com/hc/en-us/articles/1500004101581-FS-setVars-API-Sending-custom-page-data-to-FullStory - const pageVars = PAGE_VARS_KEYS.reduce((acc, key) => { - if (has(nonUserContext, key)) { - set(acc, key, get(nonUserContext, key)); - } - return acc; - }, {} as Partial> & Record); - + // FullStory requires different APIs for different type of contexts: + // User-level context. + this.userContext$.next(newContext); // Event-level context. At the moment, only the scope `page` is supported by FullStory for webapps. - if (Object.keys(pageVars).length) { - this.initContext.logger.debug(`Calling FS.setVars with context ${JSON.stringify(pageVars)}`); - this.fullStoryApi.setVars('page', { - ...formatPayload(pageVars), - ...(pageVars.version ? getParsedVersion(pageVars.version) : {}), - }); - } + this.pageContext$.next(newContext); } /** @@ -184,9 +197,38 @@ export class FullStoryShipper implements IShipper { /** * Shuts down the shipper. - * It doesn't really do anything inside because this shipper doesn't hold any internal queues. */ public shutdown() { - // No need to do anything here for now. + this.subscriptions.unsubscribe(); + } + + private updateUserVars({ + userId, + isElasticCloudUser, + cloudIsElasticStaffOwned, + cloudTrialEndDate, + }: FullStoryUserVars) { + // Call it only when the userId changes + if (userId && userId !== this.lastUserId) { + this.initContext.logger.debug(`Calling FS.identify with userId ${userId}`); + // We need to call the API for every new userId (restarting the session). + this.fullStoryApi.identify(userId); + this.lastUserId = userId; + } + + // User-level context + if ( + typeof isElasticCloudUser === 'boolean' || + typeof cloudIsElasticStaffOwned === 'boolean' || + cloudTrialEndDate + ) { + const userVars = { + isElasticCloudUser, + cloudIsElasticStaffOwned, + cloudTrialEndDate, + }; + this.initContext.logger.debug(`Calling FS.setUserVars with ${JSON.stringify(userVars)}`); + this.fullStoryApi.setUserVars(formatPayload(userVars)); + } } } diff --git a/packages/core/chrome/core-chrome-browser-internal/src/project_navigation/breadcrumbs.tsx b/packages/core/chrome/core-chrome-browser-internal/src/project_navigation/breadcrumbs.tsx index 8bd690fba8a7e0..089613939c8333 100644 --- a/packages/core/chrome/core-chrome-browser-internal/src/project_navigation/breadcrumbs.tsx +++ b/packages/core/chrome/core-chrome-browser-internal/src/project_navigation/breadcrumbs.tsx @@ -100,6 +100,8 @@ function buildRootCrumb({ i18n.translate('core.ui.primaryNav.cloud.projectLabel', { defaultMessage: 'Project', }), + // increase the max-width of the root breadcrumb to not truncate too soon + style: { maxWidth: '320px' }, popoverContent: ( { "popoverProps": Object { "panelPaddingSize": "none", }, + "style": Object { + "maxWidth": "320px", + }, "text": "Project", }, Object { @@ -176,6 +179,9 @@ describe('breadcrumbs', () => { "popoverProps": Object { "panelPaddingSize": "none", }, + "style": Object { + "maxWidth": "320px", + }, "text": "Project", }, Object { @@ -232,6 +238,9 @@ describe('breadcrumbs', () => { "popoverProps": Object { "panelPaddingSize": "none", }, + "style": Object { + "maxWidth": "320px", + }, "text": "Project", }, Object { diff --git a/packages/core/chrome/core-chrome-browser-internal/src/ui/project/breadcrumbs.tsx b/packages/core/chrome/core-chrome-browser-internal/src/ui/project/breadcrumbs.tsx index 4ce22ba727e11b..0d453290ba3c4b 100644 --- a/packages/core/chrome/core-chrome-browser-internal/src/ui/project/breadcrumbs.tsx +++ b/packages/core/chrome/core-chrome-browser-internal/src/ui/project/breadcrumbs.tsx @@ -43,5 +43,18 @@ export function Breadcrumbs({ breadcrumbs$ }: Props) { }; }); - return ; + return ( + + ); } diff --git a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/bulk_create.test.ts b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/bulk_create.test.ts new file mode 100644 index 00000000000000..3faeee08048ef4 --- /dev/null +++ b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/bulk_create.test.ts @@ -0,0 +1,1048 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +/* eslint-disable @typescript-eslint/no-shadow */ + +import { + pointInTimeFinderMock, + mockGetBulkOperationError, + mockGetCurrentTime, + mockPreflightCheckForCreate, + mockGetSearchDsl, +} from '../repository.test.mock'; + +import type { Payload } from '@hapi/boom'; + +import type { SavedObjectsBulkCreateObject } from '@kbn/core-saved-objects-api-server'; +import { + type SavedObjectsRawDoc, + type SavedObjectUnsanitizedDoc, + type SavedObjectReference, +} from '@kbn/core-saved-objects-server'; +import { ALL_NAMESPACES_STRING } from '@kbn/core-saved-objects-utils-server'; +import { SavedObjectsRepository } from '../repository'; +import { loggerMock } from '@kbn/logging-mocks'; +import { SavedObjectsSerializer } from '@kbn/core-saved-objects-base-server-internal'; +import { kibanaMigratorMock } from '../../mocks'; +import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks'; + +import { + CUSTOM_INDEX_TYPE, + NAMESPACE_AGNOSTIC_TYPE, + MULTI_NAMESPACE_TYPE, + MULTI_NAMESPACE_ISOLATED_TYPE, + HIDDEN_TYPE, + mockVersionProps, + mockTimestampFields, + mockTimestamp, + mappings, + mockVersion, + createRegistry, + createDocumentMigrator, + createSpySerializer, + bulkCreateSuccess, + getMockBulkCreateResponse, + expectErrorResult, + expectErrorInvalidType, + expectErrorConflict, + expectError, + createBadRequestErrorPayload, + expectCreateResult, + mockTimestampFieldsWithCreated, +} from '../../test_helpers/repository.test.common'; + +// BEWARE: The SavedObjectClient depends on the implementation details of the SavedObjectsRepository +// so any breaking changes to this repository are considered breaking changes to the SavedObjectsClient. + +interface ExpectedErrorResult { + type: string; + id: string; + error: Record; +} + +describe('SavedObjectsRepository', () => { + let client: ReturnType; + let repository: SavedObjectsRepository; + let migrator: ReturnType; + let logger: ReturnType; + let serializer: jest.Mocked; + + const registry = createRegistry(); + const documentMigrator = createDocumentMigrator(registry); + + const expectSuccess = ({ type, id }: { type: string; id: string }) => { + // @ts-expect-error TS is not aware of the extension + return expect.toBeDocumentWithoutError(type, id); + }; + + const expectMigrationArgs = (args: unknown, contains = true, n = 1) => { + const obj = contains ? expect.objectContaining(args) : expect.not.objectContaining(args); + expect(migrator.migrateDocument).toHaveBeenNthCalledWith( + n, + obj, + expect.objectContaining({ + allowDowngrade: expect.any(Boolean), + }) + ); + }; + + beforeEach(() => { + pointInTimeFinderMock.mockClear(); + client = elasticsearchClientMock.createElasticsearchClient(); + migrator = kibanaMigratorMock.create(); + documentMigrator.prepareMigrations(); + migrator.migrateDocument = jest.fn().mockImplementation(documentMigrator.migrate); + migrator.runMigrations = jest.fn().mockResolvedValue([{ status: 'skipped' }]); + logger = loggerMock.create(); + + // create a mock serializer "shim" so we can track function calls, but use the real serializer's implementation + serializer = createSpySerializer(registry); + + const allTypes = registry.getAllTypes().map((type) => type.name); + const allowedTypes = [...new Set(allTypes.filter((type) => !registry.isHidden(type)))]; + + // @ts-expect-error must use the private constructor to use the mocked serializer + repository = new SavedObjectsRepository({ + index: '.kibana-test', + mappings, + client, + migrator, + typeRegistry: registry, + serializer, + allowedTypes, + logger, + }); + + mockGetCurrentTime.mockReturnValue(mockTimestamp); + mockGetSearchDsl.mockClear(); + }); + + // Setup migration mock for creating an object + const mockMigrationVersion = { foo: '2.3.4' }; + const mockMigrateDocument = (doc: SavedObjectUnsanitizedDoc) => ({ + ...doc, + attributes: { + ...doc.attributes, + ...(doc.attributes?.title && { title: `${doc.attributes.title}!!` }), + }, + migrationVersion: mockMigrationVersion, + managed: doc.managed ?? false, + references: [{ name: 'search_0', type: 'search', id: '123' }], + }); + + describe('#bulkCreate', () => { + beforeEach(() => { + mockPreflightCheckForCreate.mockReset(); + mockPreflightCheckForCreate.mockImplementation(({ objects }) => { + return Promise.resolve(objects.map(({ type, id }) => ({ type, id }))); // respond with no errors by default + }); + }); + + const obj1 = { + type: 'config', + id: '6.0.0-alpha1', + attributes: { title: 'Test One' }, + references: [{ name: 'ref_0', type: 'test', id: '1' }], + managed: false, + }; + const obj2 = { + type: 'index-pattern', + id: 'logstash-*', + attributes: { title: 'Test Two' }, + references: [{ name: 'ref_0', type: 'test', id: '2' }], + managed: false, + }; + const namespace = 'foo-namespace'; + + // bulk create calls have two objects for each source -- the action, and the source + const expectClientCallArgsAction = ( + objects: Array<{ type: string; id?: string; if_primary_term?: string; if_seq_no?: string }>, + { + method, + _index = expect.any(String), + getId = () => expect.any(String), + }: { method: string; _index?: string; getId?: (type: string, id?: string) => string } + ) => { + const body = []; + for (const { type, id, if_primary_term: ifPrimaryTerm, if_seq_no: ifSeqNo } of objects) { + body.push({ + [method]: { + _index, + _id: getId(type, id), + ...(ifPrimaryTerm && ifSeqNo + ? { if_primary_term: expect.any(Number), if_seq_no: expect.any(Number) } + : {}), + }, + }); + body.push(expect.any(Object)); + } + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }; + + const expectObjArgs = ( + { + type, + attributes, + references, + }: { type: string; attributes: unknown; references?: SavedObjectReference[] }, + overrides: Record = {} + ) => [ + expect.any(Object), + expect.objectContaining({ + [type]: attributes, + references, + type, + ...overrides, + ...mockTimestampFields, + }), + ]; + describe('client calls', () => { + it(`should use the ES bulk action by default`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2]); + expect(client.bulk).toHaveBeenCalledTimes(1); + }); + + it(`should use the preflightCheckForCreate action before bulk action for any types that are multi-namespace, when id is defined`, async () => { + const objects = [obj1, { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }]; + await bulkCreateSuccess(client, repository, objects); + expect(client.bulk).toHaveBeenCalledTimes(1); + expect(mockPreflightCheckForCreate).toHaveBeenCalledTimes(1); + expect(mockPreflightCheckForCreate).toHaveBeenCalledWith( + expect.objectContaining({ + objects: [ + { + type: MULTI_NAMESPACE_ISOLATED_TYPE, + id: obj2.id, + overwrite: false, + namespaces: ['default'], + }, + ], + }) + ); + }); + + it(`should use the ES create method if ID is undefined and overwrite=true`, async () => { + const objects = [obj1, obj2].map((obj) => ({ ...obj, id: undefined })); + await bulkCreateSuccess(client, repository, objects, { overwrite: true }); + expectClientCallArgsAction(objects, { method: 'create' }); + }); + + it(`should use the ES create method if ID is undefined and overwrite=false`, async () => { + const objects = [obj1, obj2].map((obj) => ({ ...obj, id: undefined })); + await bulkCreateSuccess(client, repository, objects); + expectClientCallArgsAction(objects, { method: 'create' }); + }); + + it(`should use the ES index method if ID is defined and overwrite=true`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2], { overwrite: true }); + expectClientCallArgsAction([obj1, obj2], { method: 'index' }); + }); + + it(`should use the ES index method with version if ID and version are defined and overwrite=true`, async () => { + await bulkCreateSuccess( + client, + repository, + [ + { + ...obj1, + version: mockVersion, + }, + obj2, + ], + { overwrite: true } + ); + + const obj1WithSeq = { + ...obj1, + managed: obj1.managed, + if_seq_no: mockVersionProps._seq_no, + if_primary_term: mockVersionProps._primary_term, + }; + + expectClientCallArgsAction([obj1WithSeq, obj2], { method: 'index' }); + }); + + it(`should use the ES create method if ID is defined and overwrite=false`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2]); + expectClientCallArgsAction([obj1, obj2], { method: 'create' }); + }); + + it(`should use the ES index method if ID is defined, overwrite=true and managed=true in a document`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2], { + overwrite: true, + managed: true, + }); + expectClientCallArgsAction([obj1, obj2], { method: 'index' }); + }); + + it(`should use the ES create method if ID is defined, overwrite=false and managed=true in a document`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2], { managed: true }); + expectClientCallArgsAction([obj1, obj2], { method: 'create' }); + }); + + it(`formats the ES request`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2]); + const body = [...expectObjArgs(obj1), ...expectObjArgs(obj2)]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + // this test only ensures that the client accepts the managed field in a document + it(`formats the ES request with managed=true in a document`, async () => { + const obj1WithManagedTrue = { ...obj1, managed: true }; + const obj2WithManagedTrue = { ...obj2, managed: true }; + await bulkCreateSuccess(client, repository, [obj1WithManagedTrue, obj2WithManagedTrue]); + const body = [...expectObjArgs(obj1WithManagedTrue), ...expectObjArgs(obj2WithManagedTrue)]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + + describe('originId', () => { + it(`returns error if originId is set for non-multi-namespace type`, async () => { + const result = await repository.bulkCreate([ + { ...obj1, originId: 'some-originId' }, + { ...obj2, type: NAMESPACE_AGNOSTIC_TYPE, originId: 'some-originId' }, + ]); + expect(result.saved_objects).toEqual([ + expect.objectContaining({ id: obj1.id, type: obj1.type, error: expect.anything() }), + expect.objectContaining({ + id: obj2.id, + type: NAMESPACE_AGNOSTIC_TYPE, + error: expect.anything(), + }), + ]); + expect(client.bulk).not.toHaveBeenCalled(); + }); + + it(`defaults to no originId`, async () => { + const objects = [ + { ...obj1, type: MULTI_NAMESPACE_TYPE }, + { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }, + ]; + + await bulkCreateSuccess(client, repository, objects); + const expected = expect.not.objectContaining({ originId: expect.anything() }); + const body = [expect.any(Object), expected, expect.any(Object), expected]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + + describe('with existing originId', () => { + beforeEach(() => { + mockPreflightCheckForCreate.mockImplementation(({ objects }) => { + const existingDocument = { + _source: { originId: 'existing-originId' }, + } as SavedObjectsRawDoc; + return Promise.resolve( + objects.map(({ type, id }) => ({ type, id, existingDocument })) + ); + }); + }); + + it(`accepts custom originId for multi-namespace type`, async () => { + // The preflight result has `existing-originId`, but that is discarded + const objects = [ + { ...obj1, type: MULTI_NAMESPACE_TYPE, originId: 'some-originId' }, + { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE, originId: 'some-originId' }, + ]; + await bulkCreateSuccess(client, repository, objects); + const expected = expect.objectContaining({ originId: 'some-originId' }); + const body = [expect.any(Object), expected, expect.any(Object), expected]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + + it(`accepts undefined originId`, async () => { + // The preflight result has `existing-originId`, but that is discarded + const objects = [ + { ...obj1, type: MULTI_NAMESPACE_TYPE, originId: undefined }, + { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE, originId: undefined }, + ]; + await bulkCreateSuccess(client, repository, objects); + const expected = expect.not.objectContaining({ originId: expect.anything() }); + const body = [expect.any(Object), expected, expect.any(Object), expected]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + + it(`preserves existing originId if originId option is not set`, async () => { + const objects = [ + { ...obj1, type: MULTI_NAMESPACE_TYPE }, + { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }, + ]; + await bulkCreateSuccess(client, repository, objects); + const expected = expect.objectContaining({ originId: 'existing-originId' }); + const body = [expect.any(Object), expected, expect.any(Object), expected]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + }); + }); + + it(`adds namespace to request body for any types that are single-namespace`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace }); + const expected = expect.objectContaining({ namespace }); + const body = [expect.any(Object), expected, expect.any(Object), expected]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + + // this only ensures we don't override any other options + it(`adds managed=false to request body if declared for any types that are single-namespace`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace, managed: false }); + const expected = expect.objectContaining({ namespace, managed: false }); + const body = [expect.any(Object), expected, expect.any(Object), expected]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + // this only ensures we don't override any other options + it(`adds managed=true to request body if declared for any types that are single-namespace`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace, managed: true }); + const expected = expect.objectContaining({ namespace, managed: true }); + const body = [expect.any(Object), expected, expect.any(Object), expected]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + + it(`normalizes options.namespace from 'default' to undefined`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace: 'default' }); + const expected = expect.not.objectContaining({ namespace: 'default' }); + const body = [expect.any(Object), expected, expect.any(Object), expected]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + + it(`doesn't add namespace to request body for any types that are not single-namespace`, async () => { + const objects = [ + { ...obj1, type: NAMESPACE_AGNOSTIC_TYPE }, + { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }, + ]; + await bulkCreateSuccess(client, repository, objects, { namespace }); + const expected = expect.not.objectContaining({ namespace: expect.anything() }); + const body = [expect.any(Object), expected, expect.any(Object), expected]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + }); + + it(`adds namespaces to request body for any types that are multi-namespace`, async () => { + const test = async (namespace?: string) => { + const objects = [obj1, obj2].map((x) => ({ ...x, type: MULTI_NAMESPACE_ISOLATED_TYPE })); + const [o1, o2] = objects; + mockPreflightCheckForCreate.mockResolvedValueOnce([ + { type: o1.type, id: o1.id! }, // first object does not have an existing document to overwrite + { + type: o2.type, + id: o2.id!, + existingDocument: { _id: o2.id!, _source: { namespaces: ['*'], type: o2.type } }, // second object does have an existing document to overwrite + }, + ]); + await bulkCreateSuccess(client, repository, objects, { namespace, overwrite: true }); + const expected1 = expect.objectContaining({ namespaces: [namespace ?? 'default'] }); + const expected2 = expect.objectContaining({ namespaces: ['*'] }); + const body = [expect.any(Object), expected1, expect.any(Object), expected2]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + client.bulk.mockClear(); + mockPreflightCheckForCreate.mockReset(); + }; + await test(undefined); + await test(namespace); + }); + + it(`adds initialNamespaces instead of namespace`, async () => { + const test = async (namespace?: string) => { + const ns2 = 'bar-namespace'; + const ns3 = 'baz-namespace'; + const objects = [ + { ...obj1, type: 'dashboard', initialNamespaces: [ns2] }, + { ...obj1, type: MULTI_NAMESPACE_ISOLATED_TYPE, initialNamespaces: [ns2] }, + { ...obj1, type: MULTI_NAMESPACE_TYPE, initialNamespaces: [ns2, ns3] }, + ]; + const [o1, o2, o3] = objects; + mockPreflightCheckForCreate.mockResolvedValueOnce([ + // first object does not get passed in to preflightCheckForCreate at all + { type: o2.type, id: o2.id! }, // second object does not have an existing document to overwrite + { + type: o3.type, + id: o3.id!, + existingDocument: { + _id: o3.id!, + _source: { type: o3.type, namespaces: [namespace ?? 'default', 'something-else'] }, // third object does have an existing document to overwrite + }, + }, + ]); + await bulkCreateSuccess(client, repository, objects, { namespace, overwrite: true }); + const body = [ + { index: expect.objectContaining({ _id: `${ns2}:dashboard:${o1.id}` }) }, + expect.objectContaining({ namespace: ns2 }), + { + index: expect.objectContaining({ + _id: `${MULTI_NAMESPACE_ISOLATED_TYPE}:${o2.id}`, + }), + }, + expect.objectContaining({ namespaces: [ns2] }), + { index: expect.objectContaining({ _id: `${MULTI_NAMESPACE_TYPE}:${o3.id}` }) }, + expect.objectContaining({ namespaces: [ns2, ns3] }), + ]; + expect(mockPreflightCheckForCreate).toHaveBeenCalledWith( + expect.objectContaining({ + objects: [ + // assert that the initialNamespaces fields were passed into preflightCheckForCreate instead of the current namespace + { type: o2.type, id: o2.id, overwrite: true, namespaces: o2.initialNamespaces }, + { type: o3.type, id: o3.id, overwrite: true, namespaces: o3.initialNamespaces }, + ], + }) + ); + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + client.bulk.mockClear(); + mockPreflightCheckForCreate.mockReset(); + }; + await test(undefined); + await test(namespace); + }); + + it(`normalizes initialNamespaces from 'default' to undefined`, async () => { + const test = async (namespace?: string) => { + const objects = [{ ...obj1, type: 'dashboard', initialNamespaces: ['default'] }]; + await bulkCreateSuccess(client, repository, objects, { namespace, overwrite: true }); + const body = [ + { index: expect.objectContaining({ _id: `dashboard:${obj1.id}` }) }, + expect.not.objectContaining({ namespace: 'default' }), + ]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + client.bulk.mockClear(); + }; + await test(undefined); + await test(namespace); + }); + + it(`doesn't add namespaces to request body for any types that are not multi-namespace`, async () => { + const test = async (namespace?: string) => { + const objects = [obj1, { ...obj2, type: NAMESPACE_AGNOSTIC_TYPE }]; + await bulkCreateSuccess(client, repository, objects, { namespace, overwrite: true }); + const expected = expect.not.objectContaining({ namespaces: expect.anything() }); + const body = [expect.any(Object), expected, expect.any(Object), expected]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + client.bulk.mockClear(); + }; + await test(undefined); + await test(namespace); + }); + + it(`defaults to a refresh setting of wait_for`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2]); + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ refresh: 'wait_for' }), + expect.anything() + ); + }); + + it(`should use default index`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2]); + expectClientCallArgsAction([obj1, obj2], { + method: 'create', + _index: '.kibana-test_8.0.0-testing', + }); + }); + + it(`should use custom index`, async () => { + await bulkCreateSuccess( + client, + repository, + [obj1, obj2].map((x) => ({ ...x, type: CUSTOM_INDEX_TYPE })) + ); + expectClientCallArgsAction([obj1, obj2], { + method: 'create', + _index: 'custom_8.0.0-testing', + }); + }); + + it(`prepends namespace to the id when providing namespace for single-namespace type`, async () => { + const getId = (type: string, id: string = '') => `${namespace}:${type}:${id}`; // test that the raw document ID equals this (e.g., has a namespace prefix) + await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace }); + expectClientCallArgsAction([obj1, obj2], { method: 'create', getId }); + }); + + it(`doesn't prepend namespace to the id when providing no namespace for single-namespace type`, async () => { + const getId = (type: string, id: string = '') => `${type}:${id}`; // test that the raw document ID equals this (e.g., does not have a namespace prefix) + await bulkCreateSuccess(client, repository, [obj1, obj2]); + expectClientCallArgsAction([obj1, obj2], { method: 'create', getId }); + }); + + it(`doesn't prepend namespace to the id when not using single-namespace type`, async () => { + const getId = (type: string, id: string = '') => `${type}:${id}`; // test that the raw document ID equals this (e.g., does not have a namespace prefix) + const objects = [ + { ...obj1, type: NAMESPACE_AGNOSTIC_TYPE }, + { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }, + ]; + await bulkCreateSuccess(client, repository, objects, { namespace }); + expectClientCallArgsAction(objects, { method: 'create', getId }); + }); + }); + + describe('errors', () => { + afterEach(() => { + mockGetBulkOperationError.mockReset(); + }); + + const obj3 = { + type: 'dashboard', + id: 'three', + attributes: { title: 'Test Three' }, + references: [{ name: 'ref_0', type: 'test', id: '2' }], + }; + + const bulkCreateError = async ( + obj: SavedObjectsBulkCreateObject, + isBulkError: boolean | undefined, + expectedErrorResult: ExpectedErrorResult + ) => { + let response; + if (isBulkError) { + // mock the bulk error for only the second object + mockGetBulkOperationError.mockReturnValueOnce(undefined); + mockGetBulkOperationError.mockReturnValueOnce(expectedErrorResult.error as Payload); + response = getMockBulkCreateResponse([obj1, obj, obj2]); + } else { + response = getMockBulkCreateResponse([obj1, obj2]); + } + client.bulk.mockResponseOnce(response); + + const objects = [obj1, obj, obj2]; + const result = await repository.bulkCreate(objects); + expect(client.bulk).toHaveBeenCalled(); + const objCall = isBulkError ? expectObjArgs(obj) : []; + const body = [...expectObjArgs(obj1), ...objCall, ...expectObjArgs(obj2)]; + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body }), + expect.anything() + ); + expect(result).toEqual({ + saved_objects: [expectSuccess(obj1), expectedErrorResult, expectSuccess(obj2)], + }); + }; + + it(`throws when options.namespace is '*'`, async () => { + await expect( + repository.bulkCreate([obj3], { namespace: ALL_NAMESPACES_STRING }) + ).rejects.toThrowError(createBadRequestErrorPayload('"options.namespace" cannot be "*"')); + }); + + it(`returns error when initialNamespaces is used with a space-agnostic object`, async () => { + const obj = { ...obj3, type: NAMESPACE_AGNOSTIC_TYPE, initialNamespaces: [] }; + await bulkCreateError( + obj, + undefined, + expectErrorResult( + obj, + createBadRequestErrorPayload( + '"initialNamespaces" cannot be used on space-agnostic types' + ) + ) + ); + }); + + it(`returns error when initialNamespaces is empty`, async () => { + const obj = { ...obj3, type: MULTI_NAMESPACE_TYPE, initialNamespaces: [] }; + await bulkCreateError( + obj, + undefined, + expectErrorResult( + obj, + createBadRequestErrorPayload('"initialNamespaces" must be a non-empty array of strings') + ) + ); + }); + + it(`returns error when initialNamespaces is used with a space-isolated object and does not specify a single space`, async () => { + const doTest = async (objType: string, initialNamespaces: string[]) => { + const obj = { ...obj3, type: objType, initialNamespaces }; + await bulkCreateError( + obj, + undefined, + expectErrorResult( + obj, + createBadRequestErrorPayload( + '"initialNamespaces" can only specify a single space when used with space-isolated types' + ) + ) + ); + }; + await doTest('dashboard', ['spacex', 'spacey']); + await doTest('dashboard', ['*']); + await doTest(MULTI_NAMESPACE_ISOLATED_TYPE, ['spacex', 'spacey']); + await doTest(MULTI_NAMESPACE_ISOLATED_TYPE, ['*']); + }); + + it(`returns error when type is invalid`, async () => { + const obj = { ...obj3, type: 'unknownType' }; + await bulkCreateError(obj, undefined, expectErrorInvalidType(obj)); + }); + + it(`returns error when type is hidden`, async () => { + const obj = { ...obj3, type: HIDDEN_TYPE }; + await bulkCreateError(obj, undefined, expectErrorInvalidType(obj)); + }); + + it(`returns error when there is a conflict from preflightCheckForCreate`, async () => { + const objects = [ + // only the second, third, and fourth objects are passed to preflightCheckForCreate and result in errors + obj1, + { ...obj1, type: MULTI_NAMESPACE_TYPE }, + { ...obj2, type: MULTI_NAMESPACE_TYPE }, + { ...obj3, type: MULTI_NAMESPACE_TYPE }, + obj2, + ]; + const [o1, o2, o3, o4, o5] = objects; + mockPreflightCheckForCreate.mockResolvedValueOnce([ + // first and last objects do not get passed in to preflightCheckForCreate at all + { type: o2.type, id: o2.id!, error: { type: 'conflict' } }, + { + type: o3.type, + id: o3.id!, + error: { type: 'unresolvableConflict', metadata: { isNotOverwritable: true } }, + }, + { + type: o4.type, + id: o4.id!, + error: { type: 'aliasConflict', metadata: { spacesWithConflictingAliases: ['foo'] } }, + }, + ]); + const bulkResponse = getMockBulkCreateResponse([o1, o5]); + client.bulk.mockResponseOnce(bulkResponse); + + const options = { overwrite: true }; + const result = await repository.bulkCreate(objects, options); + expect(mockPreflightCheckForCreate).toHaveBeenCalled(); + expect(mockPreflightCheckForCreate).toHaveBeenCalledWith( + expect.objectContaining({ + objects: [ + { type: o2.type, id: o2.id, overwrite: true, namespaces: ['default'] }, + { type: o3.type, id: o3.id, overwrite: true, namespaces: ['default'] }, + { type: o4.type, id: o4.id, overwrite: true, namespaces: ['default'] }, + ], + }) + ); + expect(client.bulk).toHaveBeenCalled(); + expect(client.bulk).toHaveBeenCalledWith( + expect.objectContaining({ body: [...expectObjArgs(o1), ...expectObjArgs(o5)] }), + expect.anything() + ); + expect(result).toEqual({ + saved_objects: [ + expectSuccess(o1), + expectErrorConflict(o2), + expectErrorConflict(o3, { metadata: { isNotOverwritable: true } }), + expectErrorConflict(o4, { metadata: { spacesWithConflictingAliases: ['foo'] } }), + expectSuccess(o5), + ], + }); + }); + + it(`returns bulk error`, async () => { + const expectedErrorResult = { + type: obj3.type, + id: obj3.id, + error: { error: 'Oh no, a bulk error!' }, + }; + await bulkCreateError(obj3, true, expectedErrorResult); + }); + + it(`returns errors for any bulk objects with invalid schemas`, async () => { + const response = getMockBulkCreateResponse([obj3]); + client.bulk.mockResponseOnce(response); + + const result = await repository.bulkCreate([ + obj3, + // @ts-expect-error - Title should be a string and is intentionally malformed for testing + { ...obj3, id: 'three-again', attributes: { title: 123 } }, + ]); + expect(client.bulk).toHaveBeenCalledTimes(1); // only called once for the valid object + expect(result.saved_objects).toEqual([ + expect.objectContaining(obj3), + expect.objectContaining({ + error: new Error( + '[attributes.title]: expected value of type [string] but got [number]: Bad Request' + ), + id: 'three-again', + type: 'dashboard', + }), + ]); + }); + }); + + describe('migration', () => { + it(`migrates the docs and serializes the migrated docs`, async () => { + migrator.migrateDocument.mockImplementation(mockMigrateDocument); + const modifiedObj1 = { ...obj1, coreMigrationVersion: '8.0.0' }; + await bulkCreateSuccess(client, repository, [modifiedObj1, obj2]); + const docs = [modifiedObj1, obj2].map((x) => ({ ...x, ...mockTimestampFieldsWithCreated })); + expectMigrationArgs(docs[0], true, 1); + expectMigrationArgs(docs[1], true, 2); + + const migratedDocs = docs.map((x) => migrator.migrateDocument(x)); + expect(serializer.savedObjectToRaw).toHaveBeenNthCalledWith(1, migratedDocs[0]); + expect(serializer.savedObjectToRaw).toHaveBeenNthCalledWith(2, migratedDocs[1]); + }); + + it(`adds namespace to body when providing namespace for single-namespace type`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace }); + expectMigrationArgs({ namespace }, true, 1); + expectMigrationArgs({ namespace }, true, 2); + }); + + it(`doesn't add namespace to body when providing no namespace for single-namespace type`, async () => { + await bulkCreateSuccess(client, repository, [obj1, obj2]); + expectMigrationArgs({ namespace: expect.anything() }, false, 1); + expectMigrationArgs({ namespace: expect.anything() }, false, 2); + }); + + it(`doesn't add namespace to body when not using single-namespace type`, async () => { + const objects = [ + { ...obj1, type: NAMESPACE_AGNOSTIC_TYPE }, + { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }, + ]; + await bulkCreateSuccess(client, repository, objects, { namespace }); + expectMigrationArgs({ namespace: expect.anything() }, false, 1); + expectMigrationArgs({ namespace: expect.anything() }, false, 2); + }); + + it(`adds namespaces to body when providing namespace for multi-namespace type`, async () => { + const objects = [obj1, obj2].map((obj) => ({ + ...obj, + type: MULTI_NAMESPACE_ISOLATED_TYPE, + })); + await bulkCreateSuccess(client, repository, objects, { namespace }); + expectMigrationArgs({ namespaces: [namespace] }, true, 1); + expectMigrationArgs({ namespaces: [namespace] }, true, 2); + }); + + it(`adds default namespaces to body when providing no namespace for multi-namespace type`, async () => { + const objects = [obj1, obj2].map((obj) => ({ + ...obj, + type: MULTI_NAMESPACE_ISOLATED_TYPE, + })); + await bulkCreateSuccess(client, repository, objects); + expectMigrationArgs({ namespaces: ['default'] }, true, 1); + expectMigrationArgs({ namespaces: ['default'] }, true, 2); + }); + + it(`doesn't add namespaces to body when not using multi-namespace type`, async () => { + const objects = [obj1, { ...obj2, type: NAMESPACE_AGNOSTIC_TYPE }]; + await bulkCreateSuccess(client, repository, objects); + expectMigrationArgs({ namespaces: expect.anything() }, false, 1); + expectMigrationArgs({ namespaces: expect.anything() }, false, 2); + }); + }); + + describe('returns', () => { + it(`formats the ES response`, async () => { + const result = await bulkCreateSuccess(client, repository, [obj1, obj2]); + expect(result).toEqual({ + saved_objects: [obj1, obj2].map((x) => expectCreateResult(x)), + }); + }); + + it.todo(`should return objects in the same order regardless of type`); + + it(`handles a mix of successful creates and errors`, async () => { + const obj = { + type: 'unknownType', + id: 'three', + attributes: {}, + }; + const objects = [obj1, obj, obj2]; + const response = getMockBulkCreateResponse([obj1, obj2]); + client.bulk.mockResponseOnce(response); + const result = await repository.bulkCreate(objects); + expect(client.bulk).toHaveBeenCalledTimes(1); + expect(result).toEqual({ + saved_objects: [expectCreateResult(obj1), expectError(obj), expectCreateResult(obj2)], + }); + }); + + it(`a deserialized saved object`, async () => { + // Test for fix to https://github.com/elastic/kibana/issues/65088 where + // we returned raw ID's when an object without an id was created. + const namespace = 'myspace'; + // FIXME: this test is based on a gigantic hack to have the bulk operation return the source + // of the document when it actually does not, forcing to cast to any as BulkResponse + // does not contains _source + const response = getMockBulkCreateResponse([obj1, obj2], namespace) as any; + client.bulk.mockResponseOnce(response); + + // Bulk create one object with id unspecified, and one with id specified + const result = await repository.bulkCreate([{ ...obj1, id: undefined }, obj2], { + namespace, + }); + + // Assert that both raw docs from the ES response are deserialized + expect(serializer.rawToSavedObject).toHaveBeenNthCalledWith( + 1, + { + ...response.items[0].create, + _source: { + ...response.items[0].create._source, + namespaces: response.items[0].create._source.namespaces, + coreMigrationVersion: expect.any(String), + typeMigrationVersion: '1.1.1', + }, + _id: expect.stringMatching( + /^myspace:config:[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$/ + ), + }, + expect.any(Object) + ); + expect(serializer.rawToSavedObject).toHaveBeenNthCalledWith( + 2, + { + ...response.items[1].create, + _source: { + ...response.items[1].create._source, + namespaces: response.items[1].create._source.namespaces, + coreMigrationVersion: expect.any(String), + typeMigrationVersion: '1.1.1', + }, + }, + expect.any(Object) + ); + + // Assert that ID's are deserialized to remove the type and namespace + expect(result.saved_objects[0].id).toEqual( + expect.stringMatching(/^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$/) + ); + expect(result.saved_objects[1].id).toEqual(obj2.id); + + // Assert that managed is not changed + expect(result.saved_objects[0].managed).toBeFalsy(); + expect(result.saved_objects[1].managed).toEqual(obj2.managed); + }); + + it(`sets managed=false if not already set`, async () => { + const obj1WithoutManaged = { + type: 'config', + id: '6.0.0-alpha1', + attributes: { title: 'Test One' }, + references: [{ name: 'ref_0', type: 'test', id: '1' }], + }; + const obj2WithoutManaged = { + type: 'index-pattern', + id: 'logstash-*', + attributes: { title: 'Test Two' }, + references: [{ name: 'ref_0', type: 'test', id: '2' }], + }; + const result = await bulkCreateSuccess(client, repository, [ + obj1WithoutManaged, + obj2WithoutManaged, + ]); + expect(result).toEqual({ + saved_objects: [obj1, obj2].map((x) => expectCreateResult(x)), + }); + }); + + it(`sets managed=false only on documents without managed already set`, async () => { + const objWithoutManaged = { + type: 'config', + id: '6.0.0-alpha1', + attributes: { title: 'Test One' }, + references: [{ name: 'ref_0', type: 'test', id: '1' }], + }; + const result = await bulkCreateSuccess(client, repository, [objWithoutManaged, obj2]); + expect(result).toEqual({ + saved_objects: [obj1, obj2].map((x) => expectCreateResult(x)), + }); + }); + + it(`sets managed=true if provided as an override`, async () => { + const obj1WithoutManaged = { + type: 'config', + id: '6.0.0-alpha1', + attributes: { title: 'Test One' }, + references: [{ name: 'ref_0', type: 'test', id: '1' }], + }; + const obj2WithoutManaged = { + type: 'index-pattern', + id: 'logstash-*', + attributes: { title: 'Test Two' }, + references: [{ name: 'ref_0', type: 'test', id: '2' }], + }; + const result = await bulkCreateSuccess( + client, + repository, + [obj1WithoutManaged, obj2WithoutManaged], + { managed: true } + ); + expect(result).toEqual({ + saved_objects: [ + { ...obj1WithoutManaged, managed: true }, + { ...obj2WithoutManaged, managed: true }, + ].map((x) => expectCreateResult(x)), + }); + }); + + it(`sets managed=false if provided as an override`, async () => { + const obj1WithoutManaged = { + type: 'config', + id: '6.0.0-alpha1', + attributes: { title: 'Test One' }, + references: [{ name: 'ref_0', type: 'test', id: '1' }], + }; + const obj2WithoutManaged = { + type: 'index-pattern', + id: 'logstash-*', + attributes: { title: 'Test Two' }, + references: [{ name: 'ref_0', type: 'test', id: '2' }], + }; + const result = await bulkCreateSuccess( + client, + repository, + [obj1WithoutManaged, obj2WithoutManaged], + { managed: false } + ); + expect(result).toEqual({ + saved_objects: [obj1, obj2].map((x) => expectCreateResult(x)), + }); + }); + }); + }); +}); diff --git a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.test.ts b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.test.ts index 1084ad3e589661..3547d653e3de40 100644 --- a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.test.ts +++ b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.test.ts @@ -32,7 +32,6 @@ import type { SavedObjectsIncrementCounterOptions, SavedObjectsCreatePointInTimeFinderDependencies, SavedObjectsCreatePointInTimeFinderOptions, - SavedObjectsBulkCreateObject, SavedObjectsBulkGetObject, SavedObjectsCreateOptions, SavedObjectsDeleteOptions, @@ -86,13 +85,10 @@ import { getMockMgetResponse, type TypeIdTuple, createSpySerializer, - bulkCreateSuccess, - getMockBulkCreateResponse, bulkGet, expectErrorResult, expectErrorInvalidType, expectErrorNotFound, - expectErrorConflict, expectError, generateIndexPatternSearchResults, findSuccess, @@ -105,7 +101,6 @@ import { createUnsupportedTypeErrorPayload, createConflictErrorPayload, createGenericNotFoundErrorPayload, - expectCreateResult, mockTimestampFieldsWithCreated, getMockEsBulkDeleteResponse, bulkDeleteSuccess, @@ -193,917 +188,6 @@ describe('SavedObjectsRepository', () => { references: [{ name: 'search_0', type: 'search', id: '123' }], }); - describe('#bulkCreate', () => { - beforeEach(() => { - mockPreflightCheckForCreate.mockReset(); - mockPreflightCheckForCreate.mockImplementation(({ objects }) => { - return Promise.resolve(objects.map(({ type, id }) => ({ type, id }))); // respond with no errors by default - }); - }); - - const obj1 = { - type: 'config', - id: '6.0.0-alpha1', - attributes: { title: 'Test One' }, - references: [{ name: 'ref_0', type: 'test', id: '1' }], - managed: false, - }; - const obj2 = { - type: 'index-pattern', - id: 'logstash-*', - attributes: { title: 'Test Two' }, - references: [{ name: 'ref_0', type: 'test', id: '2' }], - managed: false, - }; - const namespace = 'foo-namespace'; - - // bulk create calls have two objects for each source -- the action, and the source - const expectClientCallArgsAction = ( - objects: Array<{ type: string; id?: string; if_primary_term?: string; if_seq_no?: string }>, - { - method, - _index = expect.any(String), - getId = () => expect.any(String), - }: { method: string; _index?: string; getId?: (type: string, id?: string) => string } - ) => { - const body = []; - for (const { type, id, if_primary_term: ifPrimaryTerm, if_seq_no: ifSeqNo } of objects) { - body.push({ - [method]: { - _index, - _id: getId(type, id), - ...(ifPrimaryTerm && ifSeqNo - ? { if_primary_term: expect.any(Number), if_seq_no: expect.any(Number) } - : {}), - }, - }); - body.push(expect.any(Object)); - } - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }; - - const expectObjArgs = ( - { - type, - attributes, - references, - }: { type: string; attributes: unknown; references?: SavedObjectReference[] }, - overrides: Record = {} - ) => [ - expect.any(Object), - expect.objectContaining({ - [type]: attributes, - references, - type, - ...overrides, - ...mockTimestampFields, - }), - ]; - describe('client calls', () => { - it(`should use the ES bulk action by default`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2]); - expect(client.bulk).toHaveBeenCalledTimes(1); - }); - - it(`should use the preflightCheckForCreate action before bulk action for any types that are multi-namespace, when id is defined`, async () => { - const objects = [obj1, { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }]; - await bulkCreateSuccess(client, repository, objects); - expect(client.bulk).toHaveBeenCalledTimes(1); - expect(mockPreflightCheckForCreate).toHaveBeenCalledTimes(1); - expect(mockPreflightCheckForCreate).toHaveBeenCalledWith( - expect.objectContaining({ - objects: [ - { - type: MULTI_NAMESPACE_ISOLATED_TYPE, - id: obj2.id, - overwrite: false, - namespaces: ['default'], - }, - ], - }) - ); - }); - - it(`should use the ES create method if ID is undefined and overwrite=true`, async () => { - const objects = [obj1, obj2].map((obj) => ({ ...obj, id: undefined })); - await bulkCreateSuccess(client, repository, objects, { overwrite: true }); - expectClientCallArgsAction(objects, { method: 'create' }); - }); - - it(`should use the ES create method if ID is undefined and overwrite=false`, async () => { - const objects = [obj1, obj2].map((obj) => ({ ...obj, id: undefined })); - await bulkCreateSuccess(client, repository, objects); - expectClientCallArgsAction(objects, { method: 'create' }); - }); - - it(`should use the ES index method if ID is defined and overwrite=true`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2], { overwrite: true }); - expectClientCallArgsAction([obj1, obj2], { method: 'index' }); - }); - - it(`should use the ES index method with version if ID and version are defined and overwrite=true`, async () => { - await bulkCreateSuccess( - client, - repository, - [ - { - ...obj1, - version: mockVersion, - }, - obj2, - ], - { overwrite: true } - ); - - const obj1WithSeq = { - ...obj1, - managed: obj1.managed, - if_seq_no: mockVersionProps._seq_no, - if_primary_term: mockVersionProps._primary_term, - }; - - expectClientCallArgsAction([obj1WithSeq, obj2], { method: 'index' }); - }); - - it(`should use the ES create method if ID is defined and overwrite=false`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2]); - expectClientCallArgsAction([obj1, obj2], { method: 'create' }); - }); - - it(`should use the ES index method if ID is defined, overwrite=true and managed=true in a document`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2], { - overwrite: true, - managed: true, - }); - expectClientCallArgsAction([obj1, obj2], { method: 'index' }); - }); - - it(`should use the ES create method if ID is defined, overwrite=false and managed=true in a document`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2], { managed: true }); - expectClientCallArgsAction([obj1, obj2], { method: 'create' }); - }); - - it(`formats the ES request`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2]); - const body = [...expectObjArgs(obj1), ...expectObjArgs(obj2)]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - // this test only ensures that the client accepts the managed field in a document - it(`formats the ES request with managed=true in a document`, async () => { - const obj1WithManagedTrue = { ...obj1, managed: true }; - const obj2WithManagedTrue = { ...obj2, managed: true }; - await bulkCreateSuccess(client, repository, [obj1WithManagedTrue, obj2WithManagedTrue]); - const body = [...expectObjArgs(obj1WithManagedTrue), ...expectObjArgs(obj2WithManagedTrue)]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - - describe('originId', () => { - it(`returns error if originId is set for non-multi-namespace type`, async () => { - const result = await repository.bulkCreate([ - { ...obj1, originId: 'some-originId' }, - { ...obj2, type: NAMESPACE_AGNOSTIC_TYPE, originId: 'some-originId' }, - ]); - expect(result.saved_objects).toEqual([ - expect.objectContaining({ id: obj1.id, type: obj1.type, error: expect.anything() }), - expect.objectContaining({ - id: obj2.id, - type: NAMESPACE_AGNOSTIC_TYPE, - error: expect.anything(), - }), - ]); - expect(client.bulk).not.toHaveBeenCalled(); - }); - - it(`defaults to no originId`, async () => { - const objects = [ - { ...obj1, type: MULTI_NAMESPACE_TYPE }, - { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }, - ]; - - await bulkCreateSuccess(client, repository, objects); - const expected = expect.not.objectContaining({ originId: expect.anything() }); - const body = [expect.any(Object), expected, expect.any(Object), expected]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - - describe('with existing originId', () => { - beforeEach(() => { - mockPreflightCheckForCreate.mockImplementation(({ objects }) => { - const existingDocument = { - _source: { originId: 'existing-originId' }, - } as SavedObjectsRawDoc; - return Promise.resolve( - objects.map(({ type, id }) => ({ type, id, existingDocument })) - ); - }); - }); - - it(`accepts custom originId for multi-namespace type`, async () => { - // The preflight result has `existing-originId`, but that is discarded - const objects = [ - { ...obj1, type: MULTI_NAMESPACE_TYPE, originId: 'some-originId' }, - { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE, originId: 'some-originId' }, - ]; - await bulkCreateSuccess(client, repository, objects); - const expected = expect.objectContaining({ originId: 'some-originId' }); - const body = [expect.any(Object), expected, expect.any(Object), expected]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - - it(`accepts undefined originId`, async () => { - // The preflight result has `existing-originId`, but that is discarded - const objects = [ - { ...obj1, type: MULTI_NAMESPACE_TYPE, originId: undefined }, - { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE, originId: undefined }, - ]; - await bulkCreateSuccess(client, repository, objects); - const expected = expect.not.objectContaining({ originId: expect.anything() }); - const body = [expect.any(Object), expected, expect.any(Object), expected]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - - it(`preserves existing originId if originId option is not set`, async () => { - const objects = [ - { ...obj1, type: MULTI_NAMESPACE_TYPE }, - { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }, - ]; - await bulkCreateSuccess(client, repository, objects); - const expected = expect.objectContaining({ originId: 'existing-originId' }); - const body = [expect.any(Object), expected, expect.any(Object), expected]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - }); - }); - - it(`adds namespace to request body for any types that are single-namespace`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace }); - const expected = expect.objectContaining({ namespace }); - const body = [expect.any(Object), expected, expect.any(Object), expected]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - - // this only ensures we don't override any other options - it(`adds managed=false to request body if declared for any types that are single-namespace`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace, managed: false }); - const expected = expect.objectContaining({ namespace, managed: false }); - const body = [expect.any(Object), expected, expect.any(Object), expected]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - // this only ensures we don't override any other options - it(`adds managed=true to request body if declared for any types that are single-namespace`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace, managed: true }); - const expected = expect.objectContaining({ namespace, managed: true }); - const body = [expect.any(Object), expected, expect.any(Object), expected]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - - it(`normalizes options.namespace from 'default' to undefined`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace: 'default' }); - const expected = expect.not.objectContaining({ namespace: 'default' }); - const body = [expect.any(Object), expected, expect.any(Object), expected]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - - it(`doesn't add namespace to request body for any types that are not single-namespace`, async () => { - const objects = [ - { ...obj1, type: NAMESPACE_AGNOSTIC_TYPE }, - { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }, - ]; - await bulkCreateSuccess(client, repository, objects, { namespace }); - const expected = expect.not.objectContaining({ namespace: expect.anything() }); - const body = [expect.any(Object), expected, expect.any(Object), expected]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - }); - - it(`adds namespaces to request body for any types that are multi-namespace`, async () => { - const test = async (namespace?: string) => { - const objects = [obj1, obj2].map((x) => ({ ...x, type: MULTI_NAMESPACE_ISOLATED_TYPE })); - const [o1, o2] = objects; - mockPreflightCheckForCreate.mockResolvedValueOnce([ - { type: o1.type, id: o1.id! }, // first object does not have an existing document to overwrite - { - type: o2.type, - id: o2.id!, - existingDocument: { _id: o2.id!, _source: { namespaces: ['*'], type: o2.type } }, // second object does have an existing document to overwrite - }, - ]); - await bulkCreateSuccess(client, repository, objects, { namespace, overwrite: true }); - const expected1 = expect.objectContaining({ namespaces: [namespace ?? 'default'] }); - const expected2 = expect.objectContaining({ namespaces: ['*'] }); - const body = [expect.any(Object), expected1, expect.any(Object), expected2]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - client.bulk.mockClear(); - mockPreflightCheckForCreate.mockReset(); - }; - await test(undefined); - await test(namespace); - }); - - it(`adds initialNamespaces instead of namespace`, async () => { - const test = async (namespace?: string) => { - const ns2 = 'bar-namespace'; - const ns3 = 'baz-namespace'; - const objects = [ - { ...obj1, type: 'dashboard', initialNamespaces: [ns2] }, - { ...obj1, type: MULTI_NAMESPACE_ISOLATED_TYPE, initialNamespaces: [ns2] }, - { ...obj1, type: MULTI_NAMESPACE_TYPE, initialNamespaces: [ns2, ns3] }, - ]; - const [o1, o2, o3] = objects; - mockPreflightCheckForCreate.mockResolvedValueOnce([ - // first object does not get passed in to preflightCheckForCreate at all - { type: o2.type, id: o2.id! }, // second object does not have an existing document to overwrite - { - type: o3.type, - id: o3.id!, - existingDocument: { - _id: o3.id!, - _source: { type: o3.type, namespaces: [namespace ?? 'default', 'something-else'] }, // third object does have an existing document to overwrite - }, - }, - ]); - await bulkCreateSuccess(client, repository, objects, { namespace, overwrite: true }); - const body = [ - { index: expect.objectContaining({ _id: `${ns2}:dashboard:${o1.id}` }) }, - expect.objectContaining({ namespace: ns2 }), - { - index: expect.objectContaining({ - _id: `${MULTI_NAMESPACE_ISOLATED_TYPE}:${o2.id}`, - }), - }, - expect.objectContaining({ namespaces: [ns2] }), - { index: expect.objectContaining({ _id: `${MULTI_NAMESPACE_TYPE}:${o3.id}` }) }, - expect.objectContaining({ namespaces: [ns2, ns3] }), - ]; - expect(mockPreflightCheckForCreate).toHaveBeenCalledWith( - expect.objectContaining({ - objects: [ - // assert that the initialNamespaces fields were passed into preflightCheckForCreate instead of the current namespace - { type: o2.type, id: o2.id, overwrite: true, namespaces: o2.initialNamespaces }, - { type: o3.type, id: o3.id, overwrite: true, namespaces: o3.initialNamespaces }, - ], - }) - ); - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - client.bulk.mockClear(); - mockPreflightCheckForCreate.mockReset(); - }; - await test(undefined); - await test(namespace); - }); - - it(`normalizes initialNamespaces from 'default' to undefined`, async () => { - const test = async (namespace?: string) => { - const objects = [{ ...obj1, type: 'dashboard', initialNamespaces: ['default'] }]; - await bulkCreateSuccess(client, repository, objects, { namespace, overwrite: true }); - const body = [ - { index: expect.objectContaining({ _id: `dashboard:${obj1.id}` }) }, - expect.not.objectContaining({ namespace: 'default' }), - ]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - client.bulk.mockClear(); - }; - await test(undefined); - await test(namespace); - }); - - it(`doesn't add namespaces to request body for any types that are not multi-namespace`, async () => { - const test = async (namespace?: string) => { - const objects = [obj1, { ...obj2, type: NAMESPACE_AGNOSTIC_TYPE }]; - await bulkCreateSuccess(client, repository, objects, { namespace, overwrite: true }); - const expected = expect.not.objectContaining({ namespaces: expect.anything() }); - const body = [expect.any(Object), expected, expect.any(Object), expected]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - client.bulk.mockClear(); - }; - await test(undefined); - await test(namespace); - }); - - it(`defaults to a refresh setting of wait_for`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2]); - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ refresh: 'wait_for' }), - expect.anything() - ); - }); - - it(`should use default index`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2]); - expectClientCallArgsAction([obj1, obj2], { - method: 'create', - _index: '.kibana-test_8.0.0-testing', - }); - }); - - it(`should use custom index`, async () => { - await bulkCreateSuccess( - client, - repository, - [obj1, obj2].map((x) => ({ ...x, type: CUSTOM_INDEX_TYPE })) - ); - expectClientCallArgsAction([obj1, obj2], { - method: 'create', - _index: 'custom_8.0.0-testing', - }); - }); - - it(`prepends namespace to the id when providing namespace for single-namespace type`, async () => { - const getId = (type: string, id: string = '') => `${namespace}:${type}:${id}`; // test that the raw document ID equals this (e.g., has a namespace prefix) - await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace }); - expectClientCallArgsAction([obj1, obj2], { method: 'create', getId }); - }); - - it(`doesn't prepend namespace to the id when providing no namespace for single-namespace type`, async () => { - const getId = (type: string, id: string = '') => `${type}:${id}`; // test that the raw document ID equals this (e.g., does not have a namespace prefix) - await bulkCreateSuccess(client, repository, [obj1, obj2]); - expectClientCallArgsAction([obj1, obj2], { method: 'create', getId }); - }); - - it(`doesn't prepend namespace to the id when not using single-namespace type`, async () => { - const getId = (type: string, id: string = '') => `${type}:${id}`; // test that the raw document ID equals this (e.g., does not have a namespace prefix) - const objects = [ - { ...obj1, type: NAMESPACE_AGNOSTIC_TYPE }, - { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }, - ]; - await bulkCreateSuccess(client, repository, objects, { namespace }); - expectClientCallArgsAction(objects, { method: 'create', getId }); - }); - }); - - describe('errors', () => { - afterEach(() => { - mockGetBulkOperationError.mockReset(); - }); - - const obj3 = { - type: 'dashboard', - id: 'three', - attributes: { title: 'Test Three' }, - references: [{ name: 'ref_0', type: 'test', id: '2' }], - }; - - const bulkCreateError = async ( - obj: SavedObjectsBulkCreateObject, - isBulkError: boolean | undefined, - expectedErrorResult: ExpectedErrorResult - ) => { - let response; - if (isBulkError) { - // mock the bulk error for only the second object - mockGetBulkOperationError.mockReturnValueOnce(undefined); - mockGetBulkOperationError.mockReturnValueOnce(expectedErrorResult.error as Payload); - response = getMockBulkCreateResponse([obj1, obj, obj2]); - } else { - response = getMockBulkCreateResponse([obj1, obj2]); - } - client.bulk.mockResponseOnce(response); - - const objects = [obj1, obj, obj2]; - const result = await repository.bulkCreate(objects); - expect(client.bulk).toHaveBeenCalled(); - const objCall = isBulkError ? expectObjArgs(obj) : []; - const body = [...expectObjArgs(obj1), ...objCall, ...expectObjArgs(obj2)]; - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body }), - expect.anything() - ); - expect(result).toEqual({ - saved_objects: [expectSuccess(obj1), expectedErrorResult, expectSuccess(obj2)], - }); - }; - - it(`throws when options.namespace is '*'`, async () => { - await expect( - repository.bulkCreate([obj3], { namespace: ALL_NAMESPACES_STRING }) - ).rejects.toThrowError(createBadRequestErrorPayload('"options.namespace" cannot be "*"')); - }); - - it(`returns error when initialNamespaces is used with a space-agnostic object`, async () => { - const obj = { ...obj3, type: NAMESPACE_AGNOSTIC_TYPE, initialNamespaces: [] }; - await bulkCreateError( - obj, - undefined, - expectErrorResult( - obj, - createBadRequestErrorPayload( - '"initialNamespaces" cannot be used on space-agnostic types' - ) - ) - ); - }); - - it(`returns error when initialNamespaces is empty`, async () => { - const obj = { ...obj3, type: MULTI_NAMESPACE_TYPE, initialNamespaces: [] }; - await bulkCreateError( - obj, - undefined, - expectErrorResult( - obj, - createBadRequestErrorPayload('"initialNamespaces" must be a non-empty array of strings') - ) - ); - }); - - it(`returns error when initialNamespaces is used with a space-isolated object and does not specify a single space`, async () => { - const doTest = async (objType: string, initialNamespaces: string[]) => { - const obj = { ...obj3, type: objType, initialNamespaces }; - await bulkCreateError( - obj, - undefined, - expectErrorResult( - obj, - createBadRequestErrorPayload( - '"initialNamespaces" can only specify a single space when used with space-isolated types' - ) - ) - ); - }; - await doTest('dashboard', ['spacex', 'spacey']); - await doTest('dashboard', ['*']); - await doTest(MULTI_NAMESPACE_ISOLATED_TYPE, ['spacex', 'spacey']); - await doTest(MULTI_NAMESPACE_ISOLATED_TYPE, ['*']); - }); - - it(`returns error when type is invalid`, async () => { - const obj = { ...obj3, type: 'unknownType' }; - await bulkCreateError(obj, undefined, expectErrorInvalidType(obj)); - }); - - it(`returns error when type is hidden`, async () => { - const obj = { ...obj3, type: HIDDEN_TYPE }; - await bulkCreateError(obj, undefined, expectErrorInvalidType(obj)); - }); - - it(`returns error when there is a conflict from preflightCheckForCreate`, async () => { - const objects = [ - // only the second, third, and fourth objects are passed to preflightCheckForCreate and result in errors - obj1, - { ...obj1, type: MULTI_NAMESPACE_TYPE }, - { ...obj2, type: MULTI_NAMESPACE_TYPE }, - { ...obj3, type: MULTI_NAMESPACE_TYPE }, - obj2, - ]; - const [o1, o2, o3, o4, o5] = objects; - mockPreflightCheckForCreate.mockResolvedValueOnce([ - // first and last objects do not get passed in to preflightCheckForCreate at all - { type: o2.type, id: o2.id!, error: { type: 'conflict' } }, - { - type: o3.type, - id: o3.id!, - error: { type: 'unresolvableConflict', metadata: { isNotOverwritable: true } }, - }, - { - type: o4.type, - id: o4.id!, - error: { type: 'aliasConflict', metadata: { spacesWithConflictingAliases: ['foo'] } }, - }, - ]); - const bulkResponse = getMockBulkCreateResponse([o1, o5]); - client.bulk.mockResponseOnce(bulkResponse); - - const options = { overwrite: true }; - const result = await repository.bulkCreate(objects, options); - expect(mockPreflightCheckForCreate).toHaveBeenCalled(); - expect(mockPreflightCheckForCreate).toHaveBeenCalledWith( - expect.objectContaining({ - objects: [ - { type: o2.type, id: o2.id, overwrite: true, namespaces: ['default'] }, - { type: o3.type, id: o3.id, overwrite: true, namespaces: ['default'] }, - { type: o4.type, id: o4.id, overwrite: true, namespaces: ['default'] }, - ], - }) - ); - expect(client.bulk).toHaveBeenCalled(); - expect(client.bulk).toHaveBeenCalledWith( - expect.objectContaining({ body: [...expectObjArgs(o1), ...expectObjArgs(o5)] }), - expect.anything() - ); - expect(result).toEqual({ - saved_objects: [ - expectSuccess(o1), - expectErrorConflict(o2), - expectErrorConflict(o3, { metadata: { isNotOverwritable: true } }), - expectErrorConflict(o4, { metadata: { spacesWithConflictingAliases: ['foo'] } }), - expectSuccess(o5), - ], - }); - }); - - it(`returns bulk error`, async () => { - const expectedErrorResult = { - type: obj3.type, - id: obj3.id, - error: { error: 'Oh no, a bulk error!' }, - }; - await bulkCreateError(obj3, true, expectedErrorResult); - }); - - it(`returns errors for any bulk objects with invalid schemas`, async () => { - const response = getMockBulkCreateResponse([obj3]); - client.bulk.mockResponseOnce(response); - - const result = await repository.bulkCreate([ - obj3, - // @ts-expect-error - Title should be a string and is intentionally malformed for testing - { ...obj3, id: 'three-again', attributes: { title: 123 } }, - ]); - expect(client.bulk).toHaveBeenCalledTimes(1); // only called once for the valid object - expect(result.saved_objects).toEqual([ - expect.objectContaining(obj3), - expect.objectContaining({ - error: new Error( - '[attributes.title]: expected value of type [string] but got [number]: Bad Request' - ), - id: 'three-again', - type: 'dashboard', - }), - ]); - }); - }); - - describe('migration', () => { - it(`migrates the docs and serializes the migrated docs`, async () => { - migrator.migrateDocument.mockImplementation(mockMigrateDocument); - const modifiedObj1 = { ...obj1, coreMigrationVersion: '8.0.0' }; - await bulkCreateSuccess(client, repository, [modifiedObj1, obj2]); - const docs = [modifiedObj1, obj2].map((x) => ({ ...x, ...mockTimestampFieldsWithCreated })); - expectMigrationArgs(docs[0], true, 1); - expectMigrationArgs(docs[1], true, 2); - - const migratedDocs = docs.map((x) => migrator.migrateDocument(x)); - expect(serializer.savedObjectToRaw).toHaveBeenNthCalledWith(1, migratedDocs[0]); - expect(serializer.savedObjectToRaw).toHaveBeenNthCalledWith(2, migratedDocs[1]); - }); - - it(`adds namespace to body when providing namespace for single-namespace type`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2], { namespace }); - expectMigrationArgs({ namespace }, true, 1); - expectMigrationArgs({ namespace }, true, 2); - }); - - it(`doesn't add namespace to body when providing no namespace for single-namespace type`, async () => { - await bulkCreateSuccess(client, repository, [obj1, obj2]); - expectMigrationArgs({ namespace: expect.anything() }, false, 1); - expectMigrationArgs({ namespace: expect.anything() }, false, 2); - }); - - it(`doesn't add namespace to body when not using single-namespace type`, async () => { - const objects = [ - { ...obj1, type: NAMESPACE_AGNOSTIC_TYPE }, - { ...obj2, type: MULTI_NAMESPACE_ISOLATED_TYPE }, - ]; - await bulkCreateSuccess(client, repository, objects, { namespace }); - expectMigrationArgs({ namespace: expect.anything() }, false, 1); - expectMigrationArgs({ namespace: expect.anything() }, false, 2); - }); - - it(`adds namespaces to body when providing namespace for multi-namespace type`, async () => { - const objects = [obj1, obj2].map((obj) => ({ - ...obj, - type: MULTI_NAMESPACE_ISOLATED_TYPE, - })); - await bulkCreateSuccess(client, repository, objects, { namespace }); - expectMigrationArgs({ namespaces: [namespace] }, true, 1); - expectMigrationArgs({ namespaces: [namespace] }, true, 2); - }); - - it(`adds default namespaces to body when providing no namespace for multi-namespace type`, async () => { - const objects = [obj1, obj2].map((obj) => ({ - ...obj, - type: MULTI_NAMESPACE_ISOLATED_TYPE, - })); - await bulkCreateSuccess(client, repository, objects); - expectMigrationArgs({ namespaces: ['default'] }, true, 1); - expectMigrationArgs({ namespaces: ['default'] }, true, 2); - }); - - it(`doesn't add namespaces to body when not using multi-namespace type`, async () => { - const objects = [obj1, { ...obj2, type: NAMESPACE_AGNOSTIC_TYPE }]; - await bulkCreateSuccess(client, repository, objects); - expectMigrationArgs({ namespaces: expect.anything() }, false, 1); - expectMigrationArgs({ namespaces: expect.anything() }, false, 2); - }); - }); - - describe('returns', () => { - it(`formats the ES response`, async () => { - const result = await bulkCreateSuccess(client, repository, [obj1, obj2]); - expect(result).toEqual({ - saved_objects: [obj1, obj2].map((x) => expectCreateResult(x)), - }); - }); - - it.todo(`should return objects in the same order regardless of type`); - - it(`handles a mix of successful creates and errors`, async () => { - const obj = { - type: 'unknownType', - id: 'three', - attributes: {}, - }; - const objects = [obj1, obj, obj2]; - const response = getMockBulkCreateResponse([obj1, obj2]); - client.bulk.mockResponseOnce(response); - const result = await repository.bulkCreate(objects); - expect(client.bulk).toHaveBeenCalledTimes(1); - expect(result).toEqual({ - saved_objects: [expectCreateResult(obj1), expectError(obj), expectCreateResult(obj2)], - }); - }); - - it(`a deserialized saved object`, async () => { - // Test for fix to https://github.com/elastic/kibana/issues/65088 where - // we returned raw ID's when an object without an id was created. - const namespace = 'myspace'; - // FIXME: this test is based on a gigantic hack to have the bulk operation return the source - // of the document when it actually does not, forcing to cast to any as BulkResponse - // does not contains _source - const response = getMockBulkCreateResponse([obj1, obj2], namespace) as any; - client.bulk.mockResponseOnce(response); - - // Bulk create one object with id unspecified, and one with id specified - const result = await repository.bulkCreate([{ ...obj1, id: undefined }, obj2], { - namespace, - }); - - // Assert that both raw docs from the ES response are deserialized - expect(serializer.rawToSavedObject).toHaveBeenNthCalledWith( - 1, - { - ...response.items[0].create, - _source: { - ...response.items[0].create._source, - namespaces: response.items[0].create._source.namespaces, - coreMigrationVersion: expect.any(String), - typeMigrationVersion: '1.1.1', - }, - _id: expect.stringMatching( - /^myspace:config:[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$/ - ), - }, - expect.any(Object) - ); - expect(serializer.rawToSavedObject).toHaveBeenNthCalledWith( - 2, - { - ...response.items[1].create, - _source: { - ...response.items[1].create._source, - namespaces: response.items[1].create._source.namespaces, - coreMigrationVersion: expect.any(String), - typeMigrationVersion: '1.1.1', - }, - }, - expect.any(Object) - ); - - // Assert that ID's are deserialized to remove the type and namespace - expect(result.saved_objects[0].id).toEqual( - expect.stringMatching(/^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$/) - ); - expect(result.saved_objects[1].id).toEqual(obj2.id); - - // Assert that managed is not changed - expect(result.saved_objects[0].managed).toBeFalsy(); - expect(result.saved_objects[1].managed).toEqual(obj2.managed); - }); - - it(`sets managed=false if not already set`, async () => { - const obj1WithoutManaged = { - type: 'config', - id: '6.0.0-alpha1', - attributes: { title: 'Test One' }, - references: [{ name: 'ref_0', type: 'test', id: '1' }], - }; - const obj2WithoutManaged = { - type: 'index-pattern', - id: 'logstash-*', - attributes: { title: 'Test Two' }, - references: [{ name: 'ref_0', type: 'test', id: '2' }], - }; - const result = await bulkCreateSuccess(client, repository, [ - obj1WithoutManaged, - obj2WithoutManaged, - ]); - expect(result).toEqual({ - saved_objects: [obj1, obj2].map((x) => expectCreateResult(x)), - }); - }); - - it(`sets managed=false only on documents without managed already set`, async () => { - const objWithoutManaged = { - type: 'config', - id: '6.0.0-alpha1', - attributes: { title: 'Test One' }, - references: [{ name: 'ref_0', type: 'test', id: '1' }], - }; - const result = await bulkCreateSuccess(client, repository, [objWithoutManaged, obj2]); - expect(result).toEqual({ - saved_objects: [obj1, obj2].map((x) => expectCreateResult(x)), - }); - }); - - it(`sets managed=true if provided as an override`, async () => { - const obj1WithoutManaged = { - type: 'config', - id: '6.0.0-alpha1', - attributes: { title: 'Test One' }, - references: [{ name: 'ref_0', type: 'test', id: '1' }], - }; - const obj2WithoutManaged = { - type: 'index-pattern', - id: 'logstash-*', - attributes: { title: 'Test Two' }, - references: [{ name: 'ref_0', type: 'test', id: '2' }], - }; - const result = await bulkCreateSuccess( - client, - repository, - [obj1WithoutManaged, obj2WithoutManaged], - { managed: true } - ); - expect(result).toEqual({ - saved_objects: [ - { ...obj1WithoutManaged, managed: true }, - { ...obj2WithoutManaged, managed: true }, - ].map((x) => expectCreateResult(x)), - }); - }); - - it(`sets managed=false if provided as an override`, async () => { - const obj1WithoutManaged = { - type: 'config', - id: '6.0.0-alpha1', - attributes: { title: 'Test One' }, - references: [{ name: 'ref_0', type: 'test', id: '1' }], - }; - const obj2WithoutManaged = { - type: 'index-pattern', - id: 'logstash-*', - attributes: { title: 'Test Two' }, - references: [{ name: 'ref_0', type: 'test', id: '2' }], - }; - const result = await bulkCreateSuccess( - client, - repository, - [obj1WithoutManaged, obj2WithoutManaged], - { managed: false } - ); - expect(result).toEqual({ - saved_objects: [obj1, obj2].map((x) => expectCreateResult(x)), - }); - }); - }); - }); - describe('#bulkGet', () => { const obj1: SavedObject = { type: 'config', diff --git a/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts b/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts index 8a1476cd58277f..3453bee1d7369c 100644 --- a/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts +++ b/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts @@ -22,6 +22,7 @@ export type LogDocument = Fields & 'log.level'?: string; 'host.name'?: string; 'trace.id'?: string; + 'agent.id'?: string; 'agent.name'?: string; 'orchestrator.cluster.name'?: string; 'orchestrator.cluster.id'?: string; diff --git a/packages/kbn-apm-synthtrace/src/scenarios/trace_with_orphan_items.ts b/packages/kbn-apm-synthtrace/src/scenarios/trace_with_orphan_items.ts new file mode 100644 index 00000000000000..ca853f9e735497 --- /dev/null +++ b/packages/kbn-apm-synthtrace/src/scenarios/trace_with_orphan_items.ts @@ -0,0 +1,153 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { apm, ApmFields, httpExitSpan, Serializable } from '@kbn/apm-synthtrace-client'; +import { Readable } from 'stream'; +import { Scenario } from '../cli/scenario'; + +import { RunOptions } from '../cli/utils/parse_run_cli_flags'; +import { getSynthtraceEnvironment } from '../lib/utils/get_synthtrace_environment'; +import { withClient } from '../lib/utils/with_client'; + +const ENVIRONMENT = getSynthtraceEnvironment(__filename); + +const scenario: Scenario = async (runOptions: RunOptions) => { + return { + generate: ({ range, clients: { apmEsClient } }) => { + const transactionName = 'trace with orphans'; + const successfulTimestamps = range.interval('1s').rate(3); + + const synthRum = apm + .service({ name: 'synth-rum', environment: ENVIRONMENT, agentName: 'rum-js' }) + .instance('my-instance'); + const synthNode = apm + .service({ name: 'synth-node', environment: ENVIRONMENT, agentName: 'nodejs' }) + .instance('my-instance'); + const synthGo = apm + .service({ name: 'synth-go', environment: ENVIRONMENT, agentName: 'go' }) + .instance('my-instance'); + + const traces = successfulTimestamps.generator((timestamp) => { + // synth-rum + return synthGo + .transaction({ transactionName }) + .duration(400) + .timestamp(timestamp) + .children( + // synth-rum -> synth-node + synthRum + .span( + httpExitSpan({ + spanName: 'GET /api/products/top', + destinationUrl: 'http://synth-node:3000', + }) + ) + .duration(300) + .timestamp(timestamp) + .children( + synthRum + .transaction({ transactionName: 'Child Transaction' }) + .timestamp(timestamp) + .duration(200) + .children( + synthGo + .span({ spanName: 'custom_operation', spanType: 'custom' }) + .timestamp(timestamp) + .duration(100) + .success() + ), + // synth-node + synthNode + .transaction({ transactionName: 'Initial transaction in synth-node' }) + .duration(300) + .timestamp(timestamp) + .children( + synthNode + // synth-node -> synth-go + .span( + httpExitSpan({ + spanName: 'GET synth-go:3000', + destinationUrl: 'http://synth-go:3000', + }) + ) + .timestamp(timestamp) + .duration(400) + + .children( + // synth-go + synthGo + .transaction({ transactionName: 'Child Transaction' }) + .timestamp(timestamp) + .duration(200) + .children( + synthGo + .span({ spanName: 'custom_operation', spanType: 'custom' }) + .timestamp(timestamp) + .duration(100) + .success(), + synthGo + .span({ spanName: 'custom_new_operation', spanType: 'custom' }) + .timestamp(timestamp) + .duration(100) + .success() + ) + ) + ) + ) + ); + }); + + const successfulTraceEvents = Array.from( + successfulTimestamps.generator((timestamp) => + synthNode + .transaction({ transactionName: 'successful trace' }) + .timestamp(timestamp) + .duration(1000) + .success() + .children( + synthNode + .span({ + spanName: 'GET apm-*/_search', + spanType: 'db', + spanSubtype: 'elasticsearch', + }) + .duration(1000) + .success() + .destination('elasticsearch') + .timestamp(timestamp), + synthNode + .span({ spanName: 'custom_operation', spanType: 'custom' }) + .duration(100) + .success() + .timestamp(timestamp) + ) + ) + ); + + const unserialized = Array.from(traces); + + const serialized = unserialized + .flatMap((event) => event.serialize()) + .filter((trace) => trace['transaction.name'] !== 'Child Transaction'); + + const unserializedChanged = serialized.map((event) => ({ + fields: event, + serialize: () => { + return [event]; + }, + })) as Array>; + + return withClient( + apmEsClient, + Readable.from([...unserializedChanged, ...successfulTraceEvents]) + ); + }, + }; +}; + +export default scenario; diff --git a/packages/kbn-cell-actions/constants.ts b/packages/kbn-cell-actions/constants.ts new file mode 100644 index 00000000000000..c78869a471cb0e --- /dev/null +++ b/packages/kbn-cell-actions/constants.ts @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +export * from './src/constants'; diff --git a/packages/kbn-cell-actions/src/index.ts b/packages/kbn-cell-actions/src/index.ts index dfd1d83937c0f4..4e478baec441fa 100644 --- a/packages/kbn-cell-actions/src/index.ts +++ b/packages/kbn-cell-actions/src/index.ts @@ -20,7 +20,7 @@ export type { export type { UseDataGridColumnsCellActions, UseDataGridColumnsCellActionsProps } from './hooks'; // Constants -export { CellActionsMode, FILTER_CELL_ACTION_TYPE, COPY_CELL_ACTION_TYPE } from './constants'; +export { CellActionsMode } from './constants'; // Components and hooks export { CellActionsProvider } from './context'; diff --git a/packages/kbn-custom-icons/.storybook/main.js b/packages/kbn-custom-icons/.storybook/main.js new file mode 100644 index 00000000000000..8dc3c5d1518f4d --- /dev/null +++ b/packages/kbn-custom-icons/.storybook/main.js @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = require('@kbn/storybook').defaultConfig; diff --git a/packages/kbn-custom-icons/README.md b/packages/kbn-custom-icons/README.md new file mode 100644 index 00000000000000..ec48e8b8558cba --- /dev/null +++ b/packages/kbn-custom-icons/README.md @@ -0,0 +1,29 @@ +# @kbn/custom-icons + +A utility package, `@kbn/custom-icons`, that provides components for rendering icons related to Elastic Agents, Cloud Providers and more. + +## Components + +### `` + +```jsx + +``` + +This component renders an icon corresponding to the specified Elastic Agent name (`agentName`). + +#### Props + +- **`agentName`**: The name of the Elastic Agent for which the icon should be rendered. + +### `` + +```jsx + +``` + +This component renders an icon associated with the specified Cloud Provider (`cloudProvider`). + +#### Props + +- **`cloudProvider`**: The name of the Cloud Provider for which the icon should be rendered. diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/android.svg b/packages/kbn-custom-icons/assets/android.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/android.svg rename to packages/kbn-custom-icons/assets/android.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/cpp.svg b/packages/kbn-custom-icons/assets/cpp.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/cpp.svg rename to packages/kbn-custom-icons/assets/cpp.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/cpp_dark.svg b/packages/kbn-custom-icons/assets/cpp_dark.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/cpp_dark.svg rename to packages/kbn-custom-icons/assets/cpp_dark.svg diff --git a/packages/kbn-custom-icons/assets/default.svg b/packages/kbn-custom-icons/assets/default.svg new file mode 100644 index 00000000000000..08bc5331e083b0 --- /dev/null +++ b/packages/kbn-custom-icons/assets/default.svg @@ -0,0 +1,3 @@ + + + diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/dot_net.svg b/packages/kbn-custom-icons/assets/dot_net.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/dot_net.svg rename to packages/kbn-custom-icons/assets/dot_net.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/erlang.svg b/packages/kbn-custom-icons/assets/erlang.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/erlang.svg rename to packages/kbn-custom-icons/assets/erlang.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/erlang_dark.svg b/packages/kbn-custom-icons/assets/erlang_dark.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/erlang_dark.svg rename to packages/kbn-custom-icons/assets/erlang_dark.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/functions.svg b/packages/kbn-custom-icons/assets/functions.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/functions.svg rename to packages/kbn-custom-icons/assets/functions.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/go.svg b/packages/kbn-custom-icons/assets/go.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/go.svg rename to packages/kbn-custom-icons/assets/go.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/ios.svg b/packages/kbn-custom-icons/assets/ios.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/ios.svg rename to packages/kbn-custom-icons/assets/ios.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/ios_dark.svg b/packages/kbn-custom-icons/assets/ios_dark.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/ios_dark.svg rename to packages/kbn-custom-icons/assets/ios_dark.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/java.svg b/packages/kbn-custom-icons/assets/java.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/java.svg rename to packages/kbn-custom-icons/assets/java.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/lambda.svg b/packages/kbn-custom-icons/assets/lambda.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/lambda.svg rename to packages/kbn-custom-icons/assets/lambda.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/nodejs.svg b/packages/kbn-custom-icons/assets/nodejs.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/nodejs.svg rename to packages/kbn-custom-icons/assets/nodejs.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/ocaml.svg b/packages/kbn-custom-icons/assets/ocaml.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/ocaml.svg rename to packages/kbn-custom-icons/assets/ocaml.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/opentelemetry.svg b/packages/kbn-custom-icons/assets/opentelemetry.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/opentelemetry.svg rename to packages/kbn-custom-icons/assets/opentelemetry.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/otel_default.svg b/packages/kbn-custom-icons/assets/otel_default.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/otel_default.svg rename to packages/kbn-custom-icons/assets/otel_default.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/php.svg b/packages/kbn-custom-icons/assets/php.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/php.svg rename to packages/kbn-custom-icons/assets/php.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/php_dark.svg b/packages/kbn-custom-icons/assets/php_dark.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/php_dark.svg rename to packages/kbn-custom-icons/assets/php_dark.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/python.svg b/packages/kbn-custom-icons/assets/python.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/python.svg rename to packages/kbn-custom-icons/assets/python.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/ruby.svg b/packages/kbn-custom-icons/assets/ruby.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/ruby.svg rename to packages/kbn-custom-icons/assets/ruby.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/rumjs.svg b/packages/kbn-custom-icons/assets/rumjs.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/rumjs.svg rename to packages/kbn-custom-icons/assets/rumjs.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/rumjs_dark.svg b/packages/kbn-custom-icons/assets/rumjs_dark.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/rumjs_dark.svg rename to packages/kbn-custom-icons/assets/rumjs_dark.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/rust.svg b/packages/kbn-custom-icons/assets/rust.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/rust.svg rename to packages/kbn-custom-icons/assets/rust.svg diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/icons/rust_dark.svg b/packages/kbn-custom-icons/assets/rust_dark.svg similarity index 100% rename from x-pack/plugins/apm/public/components/shared/agent_icon/icons/rust_dark.svg rename to packages/kbn-custom-icons/assets/rust_dark.svg diff --git a/packages/kbn-custom-icons/index.ts b/packages/kbn-custom-icons/index.ts new file mode 100644 index 00000000000000..d6bc468b665247 --- /dev/null +++ b/packages/kbn-custom-icons/index.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ +export { getAgentIcon } from './src/components/agent_icon/get_agent_icon'; +export { getServerlessIcon } from './src/components/agent_icon/get_serverless_icon'; +export { AgentIcon } from './src/components/agent_icon'; +export type { AgentIconProps } from './src/components/agent_icon'; + +export { getCloudProviderIcon } from './src/components/cloud_provider_icon/get_cloud_provider_icon'; +export type { CloudProvider } from './src/components/cloud_provider_icon/get_cloud_provider_icon'; +export { CloudProviderIcon } from './src/components/cloud_provider_icon'; +export type { CloudProviderIconProps } from './src/components/cloud_provider_icon'; diff --git a/packages/kbn-custom-icons/jest.config.js b/packages/kbn-custom-icons/jest.config.js new file mode 100644 index 00000000000000..518564ce1dbbdb --- /dev/null +++ b/packages/kbn-custom-icons/jest.config.js @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../..', + roots: ['/packages/kbn-custom-icons'], +}; diff --git a/packages/kbn-custom-icons/kibana.jsonc b/packages/kbn-custom-icons/kibana.jsonc new file mode 100644 index 00000000000000..7bd9eaa57e8714 --- /dev/null +++ b/packages/kbn-custom-icons/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-common", + "id": "@kbn/custom-icons", + "owner": "@elastic/obs-ux-logs-team" +} diff --git a/packages/kbn-custom-icons/package.json b/packages/kbn-custom-icons/package.json new file mode 100644 index 00000000000000..d6952600c0afd5 --- /dev/null +++ b/packages/kbn-custom-icons/package.json @@ -0,0 +1,7 @@ +{ + "name": "@kbn/custom-icons", + "private": true, + "version": "1.0.0", + "license": "SSPL-1.0 OR Elastic License 2.0", + "sideEffects": false +} \ No newline at end of file diff --git a/packages/kbn-custom-icons/src/components/agent_icon/agent_icon.stories.tsx b/packages/kbn-custom-icons/src/components/agent_icon/agent_icon.stories.tsx new file mode 100644 index 00000000000000..45ba59137a6c2b --- /dev/null +++ b/packages/kbn-custom-icons/src/components/agent_icon/agent_icon.stories.tsx @@ -0,0 +1,53 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { EuiCard, EuiFlexGroup, EuiFlexItem, EuiImage, EuiToolTip } from '@elastic/eui'; +import type { Story } from '@storybook/react'; +import React from 'react'; +import { AGENT_NAMES } from '@kbn/elastic-agent-utils'; +import { EuiThemeProvider } from '@kbn/kibana-react-plugin/common'; +import { getAgentIcon } from './get_agent_icon'; +import { AgentIcon } from '.'; + +export default { + title: 'Custom Icons/AgentIcon', + component: AgentIcon, +}; + +export const List: Story = () => { + return ( + + + {AGENT_NAMES.map((agentName) => { + return ( + + + + + } + title={agentName} + description={ + + + + } + /> + + ); + })} + + + ); +}; diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/get_agent_icon.test.ts b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.test.ts similarity index 86% rename from x-pack/plugins/apm/public/components/shared/agent_icon/get_agent_icon.test.ts rename to packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.test.ts index aac5fc19ca37b9..58dff1afb1095b 100644 --- a/x-pack/plugins/apm/public/components/shared/agent_icon/get_agent_icon.test.ts +++ b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.test.ts @@ -1,8 +1,9 @@ /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. */ import { getAgentIconKey } from './get_agent_icon'; diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/get_agent_icon.ts b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts similarity index 53% rename from x-pack/plugins/apm/public/components/shared/agent_icon/get_agent_icon.ts rename to packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts index 04bc276dcfa65c..7c37f1a86a0563 100644 --- a/x-pack/plugins/apm/public/components/shared/agent_icon/get_agent_icon.ts +++ b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts @@ -1,40 +1,40 @@ /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. */ - import { + isAndroidAgentName, isIosAgentName, - isRumAgentName, isJavaAgentName, - isAndroidAgentName, + isRumAgentName, + OpenTelemetryAgentName, OPEN_TELEMETRY_AGENT_NAMES, -} from '../../../../common/agent_name'; -import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent'; -import defaultIcon from '../span_icon/icons/default.svg'; -import cppIcon from './icons/cpp.svg'; -import darkCppIcon from './icons/cpp_dark.svg'; -import dotNetIcon from './icons/dot_net.svg'; -import erlangIcon from './icons/erlang.svg'; -import darkErlangIcon from './icons/erlang_dark.svg'; -import goIcon from './icons/go.svg'; -import iosIcon from './icons/ios.svg'; -import darkIosIcon from './icons/ios_dark.svg'; -import javaIcon from './icons/java.svg'; -import nodeJsIcon from './icons/nodejs.svg'; -import ocamlIcon from './icons/ocaml.svg'; -import openTelemetryIcon from './icons/otel_default.svg'; -import phpIcon from './icons/php.svg'; -import pythonIcon from './icons/python.svg'; -import rubyIcon from './icons/ruby.svg'; -import rumJsIcon from './icons/rumjs.svg'; -import darkPhpIcon from './icons/php_dark.svg'; -import darkRumJsIcon from './icons/rumjs_dark.svg'; -import rustIcon from './icons/rust.svg'; -import darkRustIcon from './icons/rust_dark.svg'; -import androidIcon from './icons/android.svg'; +} from '@kbn/elastic-agent-utils'; +import defaultIcon from '../../../assets/default.svg'; +import cppIcon from '../../../assets/cpp.svg'; +import darkCppIcon from '../../../assets/cpp_dark.svg'; +import dotNetIcon from '../../../assets/dot_net.svg'; +import erlangIcon from '../../../assets/erlang.svg'; +import darkErlangIcon from '../../../assets/erlang_dark.svg'; +import goIcon from '../../../assets/go.svg'; +import iosIcon from '../../../assets/ios.svg'; +import darkIosIcon from '../../../assets/ios_dark.svg'; +import javaIcon from '../../../assets/java.svg'; +import nodeJsIcon from '../../../assets/nodejs.svg'; +import ocamlIcon from '../../../assets/ocaml.svg'; +import openTelemetryIcon from '../../../assets/otel_default.svg'; +import phpIcon from '../../../assets/php.svg'; +import pythonIcon from '../../../assets/python.svg'; +import rubyIcon from '../../../assets/ruby.svg'; +import rumJsIcon from '../../../assets/rumjs.svg'; +import darkPhpIcon from '../../../assets/php_dark.svg'; +import darkRumJsIcon from '../../../assets/rumjs_dark.svg'; +import rustIcon from '../../../assets/rust.svg'; +import darkRustIcon from '../../../assets/rust_dark.svg'; +import androidIcon from '../../../assets/android.svg'; const agentIcons: { [key: string]: string } = { cpp: cppIcon, @@ -89,25 +89,19 @@ export function getAgentIconKey(agentName: string) { } // Remove "opentelemetry/" prefix - const agentNameWithoutPrefix = lowercasedAgentName.replace( - /^opentelemetry\//, - '' - ); + const agentNameWithoutPrefix = lowercasedAgentName.replace(/^opentelemetry\//, ''); if (Object.keys(agentIcons).includes(agentNameWithoutPrefix)) { return agentNameWithoutPrefix; } // OpenTelemetry-only agents - if (OPEN_TELEMETRY_AGENT_NAMES.includes(lowercasedAgentName as AgentName)) { + if (OPEN_TELEMETRY_AGENT_NAMES.includes(lowercasedAgentName as OpenTelemetryAgentName)) { return 'opentelemetry'; } } -export function getAgentIcon( - agentName: string | undefined, - isDarkMode: boolean -) { +export function getAgentIcon(agentName: string | undefined, isDarkMode: boolean = false) { const key = agentName && getAgentIconKey(agentName); if (!key) { return defaultIcon; diff --git a/packages/kbn-custom-icons/src/components/agent_icon/get_serverless_icon.ts b/packages/kbn-custom-icons/src/components/agent_icon/get_serverless_icon.ts new file mode 100644 index 00000000000000..26268d3c7dce19 --- /dev/null +++ b/packages/kbn-custom-icons/src/components/agent_icon/get_serverless_icon.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ +import { ServerlessType } from '@kbn/elastic-agent-utils'; +import defaultIcon from '../../../assets/default.svg'; +import lambdaIcon from '../../../assets/lambda.svg'; +import azureFunctionsIcon from '../../../assets/functions.svg'; + +const serverlessIcons: Record = { + 'aws.lambda': lambdaIcon, + 'azure.functions': azureFunctionsIcon, +} as const; + +export function getServerlessIcon(serverlessType?: ServerlessType) { + if (!serverlessType) { + return defaultIcon; + } + return serverlessIcons[serverlessType] ?? defaultIcon; +} diff --git a/packages/kbn-custom-icons/src/components/agent_icon/index.tsx b/packages/kbn-custom-icons/src/components/agent_icon/index.tsx new file mode 100644 index 00000000000000..bd34aa7f3a32e4 --- /dev/null +++ b/packages/kbn-custom-icons/src/components/agent_icon/index.tsx @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import React from 'react'; +import { EuiIcon, EuiIconProps, useEuiTheme } from '@elastic/eui'; +import { AgentName } from '@kbn/elastic-agent-utils'; +import { getAgentIcon } from './get_agent_icon'; + +export interface AgentIconProps extends Omit { + agentName?: AgentName; +} + +export function AgentIcon({ agentName, size = 'l', ...props }: AgentIconProps) { + const theme = useEuiTheme(); + const icon = getAgentIcon(agentName, theme.colorMode === 'DARK'); + + return ; +} diff --git a/packages/kbn-custom-icons/src/components/cloud_provider_icon/cloud_provider_icon.stories.tsx b/packages/kbn-custom-icons/src/components/cloud_provider_icon/cloud_provider_icon.stories.tsx new file mode 100644 index 00000000000000..e84e865fb55fd8 --- /dev/null +++ b/packages/kbn-custom-icons/src/components/cloud_provider_icon/cloud_provider_icon.stories.tsx @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { EuiCard, EuiFlexGroup, EuiFlexItem, EuiToolTip } from '@elastic/eui'; +import type { Story } from '@storybook/react'; +import React from 'react'; +import { CloudProviderIcon } from '.'; +import { CloudProvider } from './get_cloud_provider_icon'; + +export default { + title: 'Custom Icons/CloudProviderIcon', + component: CloudProviderIcon, +}; + +const providers: CloudProvider[] = ['gcp', 'aws', 'azure', 'unknownProvider']; + +export const List: Story = () => { + return ( + + {providers.map((cloudProvider) => { + return ( + + + + + } + /> + + ); + })} + + ); +}; diff --git a/packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts b/packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts new file mode 100644 index 00000000000000..7c4bcd2ec3f7c8 --- /dev/null +++ b/packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ +const CLOUD_PROVIDER_ICONS = { + gcp: 'logoGCP', + aws: 'logoAWS', + azure: 'logoAzure', + unknownProvider: 'cloudSunny', +} as const; + +export type CloudProvider = keyof typeof CLOUD_PROVIDER_ICONS | null | undefined; + +export function getCloudProviderIcon(cloudProvider?: CloudProvider) { + if (cloudProvider === undefined || cloudProvider === null) { + return CLOUD_PROVIDER_ICONS.unknownProvider; + } + + return CLOUD_PROVIDER_ICONS[cloudProvider]; +} diff --git a/packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx b/packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx new file mode 100644 index 00000000000000..bf90704e4f6448 --- /dev/null +++ b/packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import React from 'react'; +import { EuiIcon, EuiIconProps } from '@elastic/eui'; +import { CloudProvider, getCloudProviderIcon } from './get_cloud_provider_icon'; + +export interface CloudProviderIconProps extends Omit { + cloudProvider?: CloudProvider; +} + +export function CloudProviderIcon({ cloudProvider, ...props }: CloudProviderIconProps) { + const computedProps: Pick = { + type: getCloudProviderIcon(cloudProvider), + }; + + if (cloudProvider) computedProps.title = cloudProvider; + + return ; +} diff --git a/packages/kbn-custom-icons/tsconfig.json b/packages/kbn-custom-icons/tsconfig.json new file mode 100644 index 00000000000000..5cd845d4948c64 --- /dev/null +++ b/packages/kbn-custom-icons/tsconfig.json @@ -0,0 +1,23 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": [ + "jest", + "node", + "react", + "@kbn/ambient-ui-types" + ] + }, + "include": [ + "**/*.ts", + "**/*.tsx" + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [ + "@kbn/elastic-agent-utils", + "@kbn/kibana-react-plugin" + ] +} diff --git a/packages/kbn-elastic-agent-utils/README.md b/packages/kbn-elastic-agent-utils/README.md new file mode 100644 index 00000000000000..f5b99bf1b1594b --- /dev/null +++ b/packages/kbn-elastic-agent-utils/README.md @@ -0,0 +1,141 @@ +# @kbn/elastic-agent-utils + +A utility package providing functions for working with Elastic Agents. This package focuses on agent names used in various contexts, such as OpenTelemetry, Java, Rum (Real User Monitoring), Mobile, JRuby, and Serverless environments. + +## Functions + +- **`isOpenTelemetryAgentName`** + + ```typescript + export function isOpenTelemetryAgentName(agentName: string): agentName is OpenTelemetryAgentName; + ``` + + Check if the provided agent name is part of the OpenTelemetry agents. + +- **`isJavaAgentName`** + + ```typescript + export function isJavaAgentName(agentName?: string): agentName is JavaAgentName; + ``` + + Check if the provided agent name is part of the Java agents. + +- **`isRumAgentName`** + + ```typescript + export function isRumAgentName(agentName?: string): agentName is RumAgentName; + ``` + + Check if the provided agent name is part of the Rum (Real User Monitoring) agents. + +- **`isMobileAgentName`** + + ```typescript + export function isMobileAgentName(agentName?: string): boolean; + ``` + + Check if the provided agent name is either an iOS or Android agent. + +- **`isRumOrMobileAgentName`** + + ```typescript + export function isRumOrMobileAgentName(agentName?: string): boolean; + ``` + + Check if the provided agent name is either a Rum agent or a Mobile agent. + +- **`isIosAgentName`** + + ```typescript + export function isIosAgentName(agentName?: string): boolean; + ``` + + Check if the provided agent name is "ios/swift." + +- **`isAndroidAgentName`** + + ```typescript + export function isAndroidAgentName(agentName?: string): boolean; + ``` + + Check if the provided agent name is "android/java." + +- **`isJRubyAgentName`** + + ```typescript + export function isJRubyAgentName(agentName?: string, runtimeName?: string): boolean; + ``` + + Check if the provided agent name is "ruby" and the runtime name is "jruby." + +- **`isServerlessAgentName`** + + ```typescript + export function isServerlessAgentName(serverlessType?: string): serverlessType is ServerlessType; + ``` + + Check if the provided serverless type is part of the supported Serverless environments. + +- **`isAWSLambdaAgentName`** + + ```typescript + export function isAWSLambdaAgentName(serverlessType?: string): serverlessType is ServerlessType; + ``` + + Check if the provided serverless type is "aws.lambda." + +- **`isAzureFunctionsAgentName`** + + ```typescript + export function isAzureFunctionsAgentName( + serverlessType?: string + ): serverlessType is ServerlessType; + ``` + + Check if the provided serverless type is "azure.functions." + +## Additional Exports + +The `@kbn/elastic-agent-utils` package also exports several constants and types for commonly used agent names. These exports can be utilized for broader categorizations and validations within your Elastic Agent projects. + +### Agent Names Constants + +- **`ELASTIC_AGENT_NAMES`** + + An array of Elastic Agent names, including various programming languages and platforms. + +- **`OPEN_TELEMETRY_AGENT_NAMES`** + + An array of OpenTelemetry agent names, covering different languages and platforms supporting OpenTelemetry. + +- **`JAVA_AGENT_NAMES`** + + An array of Java agent names, including both generic Java and OpenTelemetry Java agents. + +- **`RUM_AGENT_NAMES`** + + An array of Real User Monitoring (RUM) agent names, encompassing both base JavaScript and specific RUM agents. + +- **`SERVERLESS_TYPE`** + + An array of supported Serverless types, including AWS Lambda and Azure Functions. + +### Agent Name Types + +- **`ElasticAgentName`** +- **`OpenTelemetryAgentName`** +- **`JavaAgentName`** +- **`RumAgentName`** +- **`ServerlessType`** + + These types represent the available agent name categories, providing TypeScript type safety for agent name usage. + +### Combined Agent Names + +- **`AgentName`** + + A union type combining all agent name categories. + +- **`AGENT_NAMES`** + + An array containing all available agent names from the combined categories. diff --git a/packages/kbn-elastic-agent-utils/index.ts b/packages/kbn-elastic-agent-utils/index.ts new file mode 100644 index 00000000000000..62e7a6cd59688b --- /dev/null +++ b/packages/kbn-elastic-agent-utils/index.ts @@ -0,0 +1,38 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ +export { + isOpenTelemetryAgentName, + isJavaAgentName, + isRumAgentName, + isMobileAgentName, + isRumOrMobileAgentName, + isIosAgentName, + isAndroidAgentName, + isJRubyAgentName, + isServerlessAgentName, + isAWSLambdaAgentName, + isAzureFunctionsAgentName, +} from './src/agent_guards'; + +export { + ELASTIC_AGENT_NAMES, + OPEN_TELEMETRY_AGENT_NAMES, + JAVA_AGENT_NAMES, + RUM_AGENT_NAMES, + SERVERLESS_TYPE, + AGENT_NAMES, +} from './src/agent_names'; + +export type { + ElasticAgentName, + OpenTelemetryAgentName, + JavaAgentName, + RumAgentName, + ServerlessType, + AgentName, +} from './src/agent_names'; diff --git a/packages/kbn-elastic-agent-utils/jest.config.js b/packages/kbn-elastic-agent-utils/jest.config.js new file mode 100644 index 00000000000000..787036bd78da7a --- /dev/null +++ b/packages/kbn-elastic-agent-utils/jest.config.js @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../..', + roots: ['/packages/kbn-elastic-agent-utils'], +}; diff --git a/packages/kbn-elastic-agent-utils/kibana.jsonc b/packages/kbn-elastic-agent-utils/kibana.jsonc new file mode 100644 index 00000000000000..cf8dc4c03f59d8 --- /dev/null +++ b/packages/kbn-elastic-agent-utils/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-common", + "id": "@kbn/elastic-agent-utils", + "owner": "@elastic/obs-ux-logs-team" +} diff --git a/packages/kbn-elastic-agent-utils/package.json b/packages/kbn-elastic-agent-utils/package.json new file mode 100644 index 00000000000000..df029eb7db2dcf --- /dev/null +++ b/packages/kbn-elastic-agent-utils/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/elastic-agent-utils", + "private": true, + "version": "1.0.0", + "license": "SSPL-1.0 OR Elastic License 2.0" +} \ No newline at end of file diff --git a/packages/kbn-elastic-agent-utils/src/agent_guards.test.ts b/packages/kbn-elastic-agent-utils/src/agent_guards.test.ts new file mode 100644 index 00000000000000..0de2ea225ce814 --- /dev/null +++ b/packages/kbn-elastic-agent-utils/src/agent_guards.test.ts @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { + isAndroidAgentName, + isAWSLambdaAgentName, + isAzureFunctionsAgentName, + isIosAgentName, + isJavaAgentName, + isJRubyAgentName, + isMobileAgentName, + isOpenTelemetryAgentName, + isRumAgentName, + isRumOrMobileAgentName, + isServerlessAgentName, +} from './agent_guards'; + +describe('Agents guards', () => { + it('isOpenTelemetryAgentName should guard if the passed agent is an OpenTelemetry one.', () => { + expect(isOpenTelemetryAgentName('otlp')).toBe(true); + expect(isOpenTelemetryAgentName('not-an-agent')).toBe(false); + }); + + it('isJavaAgentName should guard if the passed agent is an Java one.', () => { + expect(isJavaAgentName('java')).toBe(true); + expect(isJavaAgentName('not-an-agent')).toBe(false); + }); + + it('isRumAgentName should guard if the passed agent is an Rum one.', () => { + expect(isRumAgentName('rum-js')).toBe(true); + expect(isRumAgentName('not-an-agent')).toBe(false); + }); + + it('isMobileAgentName should guard if the passed agent is an Mobile one.', () => { + expect(isMobileAgentName('ios/swift')).toBe(true); + expect(isMobileAgentName('android/java')).toBe(true); + expect(isMobileAgentName('not-an-agent')).toBe(false); + }); + + it('isRumOrMobileAgentName should guard if the passed agent is an RumOrMobile one.', () => { + expect(isRumOrMobileAgentName('ios/swift')).toBe(true); + expect(isRumOrMobileAgentName('android/java')).toBe(true); + expect(isRumOrMobileAgentName('rum-js')).toBe(true); + expect(isRumOrMobileAgentName('not-an-agent')).toBe(false); + }); + + it('isIosAgentName should guard if the passed agent is an Ios one.', () => { + expect(isIosAgentName('ios/swift')).toBe(true); + expect(isIosAgentName('not-an-agent')).toBe(false); + }); + + it('isAndroidAgentName should guard if the passed agent is an Android one.', () => { + expect(isAndroidAgentName('android/java')).toBe(true); + expect(isAndroidAgentName('not-an-agent')).toBe(false); + }); + + it('isJRubyAgentName should guard if the passed agent is an JRuby one.', () => { + expect(isJRubyAgentName('ruby', 'jruby')).toBe(true); + expect(isJRubyAgentName('ruby')).toBe(false); + expect(isJRubyAgentName('not-an-agent')).toBe(false); + }); + + it('isServerlessAgentName should guard if the passed agent is an Serverless one.', () => { + expect(isServerlessAgentName('aws.lambda')).toBe(true); + expect(isServerlessAgentName('azure.functions')).toBe(true); + expect(isServerlessAgentName('not-an-agent')).toBe(false); + }); + + it('isAWSLambdaAgentName should guard if the passed agent is an AWSLambda one.', () => { + expect(isAWSLambdaAgentName('aws.lambda')).toBe(true); + expect(isAWSLambdaAgentName('not-an-agent')).toBe(false); + }); + + it('isAzureFunctionsAgentName should guard if the passed agent is an AzureFunctions one.', () => { + expect(isAzureFunctionsAgentName('azure.functions')).toBe(true); + expect(isAzureFunctionsAgentName('not-an-agent')).toBe(false); + }); +}); diff --git a/packages/kbn-elastic-agent-utils/src/agent_guards.ts b/packages/kbn-elastic-agent-utils/src/agent_guards.ts new file mode 100644 index 00000000000000..6997cbd81c42c6 --- /dev/null +++ b/packages/kbn-elastic-agent-utils/src/agent_guards.ts @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { JAVA_AGENT_NAMES, OPEN_TELEMETRY_AGENT_NAMES, RUM_AGENT_NAMES } from './agent_names'; + +import type { + JavaAgentName, + OpenTelemetryAgentName, + RumAgentName, + ServerlessType, +} from './agent_names'; + +export function isOpenTelemetryAgentName(agentName: string): agentName is OpenTelemetryAgentName { + return OPEN_TELEMETRY_AGENT_NAMES.includes(agentName as OpenTelemetryAgentName); +} + +export function isJavaAgentName(agentName?: string): agentName is JavaAgentName { + return JAVA_AGENT_NAMES.includes(agentName! as JavaAgentName); +} + +export function isRumAgentName(agentName?: string): agentName is RumAgentName { + return RUM_AGENT_NAMES.includes(agentName! as RumAgentName); +} + +export function isMobileAgentName(agentName?: string) { + return isIosAgentName(agentName) || isAndroidAgentName(agentName); +} + +export function isRumOrMobileAgentName(agentName?: string) { + return isRumAgentName(agentName) || isMobileAgentName(agentName); +} + +export function isIosAgentName(agentName?: string) { + return agentName?.toLowerCase() === 'ios/swift'; +} + +export function isAndroidAgentName(agentName?: string) { + const lowercased = agentName && agentName.toLowerCase(); + return lowercased === 'android/java'; +} + +export function isJRubyAgentName(agentName?: string, runtimeName?: string) { + return agentName === 'ruby' && runtimeName?.toLowerCase() === 'jruby'; +} + +export function isServerlessAgentName(serverlessType?: string): serverlessType is ServerlessType { + return isAWSLambdaAgentName(serverlessType) || isAzureFunctionsAgentName(serverlessType); +} + +export function isAWSLambdaAgentName(serverlessType?: string): serverlessType is ServerlessType { + return serverlessType === 'aws.lambda'; +} + +export function isAzureFunctionsAgentName( + serverlessType?: string +): serverlessType is ServerlessType { + return serverlessType === 'azure.functions'; +} diff --git a/packages/kbn-elastic-agent-utils/src/agent_names.ts b/packages/kbn-elastic-agent-utils/src/agent_names.ts new file mode 100644 index 00000000000000..f29160699a241e --- /dev/null +++ b/packages/kbn-elastic-agent-utils/src/agent_names.ts @@ -0,0 +1,84 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +/** + * We cannot mark these arrays as const and derive their type + * because we need to be able to assign them as mutable entities for ES queries. + */ +export type ElasticAgentName = + | 'dotnet' + | 'go' + | 'iOS/swift' + | 'java' + | 'js-base' + | 'nodejs' + | 'php' + | 'python' + | 'ruby' + | 'rum-js' + | 'android/java'; +export const ELASTIC_AGENT_NAMES: ElasticAgentName[] = [ + 'dotnet', + 'go', + 'iOS/swift', + 'java', + 'js-base', + 'nodejs', + 'php', + 'python', + 'ruby', + 'rum-js', + 'android/java', +]; + +export type OpenTelemetryAgentName = + | 'otlp' + | 'opentelemetry/cpp' + | 'opentelemetry/dotnet' + | 'opentelemetry/erlang' + | 'opentelemetry/go' + | 'opentelemetry/java' + | 'opentelemetry/nodejs' + | 'opentelemetry/php' + | 'opentelemetry/python' + | 'opentelemetry/ruby' + | 'opentelemetry/rust' + | 'opentelemetry/swift' + | 'opentelemetry/webjs'; +export const OPEN_TELEMETRY_AGENT_NAMES: OpenTelemetryAgentName[] = [ + 'otlp', + 'opentelemetry/cpp', + 'opentelemetry/dotnet', + 'opentelemetry/erlang', + 'opentelemetry/go', + 'opentelemetry/java', + 'opentelemetry/nodejs', + 'opentelemetry/php', + 'opentelemetry/python', + 'opentelemetry/ruby', + 'opentelemetry/rust', + 'opentelemetry/swift', + 'opentelemetry/webjs', +]; + +export type JavaAgentName = 'java' | 'opentelemetry/java'; +export const JAVA_AGENT_NAMES: JavaAgentName[] = ['java', 'opentelemetry/java']; + +export type RumAgentName = 'js-base' | 'rum-js' | 'opentelemetry/webjs'; +export const RUM_AGENT_NAMES: RumAgentName[] = ['js-base', 'rum-js', 'opentelemetry/webjs']; + +export type ServerlessType = 'aws.lambda' | 'azure.functions'; +export const SERVERLESS_TYPE: ServerlessType[] = ['aws.lambda', 'azure.functions']; + +export type AgentName = ElasticAgentName | OpenTelemetryAgentName | JavaAgentName | RumAgentName; +export const AGENT_NAMES: AgentName[] = [ + ...ELASTIC_AGENT_NAMES, + ...OPEN_TELEMETRY_AGENT_NAMES, + ...JAVA_AGENT_NAMES, + ...RUM_AGENT_NAMES, +]; diff --git a/packages/kbn-elastic-agent-utils/tsconfig.json b/packages/kbn-elastic-agent-utils/tsconfig.json new file mode 100644 index 00000000000000..9754544771806e --- /dev/null +++ b/packages/kbn-elastic-agent-utils/tsconfig.json @@ -0,0 +1,17 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": [ + "jest", + "node" + ] + }, + "include": [ + "**/*.ts", + "**/*.tsx" + ], + "exclude": [ + "target/**/*" + ] +} diff --git a/packages/kbn-handlebars/__snapshots__/index.test.ts.snap b/packages/kbn-handlebars/__snapshots__/index.test.ts.snap index b9a8c27e459115..d25a455699fd6e 100644 --- a/packages/kbn-handlebars/__snapshots__/index.test.ts.snap +++ b/packages/kbn-handlebars/__snapshots__/index.test.ts.snap @@ -42,7 +42,7 @@ HandlebarsEnvironment { "isFunction": [Function], "toString": [Function], }, - "VERSION": "4.7.7", + "VERSION": "4.7.8", "VM": Object { "__esModule": true, "checkRevision": [Function], diff --git a/packages/kbn-handlebars/scripts/check_for_upstream_updates.sh b/packages/kbn-handlebars/scripts/check_for_upstream_updates.sh index 73f7376ab43129..7f2bf784f863ed 100755 --- a/packages/kbn-handlebars/scripts/check_for_upstream_updates.sh +++ b/packages/kbn-handlebars/scripts/check_for_upstream_updates.sh @@ -34,7 +34,7 @@ else echo " our local versions of these files (located in" echo " 'packages/kbn-handlebars/src/spec')." echo - echo " https://github.com/handlebars-lang/handlebars.js/compare/$hash...4.x" + echo " https://github.com/handlebars-lang/handlebars.js/compare/$expected_hash...4.x" echo echo " 2. Execute the following script and commit the updated '$HASH_FILE'" echo " file including any changes you made to our own spec files." diff --git a/packages/kbn-handlebars/src/spec/.upstream_git_hash b/packages/kbn-handlebars/src/spec/.upstream_git_hash index 5a6b183166d468..0d4d453a0c5c38 100644 --- a/packages/kbn-handlebars/src/spec/.upstream_git_hash +++ b/packages/kbn-handlebars/src/spec/.upstream_git_hash @@ -1 +1 @@ -c65c6cce3f626e4896a9d59250f0908be695adae \ No newline at end of file +eab1d141cb4a1d93375d7380ed070aa1f576a2c9 \ No newline at end of file diff --git a/preinstall_check.js b/preinstall_check.js index d6d0cdf1ffb492..59a4cfd2aa4a77 100644 --- a/preinstall_check.js +++ b/preinstall_check.js @@ -10,7 +10,7 @@ const isUsingNpm = process.env.npm_config_git !== undefined; if (isUsingNpm) { - throw `Use Yarn instead of npm, see Kibana's contributing guidelines`; + throw new Error(`Use Yarn instead of npm, see Kibana's contributing guidelines`); } // The value of the `npm_config_argv` env for each command: diff --git a/src/dev/storybook/aliases.ts b/src/dev/storybook/aliases.ts index a43fd71d0004e8..98470ccf136580 100644 --- a/src/dev/storybook/aliases.ts +++ b/src/dev/storybook/aliases.ts @@ -22,6 +22,7 @@ export const storybookAliases = { chart_icons: 'packages/kbn-chart-icons/.storybook', content_management_examples: 'examples/content_management_examples/.storybook', controls: 'src/plugins/controls/storybook', + custom_icons: 'packages/kbn-custom-icons/.storybook', custom_integrations: 'src/plugins/custom_integrations/storybook', dashboard_enhanced: 'x-pack/plugins/dashboard_enhanced/.storybook', dashboard: 'src/plugins/dashboard/.storybook', diff --git a/src/plugins/chart_expressions/expression_partition_vis/public/types.ts b/src/plugins/chart_expressions/expression_partition_vis/public/types.ts index 0beca2e79de8d0..7b139df576d6ee 100755 --- a/src/plugins/chart_expressions/expression_partition_vis/public/types.ts +++ b/src/plugins/chart_expressions/expression_partition_vis/public/types.ts @@ -47,6 +47,7 @@ export interface MultiFilterEvent { export interface CellValueAction { id: string; + type?: string; iconType: string; displayName: string; execute: (data: CellValueContext['data']) => void; diff --git a/src/plugins/chart_expressions/expression_partition_vis/public/utils/get_legend_actions.tsx b/src/plugins/chart_expressions/expression_partition_vis/public/utils/get_legend_actions.tsx index 778c2003de4f1f..b734e1b07a0c02 100644 --- a/src/plugins/chart_expressions/expression_partition_vis/public/utils/get_legend_actions.tsx +++ b/src/plugins/chart_expressions/expression_partition_vis/public/utils/get_legend_actions.tsx @@ -14,10 +14,15 @@ import { LegendAction, SeriesIdentifier, useLegendAction } from '@elastic/charts import { DataPublicPluginStart } from '@kbn/data-plugin/public'; import { Datatable } from '@kbn/expressions-plugin/public'; import { FieldFormatsStart } from '@kbn/field-formats-plugin/public'; +import { FILTER_CELL_ACTION_TYPE } from '@kbn/cell-actions/constants'; import { PartitionVisParams } from '../../common/types'; -import { ColumnCellValueActions, FilterEvent } from '../types'; +import { CellValueAction, ColumnCellValueActions, FilterEvent } from '../types'; import { getSeriesValueColumnIndex, getFilterPopoverTitle } from './filter_helpers'; +const hasFilterCellAction = (actions: CellValueAction[]) => { + return actions.some(({ type }) => type === FILTER_CELL_ACTION_TYPE); +}; + export const getLegendActions = ( canFilter: ( data: FilterEvent | null, @@ -58,9 +63,10 @@ export const getLegendActions = ( pieSeries.key ); - const panelItems: EuiContextMenuPanelDescriptor['items'] = []; + const compatibleCellActions = columnCellValueActions[columnIndex] ?? []; - if (isFilterable && filterData) { + const panelItems: EuiContextMenuPanelDescriptor['items'] = []; + if (!hasFilterCellAction(compatibleCellActions) && isFilterable && filterData) { panelItems.push( { name: i18n.translate('expressionPartitionVis.legend.filterForValueButtonAriaLabel', { @@ -87,20 +93,18 @@ export const getLegendActions = ( ); } - if (columnCellValueActions[columnIndex]) { - const columnMeta = visData.columns[columnIndex].meta; - columnCellValueActions[columnIndex].forEach((action) => { - panelItems.push({ - name: action.displayName, - 'data-test-subj': `legend-${title}-${action.id}`, - icon: , - onClick: () => { - action.execute([{ columnMeta, value: pieSeries.key }]); - setPopoverOpen(false); - }, - }); + const columnMeta = visData.columns[columnIndex].meta; + compatibleCellActions.forEach((action) => { + panelItems.push({ + name: action.displayName, + 'data-test-subj': `legend-${title}-${action.id}`, + icon: , + onClick: () => { + action.execute([{ columnMeta, value: pieSeries.key }]); + setPopoverOpen(false); + }, }); - } + }); if (panelItems.length === 0) { return null; diff --git a/src/plugins/chart_expressions/expression_partition_vis/tsconfig.json b/src/plugins/chart_expressions/expression_partition_vis/tsconfig.json index bfb4774a1676ef..59b7893879ced7 100644 --- a/src/plugins/chart_expressions/expression_partition_vis/tsconfig.json +++ b/src/plugins/chart_expressions/expression_partition_vis/tsconfig.json @@ -29,6 +29,7 @@ "@kbn/analytics", "@kbn/chart-icons", "@kbn/chart-expressions-common", + "@kbn/cell-actions", ], "exclude": [ "target/**/*", diff --git a/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis.test.ts b/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis.test.ts index 78eb7c54ebf8a9..eae70ea54f0c90 100644 --- a/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis.test.ts +++ b/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis.test.ts @@ -10,7 +10,6 @@ import { layeredXyVisFunction } from '.'; import { createMockExecutionContext } from '@kbn/expressions-plugin/common/mocks'; import { sampleArgs, sampleExtendedLayer } from '../__mocks__'; import { XY_VIS } from '../constants'; -import { shouldShowLegendActionDefault } from '../helpers/visualization'; describe('layeredXyVis', () => { test('it renders with the specified data and args', async () => { @@ -31,7 +30,6 @@ describe('layeredXyVis', () => { syncTooltips: false, syncCursor: true, canNavigateToLens: false, - shouldShowLegendAction: shouldShowLegendActionDefault, }, }); }); diff --git a/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis_fn.ts b/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis_fn.ts index 5a1a79ef984fcd..cf1325f09bf22a 100644 --- a/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis_fn.ts +++ b/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis_fn.ts @@ -18,7 +18,6 @@ import { validateAxes, } from './validate'; import { appendLayerIds, getDataLayers } from '../helpers'; -import { shouldShowLegendActionDefault } from '../helpers/visualization'; export const layeredXyVisFn: LayeredXyVisFn['fn'] = async (data, args, handlers) => { const layers = appendLayerIds(args.layers ?? [], 'layers'); @@ -67,7 +66,6 @@ export const layeredXyVisFn: LayeredXyVisFn['fn'] = async (data, args, handlers) syncTooltips: handlers?.isSyncTooltipsEnabled?.() ?? false, syncCursor: handlers?.isSyncCursorEnabled?.() ?? true, overrides: handlers.variables?.overrides as XYRender['value']['overrides'], - shouldShowLegendAction: handlers?.shouldShowLegendAction ?? shouldShowLegendActionDefault, }, }; }; diff --git a/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis.test.ts b/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis.test.ts index e0c825597d3287..9a71ec92d7a513 100644 --- a/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis.test.ts +++ b/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis.test.ts @@ -10,7 +10,6 @@ import { xyVisFunction } from '.'; import { createMockExecutionContext } from '@kbn/expressions-plugin/common/mocks'; import { sampleArgs, sampleLayer } from '../__mocks__'; import { XY_VIS } from '../constants'; -import { shouldShowLegendActionDefault } from '../helpers/visualization'; describe('xyVis', () => { test('it renders with the specified data and args', async () => { @@ -43,7 +42,6 @@ describe('xyVis', () => { syncColors: false, syncTooltips: false, syncCursor: true, - shouldShowLegendAction: shouldShowLegendActionDefault, }, }); }); @@ -354,7 +352,6 @@ describe('xyVis', () => { syncColors: false, syncTooltips: false, syncCursor: true, - shouldShowLegendAction: shouldShowLegendActionDefault, }, }); }); @@ -404,7 +401,6 @@ describe('xyVis', () => { syncTooltips: false, syncCursor: true, overrides, - shouldShowLegendAction: shouldShowLegendActionDefault, }, }); }); diff --git a/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis_fn.ts b/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis_fn.ts index 1eb4357e57c845..03df575b3c653a 100644 --- a/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis_fn.ts +++ b/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis_fn.ts @@ -30,7 +30,6 @@ import { validateAxes, } from './validate'; import { logDatatable } from '../utils'; -import { shouldShowLegendActionDefault } from '../helpers/visualization'; const createDataLayer = (args: XYArgs, table: Datatable): DataLayerConfigResult => { const accessors = getAccessors(args, table); @@ -140,7 +139,6 @@ export const xyVisFn: XyVisFn['fn'] = async (data, args, handlers) => { syncTooltips: handlers?.isSyncTooltipsEnabled?.() ?? false, syncCursor: handlers?.isSyncCursorEnabled?.() ?? true, overrides: handlers.variables?.overrides as XYRender['value']['overrides'], - shouldShowLegendAction: handlers?.shouldShowLegendAction ?? shouldShowLegendActionDefault, }, }; }; diff --git a/src/plugins/chart_expressions/expression_xy/common/helpers/visualization.ts b/src/plugins/chart_expressions/expression_xy/common/helpers/visualization.ts index 8f740c2578d7e4..66d4c11a9f7ae9 100644 --- a/src/plugins/chart_expressions/expression_xy/common/helpers/visualization.ts +++ b/src/plugins/chart_expressions/expression_xy/common/helpers/visualization.ts @@ -19,5 +19,3 @@ export function isTimeChart(layers: CommonXYDataLayerConfigResult[]) { (!l.xScaleType || l.xScaleType === XScaleTypes.TIME) ); } - -export const shouldShowLegendActionDefault = () => true; diff --git a/src/plugins/chart_expressions/expression_xy/public/components/legend_action.test.tsx b/src/plugins/chart_expressions/expression_xy/public/components/legend_action.test.tsx index 47e36adab06f86..1398fc64357cb3 100644 --- a/src/plugins/chart_expressions/expression_xy/public/components/legend_action.test.tsx +++ b/src/plugins/chart_expressions/expression_xy/public/components/legend_action.test.tsx @@ -203,8 +203,7 @@ describe('getLegendAction', function () { formattedColumns: {}, }, }, - {}, - () => true + {} ); let wrapper: ReactWrapper; diff --git a/src/plugins/chart_expressions/expression_xy/public/components/legend_action.tsx b/src/plugins/chart_expressions/expression_xy/public/components/legend_action.tsx index 2ae2c21b8c0d8d..f5b00f696d04fc 100644 --- a/src/plugins/chart_expressions/expression_xy/public/components/legend_action.tsx +++ b/src/plugins/chart_expressions/expression_xy/public/components/legend_action.tsx @@ -28,7 +28,6 @@ export const getLegendAction = ( fieldFormats: LayersFieldFormats, formattedDatatables: DatatablesWithFormatInfo, titles: LayersAccessorsTitles, - shouldShowLegendAction?: (actionId: string) => boolean, singleTable?: boolean ): LegendAction => React.memo(({ series: [xySeries] }) => { @@ -110,7 +109,6 @@ export const getLegendAction = ( } onFilter={filterHandler} legendCellValueActions={legendCellValueActions} - shouldShowLegendAction={shouldShowLegendAction} /> ); }); diff --git a/src/plugins/chart_expressions/expression_xy/public/components/legend_action_popover.tsx b/src/plugins/chart_expressions/expression_xy/public/components/legend_action_popover.tsx index aa2db4c4eb47cd..268a7051bd4c34 100644 --- a/src/plugins/chart_expressions/expression_xy/public/components/legend_action_popover.tsx +++ b/src/plugins/chart_expressions/expression_xy/public/components/legend_action_popover.tsx @@ -8,16 +8,14 @@ import React, { useState, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; -import { - EuiContextMenuPanelDescriptor, - EuiIcon, - EuiPopover, - EuiContextMenu, - EuiContextMenuPanelItemDescriptor, -} from '@elastic/eui'; +import { FILTER_CELL_ACTION_TYPE } from '@kbn/cell-actions/constants'; +import { EuiContextMenuPanelDescriptor, EuiIcon, EuiPopover, EuiContextMenu } from '@elastic/eui'; import { useLegendAction } from '@elastic/charts'; import type { CellValueAction } from '../types'; -import { shouldShowLegendActionDefault } from '../../common/helpers/visualization'; + +const hasFilterCellAction = (actions: CellValueAction[]) => { + return actions.some(({ type }) => type === FILTER_CELL_ACTION_TYPE); +}; export type LegendCellValueActions = Array< Omit & { execute: () => void } @@ -36,20 +34,18 @@ export interface LegendActionPopoverProps { * Compatible actions to be added to the popover actions */ legendCellValueActions?: LegendCellValueActions; - shouldShowLegendAction?: (actionId: string) => boolean; } export const LegendActionPopover: React.FunctionComponent = ({ label, onFilter, legendCellValueActions = [], - shouldShowLegendAction = shouldShowLegendActionDefault, }) => { const [popoverOpen, setPopoverOpen] = useState(false); const [ref, onClose] = useLegendAction(); const panels: EuiContextMenuPanelDescriptor[] = useMemo(() => { - const defaultActions = [ + const defaultFilterActions = [ { id: 'filterIn', displayName: i18n.translate('expressionXY.legend.filterForValueButtonAriaLabel', { @@ -76,22 +72,21 @@ export const LegendActionPopover: React.FunctionComponent((acc, action) => { - if (shouldShowLegendAction(action.id)) { - acc.push({ - name: action.displayName, - 'data-test-subj': `legend-${label}-${action.id}`, - icon: , - onClick: () => { - action.execute(); - setPopoverOpen(false); - }, - }); - } - return acc; - }, []); + const allActions = [ + ...(!hasFilterCellAction(legendCellValueActions) ? defaultFilterActions : []), + ...legendCellValueActions, + ]; + + const legendCellValueActionPanelItems = allActions.map((action) => ({ + name: action.displayName, + 'data-test-subj': `legend-${label}-${action.id}`, + icon: , + onClick: () => { + action.execute(); + setPopoverOpen(false); + }, + })); + return [ { id: 'main', @@ -99,7 +94,7 @@ export const LegendActionPopover: React.FunctionComponent & { renderComplete: () => void; uiState?: PersistedState; timeFormat: string; - shouldShowLegendAction?: (actionId: string) => boolean; }; function nonNullable(v: T): v is NonNullable { @@ -208,7 +207,6 @@ export function XYChart({ uiState, timeFormat, overrides, - shouldShowLegendAction, }: XYChartRenderProps) { const { legend, @@ -841,7 +839,6 @@ export function XYChart({ fieldFormats, formattedDatatables, titles, - shouldShowLegendAction, singleTable ) : undefined diff --git a/src/plugins/chart_expressions/expression_xy/public/expression_renderers/xy_chart_renderer.tsx b/src/plugins/chart_expressions/expression_xy/public/expression_renderers/xy_chart_renderer.tsx index 401af740375b24..c2561191deb9af 100644 --- a/src/plugins/chart_expressions/expression_xy/public/expression_renderers/xy_chart_renderer.tsx +++ b/src/plugins/chart_expressions/expression_xy/public/expression_renderers/xy_chart_renderer.tsx @@ -277,7 +277,6 @@ export const getXyChartRenderer = ({ syncCursor={config.syncCursor} uiState={handlers.uiState as PersistedState} renderComplete={renderComplete} - shouldShowLegendAction={handlers.shouldShowLegendAction} /> diff --git a/src/plugins/chart_expressions/expression_xy/public/types.ts b/src/plugins/chart_expressions/expression_xy/public/types.ts index 733dba9400bf29..14aa84768efea8 100755 --- a/src/plugins/chart_expressions/expression_xy/public/types.ts +++ b/src/plugins/chart_expressions/expression_xy/public/types.ts @@ -120,6 +120,7 @@ export interface VisualizationType { export interface CellValueAction { id: string; + type?: string; iconType: string; displayName: string; execute: (data: CellValueContext['data']) => void; diff --git a/src/plugins/chart_expressions/expression_xy/tsconfig.json b/src/plugins/chart_expressions/expression_xy/tsconfig.json index 901b7eb0568c65..a0e7e207f92c0d 100644 --- a/src/plugins/chart_expressions/expression_xy/tsconfig.json +++ b/src/plugins/chart_expressions/expression_xy/tsconfig.json @@ -34,6 +34,7 @@ "@kbn/event-annotation-common", "@kbn/visualization-ui-components", "@kbn/es-query", + "@kbn/cell-actions", ], "exclude": [ "target/**/*", diff --git a/src/plugins/console/public/lib/autocomplete/body_completer.js b/src/plugins/console/public/lib/autocomplete/body_completer.js index 9759eb9b629da7..d9355db85f4d81 100644 --- a/src/plugins/console/public/lib/autocomplete/body_completer.js +++ b/src/plugins/console/public/lib/autocomplete/body_completer.js @@ -266,7 +266,7 @@ function compileCondition(description, compiledObject) { return new RegExp(description.lines_regex, 'm').test(lines); }, compiledObject); } else { - throw 'unknown condition type - got: ' + JSON.stringify(description); + throw new Error(`unknown condition type - got: ${JSON.stringify(description)}`); } } diff --git a/src/plugins/expressions/common/execution/types.ts b/src/plugins/expressions/common/execution/types.ts index eed9628444cc70..dddc503285942b 100644 --- a/src/plugins/expressions/common/execution/types.ts +++ b/src/plugins/expressions/common/execution/types.ts @@ -84,8 +84,6 @@ export interface ExecutionContext< * Logs datatable. */ logDatatable?(name: string, datatable: Datatable): void; - - shouldShowLegendAction?: (actionId: string) => boolean; } /** diff --git a/src/plugins/expressions/common/expression_renderers/types.ts b/src/plugins/expressions/common/expression_renderers/types.ts index e75e0af849ed35..7dae307aa6c019 100644 --- a/src/plugins/expressions/common/expression_renderers/types.ts +++ b/src/plugins/expressions/common/expression_renderers/types.ts @@ -105,5 +105,4 @@ export interface IInterpreterRenderHandlers { uiState?: unknown; getExecutionContext(): KibanaExecutionContext | undefined; - shouldShowLegendAction?: (actionId: string) => boolean; } diff --git a/src/plugins/expressions/public/loader.ts b/src/plugins/expressions/public/loader.ts index c3d7b1fb9920da..f10b8db1f1287d 100644 --- a/src/plugins/expressions/public/loader.ts +++ b/src/plugins/expressions/public/loader.ts @@ -63,7 +63,6 @@ export class ExpressionLoader { hasCompatibleActions: params?.hasCompatibleActions, getCompatibleCellValueActions: params?.getCompatibleCellValueActions, executionContext: params?.executionContext, - shouldShowLegendAction: params?.shouldShowLegendAction, }); this.render$ = this.renderHandler.render$; this.update$ = this.renderHandler.update$; diff --git a/src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx b/src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx index 7c299e1bc7240b..1d479bd9b4c1c9 100644 --- a/src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx +++ b/src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx @@ -24,7 +24,6 @@ export interface ReactExpressionRendererProps error?: ExpressionRenderError | null ) => React.ReactElement | React.ReactElement[]; padding?: 'xs' | 's' | 'm' | 'l' | 'xl'; - shouldShowLegendAction?: (actionId: string) => boolean; } export type ReactExpressionRendererType = React.ComponentType; diff --git a/src/plugins/expressions/public/render.ts b/src/plugins/expressions/public/render.ts index 6bb9c4d0836ba5..a7b919625b8d66 100644 --- a/src/plugins/expressions/public/render.ts +++ b/src/plugins/expressions/public/render.ts @@ -36,7 +36,6 @@ export interface ExpressionRenderHandlerParams { hasCompatibleActions?: (event: ExpressionRendererEvent) => Promise; getCompatibleCellValueActions?: (data: object[]) => Promise; executionContext?: KibanaExecutionContext; - shouldShowLegendAction?: (actionId: string) => boolean; } type UpdateValue = IInterpreterRenderUpdateParams; @@ -67,7 +66,6 @@ export class ExpressionRenderHandler { hasCompatibleActions = async () => false, getCompatibleCellValueActions = async () => [], executionContext, - shouldShowLegendAction, }: ExpressionRenderHandlerParams = {} ) { this.element = element; @@ -120,9 +118,6 @@ export class ExpressionRenderHandler { }, hasCompatibleActions, getCompatibleCellValueActions, - shouldShowLegendAction: (actionId: string) => { - return shouldShowLegendAction?.(actionId) ?? true; - }, }; } diff --git a/src/plugins/expressions/public/types/index.ts b/src/plugins/expressions/public/types/index.ts index a96c0629ce8a3c..870b44e9bc02c9 100644 --- a/src/plugins/expressions/public/types/index.ts +++ b/src/plugins/expressions/public/types/index.ts @@ -67,7 +67,6 @@ export interface IExpressionLoaderParams { * By default, it equals 1000. */ throttle?: number; - shouldShowLegendAction?: (actionId: string) => boolean; } export interface ExpressionRenderError extends Error { diff --git a/src/plugins/links/common/persistable_state/references.ts b/src/plugins/links/common/persistable_state/references.ts index 1410cdc53d234b..3c527465a28681 100644 --- a/src/plugins/links/common/persistable_state/references.ts +++ b/src/plugins/links/common/persistable_state/references.ts @@ -7,6 +7,7 @@ */ import { Reference } from '@kbn/content-management-utils'; +import { omit } from 'lodash'; import { DASHBOARD_LINK_TYPE, LinksAttributes } from '../content_management'; export function extractReferences({ @@ -22,23 +23,24 @@ export function extractReferences({ const { links } = attributes; const extractedReferences: Reference[] = []; - links.forEach((link) => { + + const newLinks = links.map((link) => { if (link.type === DASHBOARD_LINK_TYPE && link.destination) { const refName = `link_${link.id}_dashboard`; - link.destinationRefName = refName; extractedReferences.push({ name: refName, type: 'dashboard', id: link.destination, }); - delete link.destination; + return { ...omit(link, 'destination'), destinationRefName: refName }; } + return link; }); return { attributes: { ...attributes, - links, + links: newLinks, }, references: references.concat(extractedReferences), }; diff --git a/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_suggestor.tsx b/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_suggestor.tsx index f25ce0cb28cadd..3f542be18d9f87 100644 --- a/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_suggestor.tsx +++ b/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_suggestor.tsx @@ -71,6 +71,7 @@ export class PhraseSuggestorUI extends React.Com } protected onSearchChange = (value: string | number | boolean) => { + this.setState({ isLoading: true }); this.updateSuggestions(`${value}`); }; diff --git a/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_value_input.tsx b/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_value_input.tsx index 62648ae50d26a4..adb80df6cf543a 100644 --- a/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_value_input.tsx +++ b/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_value_input.tsx @@ -54,7 +54,7 @@ class PhraseValueInputUI extends PhraseSuggestorUI { } private renderWithSuggestions() { - const { suggestions } = this.state; + const { suggestions, isLoading } = this.state; const { value, intl, onChange, fullWidth } = this.props; // there are cases when the value is a number, this would cause an exception const valueAsStr = String(value); @@ -62,6 +62,8 @@ class PhraseValueInputUI extends PhraseSuggestorUI { return (
{ this.inputRef = ref; }} diff --git a/src/plugins/unified_search/public/filter_bar/filter_editor/phrases_values_input.tsx b/src/plugins/unified_search/public/filter_bar/filter_editor/phrases_values_input.tsx index 513dad14458231..500b875f426679 100644 --- a/src/plugins/unified_search/public/filter_bar/filter_editor/phrases_values_input.tsx +++ b/src/plugins/unified_search/public/filter_bar/filter_editor/phrases_values_input.tsx @@ -31,13 +31,15 @@ class PhrasesValuesInputUI extends PhraseSuggestorUI { comboBoxWrapperRef = React.createRef(); public render() { - const { suggestions } = this.state; + const { suggestions, isLoading } = this.state; const { values, intl, onChange, fullWidth, onParamsUpdate, compressed, disabled } = this.props; const options = values ? uniq([...values, ...suggestions]) : suggestions; return (
{ - await dashboardAddPanel.clickEditorMenuButton(); - await dashboardAddPanel.clickAddNewEmbeddableLink('links'); - await dashboardLinks.setLayout('horizontal'); - await createSomeLinks(); - await dashboardLinks.toggleSaveByReference(false); - await dashboardLinks.clickPanelEditorSaveButton(); - await testSubjects.exists('addObjectToDashboardSuccess'); - - expect(await testSubjects.existOrFail('links--component')); - expect(await dashboardLinks.getNumberOfLinksInPanel()).to.equal(4); - await dashboard.clickDiscardChanges(); + describe('by-value links panel', async () => { + it('can create a new by-value links panel', async () => { + await dashboardAddPanel.clickEditorMenuButton(); + await dashboardAddPanel.clickAddNewEmbeddableLink('links'); + await dashboardLinks.setLayout('horizontal'); + await createSomeLinks(); + await dashboardLinks.toggleSaveByReference(false); + await dashboardLinks.clickPanelEditorSaveButton(); + await testSubjects.exists('addObjectToDashboardSuccess'); + + expect(await testSubjects.existOrFail('links--component')); + expect(await dashboardLinks.getNumberOfLinksInPanel()).to.equal(4); + }); + + it('can save by-value links panel to the library', async () => { + /** Navigate away to test non-extensible input */ + await dashboard.gotoDashboardLandingPage(); + await dashboard.clickUnsavedChangesContinueEditing(DASHBOARD_NAME); + + await dashboard.waitForRenderComplete(); + await dashboardPanelActions.saveToLibrary('Some more links'); + await testSubjects.existOrFail('addPanelToLibrarySuccess'); + }); + + after(async () => { + await dashboard.clickDiscardChanges(); + }); }); }); diff --git a/test/plugin_functional/test_suites/core_plugins/rendering.ts b/test/plugin_functional/test_suites/core_plugins/rendering.ts index 1a168e8fe73e70..dc6ff1211eb9ee 100644 --- a/test/plugin_functional/test_suites/core_plugins/rendering.ts +++ b/test/plugin_functional/test_suites/core_plugins/rendering.ts @@ -238,6 +238,7 @@ export default function ({ getService }: PluginFunctionalProviderContext) { 'xpack.cloud_integrations.full_story.org_id (any)', // No PII. Just the list of event types we want to forward to FullStory. 'xpack.cloud_integrations.full_story.eventTypesAllowlist (array)', + 'xpack.cloud_integrations.full_story.pageVarsDebounceTime (duration)', 'xpack.cloud_integrations.gain_sight.org_id (any)', 'xpack.cloud.id (string)', 'xpack.cloud.organization_url (string)', diff --git a/tsconfig.base.json b/tsconfig.base.json index 56b25ba43973d5..06ade5904efadd 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -598,6 +598,8 @@ "@kbn/crypto-browser/*": ["packages/kbn-crypto-browser/*"], "@kbn/custom-branding-plugin": ["x-pack/plugins/custom_branding"], "@kbn/custom-branding-plugin/*": ["x-pack/plugins/custom_branding/*"], + "@kbn/custom-icons": ["packages/kbn-custom-icons"], + "@kbn/custom-icons/*": ["packages/kbn-custom-icons/*"], "@kbn/custom-integrations": ["packages/kbn-custom-integrations"], "@kbn/custom-integrations/*": ["packages/kbn-custom-integrations/*"], "@kbn/custom-integrations-plugin": ["src/plugins/custom_integrations"], @@ -684,6 +686,8 @@ "@kbn/ecs-data-quality-dashboard/*": ["x-pack/packages/security-solution/ecs_data_quality_dashboard/*"], "@kbn/ecs-data-quality-dashboard-plugin": ["x-pack/plugins/ecs_data_quality_dashboard"], "@kbn/ecs-data-quality-dashboard-plugin/*": ["x-pack/plugins/ecs_data_quality_dashboard/*"], + "@kbn/elastic-agent-utils": ["packages/kbn-elastic-agent-utils"], + "@kbn/elastic-agent-utils/*": ["packages/kbn-elastic-agent-utils/*"], "@kbn/elastic-assistant": ["x-pack/packages/kbn-elastic-assistant"], "@kbn/elastic-assistant/*": ["x-pack/packages/kbn-elastic-assistant/*"], "@kbn/elastic-assistant-plugin": ["x-pack/plugins/elastic_assistant"], diff --git a/x-pack/packages/security-solution/data_table/common/types/data_table/index.ts b/x-pack/packages/security-solution/data_table/common/types/data_table/index.ts index f86b3ecc98eef8..e9625d39f2690a 100644 --- a/x-pack/packages/security-solution/data_table/common/types/data_table/index.ts +++ b/x-pack/packages/security-solution/data_table/common/types/data_table/index.ts @@ -31,6 +31,8 @@ export enum TableId { kubernetesPageSessions = 'kubernetes-page-sessions', alertsOnCasePage = 'alerts-case-page', alertsRiskInputs = 'alerts-risk-inputs', + // New version of `alertsRiskInputs` designed to support multiple kinds of risk inputs + riskInputs = 'risk-inputs', } export enum TableEntityType { @@ -52,6 +54,7 @@ export const tableEntity: Record = { [TableId.hostsPageSessions]: TableEntityType.session, [TableId.kubernetesPageSessions]: TableEntityType.session, [TableId.alertsRiskInputs]: TableEntityType.alert, + [TableId.riskInputs]: TableEntityType.alert, } as const; const TableIdLiteralRt = runtimeTypes.union([ diff --git a/x-pack/plugins/apm/common/agent_configuration/setting_definitions/index.ts b/x-pack/plugins/apm/common/agent_configuration/setting_definitions/index.ts index d0ddc6b2f53cf5..dbe1da9988851b 100644 --- a/x-pack/plugins/apm/common/agent_configuration/setting_definitions/index.ts +++ b/x-pack/plugins/apm/common/agent_configuration/setting_definitions/index.ts @@ -12,7 +12,7 @@ import { PathReporter } from 'io-ts/lib/PathReporter'; import { AgentName } from '../../../typings/es_schemas/ui/fields/agent'; import { booleanRt } from '../runtime_types/boolean_rt'; import { getIntegerRt } from '../runtime_types/integer_rt'; -import { isRumOrMobileAgent } from '../../agent_name'; +import { isRumOrMobileAgentName } from '../../agent_name'; import { floatRt } from '../runtime_types/float_rt'; import { RawSettingDefinition, SettingDefinition } from './types'; import { generalSettings } from './general_settings'; @@ -106,7 +106,7 @@ export function filterByAgent(agentName?: AgentName) { // only options that apply to every agent (ignoring RUM) should be returned if (setting.excludeAgents) { - return setting.excludeAgents.every(isRumOrMobileAgent); + return setting.excludeAgents.every(isRumOrMobileAgentName); } return true; diff --git a/x-pack/plugins/apm/common/agent_name.test.ts b/x-pack/plugins/apm/common/agent_name.test.ts deleted file mode 100644 index 972ecb39fcecdc..00000000000000 --- a/x-pack/plugins/apm/common/agent_name.test.ts +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - isJavaAgentName, - isRumAgentName, - isIosAgentName, - isAndroidAgentName, - isMobileAgentName, - isServerlessAgent, - isAWSLambdaAgent, - isAzureFunctionsAgent, -} from './agent_name'; - -import { ServerlessType } from './serverless'; - -describe('agent name helpers', () => { - describe('isJavaAgentName', () => { - describe('when the agent name is java', () => { - it('returns true', () => { - expect(isJavaAgentName('java')).toEqual(true); - }); - }); - - describe('when the agent name is opentelemetry/java', () => { - it('returns true', () => { - expect(isJavaAgentName('opentelemetry/java')).toEqual(true); - }); - }); - - describe('when the agent name is not java', () => { - it('returns false', () => { - expect(isJavaAgentName('not java')).toEqual(false); - }); - }); - }); - - describe('isRumAgentName', () => { - describe('when the agent name is js-base', () => { - it('returns true', () => { - expect(isRumAgentName('js-base')).toEqual(true); - }); - }); - - describe('when the agent name is rum-js', () => { - it('returns true', () => { - expect(isRumAgentName('rum-js')).toEqual(true); - }); - }); - - describe('when the agent name is opentelemetry/webjs', () => { - it('returns true', () => { - expect(isRumAgentName('opentelemetry/webjs')).toEqual(true); - }); - }); - - describe('when the agent name is something else', () => { - it('returns false', () => { - expect(isRumAgentName('not rum')).toEqual(false); - }); - }); - }); - - describe('isIosAgentName', () => { - describe('when the agent name is iOS/swift', () => { - it('returns true', () => { - expect(isIosAgentName('iOS/swift')).toEqual(true); - }); - }); - - describe('when the agent name is ios/swift', () => { - it('returns true', () => { - expect(isIosAgentName('ios/swift')).toEqual(true); - }); - }); - - describe('when the agent name is opentelemetry/swift', () => { - it('returns true', () => { - expect(isIosAgentName('opentelemetry/swift')).toEqual(false); - }); - }); - - describe('when the agent name is something else', () => { - it('returns false', () => { - expect(isIosAgentName('not ios')).toEqual(false); - }); - }); - }); - - describe('isAndroidAgentName', () => { - describe('when the agent name is android/java', () => { - it('returns true', () => { - expect(isAndroidAgentName('android/java')).toEqual(true); - }); - }); - - describe('when the agent name is opentelemetry/java', () => { - it('returns false', () => { - expect(isAndroidAgentName('opentelemetry/java')).toEqual(false); - }); - }); - - describe('when the agent name is something else', () => { - it('returns false', () => { - expect(isAndroidAgentName('not android')).toEqual(false); - }); - }); - }); - - describe('isMobileAgentName', () => { - describe('when the agent name is android/java', () => { - it('returns true', () => { - expect(isMobileAgentName('android/java')).toEqual(true); - }); - }); - - describe('when the agent name is iOS/swift', () => { - it('returns true', () => { - expect(isMobileAgentName('iOS/swift')).toEqual(true); - }); - }); - - describe('when the agent name is ios/swift', () => { - it('returns true', () => { - expect(isMobileAgentName('ios/swift')).toEqual(true); - }); - }); - - describe('when the agent name is opentelemetry/swift', () => { - it('returns true', () => { - expect(isMobileAgentName('opentelemetry/swift')).toEqual(false); - }); - }); - - describe('when the agent name is opentelemetry/java', () => { - it('returns false', () => { - expect(isMobileAgentName('opentelemetry/java')).toEqual(false); - }); - }); - - describe('when the agent name is something else', () => { - it('returns false', () => { - expect(isMobileAgentName('not mobile')).toEqual(false); - }); - }); - }); - - describe('isServerlessAgent', () => { - describe('when the serverlessType is AWS_LAMBDA', () => { - it('returns true', () => { - expect(isServerlessAgent(ServerlessType.AWS_LAMBDA)).toEqual(true); - }); - }); - - describe('when the serverlessType is AZURE_FUNCTIONS', () => { - it('returns true', () => { - expect(isServerlessAgent(ServerlessType.AZURE_FUNCTIONS)).toEqual(true); - }); - }); - - describe('when the serverlessType is undefined', () => { - it('returns false', () => { - expect(isServerlessAgent(undefined)).toEqual(false); - }); - }); - }); - - describe('isAWSLambdaAgent', () => { - describe('when the serverlessType is AWS_LAMBDA', () => { - it('returns true', () => { - expect(isAWSLambdaAgent(ServerlessType.AWS_LAMBDA)).toEqual(true); - }); - }); - - describe('when the serverlessType is AZURE_FUNCTIONS', () => { - it('returns true', () => { - expect(isAWSLambdaAgent(ServerlessType.AZURE_FUNCTIONS)).toEqual(false); - }); - }); - - describe('when the serverlessType is undefined', () => { - it('returns false', () => { - expect(isAWSLambdaAgent(undefined)).toEqual(false); - }); - }); - }); - - describe('isAzureFunctionsAgent', () => { - describe('when the serverlessType is AZURE_FUNCTIONS', () => { - it('returns true', () => { - expect(isAzureFunctionsAgent(ServerlessType.AZURE_FUNCTIONS)).toEqual( - true - ); - }); - }); - - describe('when the serverlessType is AWS_LAMBDA', () => { - it('returns true', () => { - expect(isAzureFunctionsAgent(ServerlessType.AWS_LAMBDA)).toEqual(false); - }); - }); - - describe('when the serverlessType is undefined', () => { - it('returns false', () => { - expect(isAzureFunctionsAgent(undefined)).toEqual(false); - }); - }); - }); -}); diff --git a/x-pack/plugins/apm/common/agent_name.ts b/x-pack/plugins/apm/common/agent_name.ts index 7782cc044e950d..608fdf4975353a 100644 --- a/x-pack/plugins/apm/common/agent_name.ts +++ b/x-pack/plugins/apm/common/agent_name.ts @@ -4,110 +4,20 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ - -import { - AgentName, - OpenTelemetryAgentName, -} from '../typings/es_schemas/ui/fields/agent'; -import { ServerlessType } from './serverless'; - -/* - * Agent names can be any string. This list only defines the official agents - * that we might want to target specifically eg. linking to their documentation - * & telemetry reporting. Support additional agent types by appending - * definitions in mappings.json (for telemetry), the AgentName type, and the - * AGENT_NAMES array. - */ - -export const OPEN_TELEMETRY_AGENT_NAMES: AgentName[] = [ - 'otlp', - 'opentelemetry/cpp', - 'opentelemetry/dotnet', - 'opentelemetry/erlang', - 'opentelemetry/go', - 'opentelemetry/java', - 'opentelemetry/nodejs', - 'opentelemetry/php', - 'opentelemetry/python', - 'opentelemetry/ruby', - 'opentelemetry/rust', - 'opentelemetry/swift', - 'opentelemetry/webjs', -]; - -export const AGENT_NAMES: AgentName[] = [ - 'dotnet', - 'go', - 'iOS/swift', - 'java', - 'js-base', - 'nodejs', - 'php', - 'python', - 'ruby', - 'rum-js', - 'android/java', - ...OPEN_TELEMETRY_AGENT_NAMES, -]; - -export function isOpenTelemetryAgentName( - agentName: string -): agentName is OpenTelemetryAgentName { - return OPEN_TELEMETRY_AGENT_NAMES.includes(agentName as AgentName); -} - -export const JAVA_AGENT_NAMES: AgentName[] = ['java', 'opentelemetry/java']; - -export function isJavaAgentName( - agentName?: string -): agentName is 'java' | 'opentelemetry/java' { - return JAVA_AGENT_NAMES.includes(agentName! as AgentName); -} - -export const RUM_AGENT_NAMES: AgentName[] = [ - 'js-base', - 'rum-js', - 'opentelemetry/webjs', -]; - -export function isRumAgentName( - agentName?: string -): agentName is 'js-base' | 'rum-js' | 'opentelemetry/webjs' { - return RUM_AGENT_NAMES.includes(agentName! as AgentName); -} - -export function isMobileAgentName(agentName?: string) { - return isIosAgentName(agentName) || isAndroidAgentName(agentName); -} - -export function isRumOrMobileAgent(agentName?: string) { - return isRumAgentName(agentName) || isMobileAgentName(agentName); -} - -export function isIosAgentName(agentName?: string) { - const lowercased = agentName && agentName.toLowerCase(); - return lowercased === 'ios/swift'; -} - -export function isJRubyAgent(agentName?: string, runtimeName?: string) { - return agentName === 'ruby' && runtimeName?.toLowerCase() === 'jruby'; -} - -export function isServerlessAgent(serverlessType?: ServerlessType) { - return ( - isAWSLambdaAgent(serverlessType) || isAzureFunctionsAgent(serverlessType) - ); -} - -export function isAWSLambdaAgent(serverlessType?: ServerlessType) { - return serverlessType === ServerlessType.AWS_LAMBDA; -} - -export function isAzureFunctionsAgent(serverlessType?: ServerlessType) { - return serverlessType === ServerlessType.AZURE_FUNCTIONS; -} - -export function isAndroidAgentName(agentName?: string) { - const lowercased = agentName && agentName.toLowerCase(); - return lowercased === 'android/java'; -} +export { + OPEN_TELEMETRY_AGENT_NAMES, + AGENT_NAMES, + isOpenTelemetryAgentName, + JAVA_AGENT_NAMES, + isJavaAgentName, + RUM_AGENT_NAMES, + isRumAgentName, + isRumOrMobileAgentName, + isMobileAgentName, + isIosAgentName, + isJRubyAgentName, + isServerlessAgentName, + isAWSLambdaAgentName, + isAzureFunctionsAgentName, + isAndroidAgentName, +} from '@kbn/elastic-agent-utils'; diff --git a/x-pack/plugins/apm/common/data_view_constants.ts b/x-pack/plugins/apm/common/data_view_constants.ts index b448918f8facfd..c50966399ad220 100644 --- a/x-pack/plugins/apm/common/data_view_constants.ts +++ b/x-pack/plugins/apm/common/data_view_constants.ts @@ -5,5 +5,11 @@ * 2.0. */ -// value of const needs to be backwards compatible -export const APM_STATIC_DATA_VIEW_ID = 'apm_static_index_pattern_id'; +export const DO_NOT_USE_LEGACY_APM_STATIC_DATA_VIEW_ID = + 'apm_static_index_pattern_id'; + +const APM_STATIC_DATA_VIEW_ID_PREFIX = 'apm_static_data_view_id'; + +export function getDataViewId(spaceId: string) { + return `${APM_STATIC_DATA_VIEW_ID_PREFIX}_${spaceId}`; +} diff --git a/x-pack/plugins/apm/common/service_inventory.ts b/x-pack/plugins/apm/common/service_inventory.ts index b3eeb1cbf8faf3..f758bc083cf785 100644 --- a/x-pack/plugins/apm/common/service_inventory.ts +++ b/x-pack/plugins/apm/common/service_inventory.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { AgentName } from '../typings/es_schemas/ui/fields/agent'; +import { AgentName } from '@kbn/elastic-agent-utils'; import { ServiceHealthStatus } from './service_health_status'; export interface ServiceListItem { diff --git a/x-pack/plugins/apm/public/components/app/diagnostics/apm_documents_tab.tsx b/x-pack/plugins/apm/public/components/app/diagnostics/apm_documents_tab.tsx index d4776c8995c43b..03fcd2610f23b3 100644 --- a/x-pack/plugins/apm/public/components/app/diagnostics/apm_documents_tab.tsx +++ b/x-pack/plugins/apm/public/components/app/diagnostics/apm_documents_tab.tsx @@ -13,20 +13,23 @@ import { EuiText, EuiToolTip, } from '@elastic/eui'; -import React, { useState, useMemo } from 'react'; +import { i18n } from '@kbn/i18n'; import { useKibana } from '@kbn/kibana-react-plugin/public'; import { orderBy } from 'lodash'; -import { useApmParams } from '../../../hooks/use_apm_params'; +import React, { useMemo, useState } from 'react'; import { asBigNumber, asInteger } from '../../../../common/utils/formatters'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../common/data_view_constants'; import type { ApmEvent } from '../../../../server/routes/diagnostics/bundle/get_apm_events'; -import { useDiagnosticsContext } from './context/use_diagnostics'; +import { useApmParams } from '../../../hooks/use_apm_params'; +import { useDataViewId } from '../../../hooks/use_data_view_id'; import { ApmPluginStartDeps } from '../../../plugin'; import { SearchBar } from '../../shared/search_bar/search_bar'; +import { useDiagnosticsContext } from './context/use_diagnostics'; export function DiagnosticsApmDocuments() { const { diagnosticsBundle, isImported } = useDiagnosticsContext(); const { discover } = useKibana().services; + const dataViewId = useDataViewId(); + const [sortField, setSortField] = useState('name'); const [sortDirection, setSortDirection] = useState<'asc' | 'desc'>('asc'); const { @@ -103,7 +106,7 @@ export function DiagnosticsApmDocuments() { language: 'kuery', query: item.kuery, }, - dataViewId: APM_STATIC_DATA_VIEW_ID, + dataViewId, timeRange: rangeTo && rangeFrom ? { @@ -123,13 +126,37 @@ export function DiagnosticsApmDocuments() { {isImported && diagnosticsBundle ? ( <> - From: {new Date(diagnosticsBundle.params.start).toISOString()} + {i18n.translate( + 'xpack.apm.diagnosticsApmDocuments.from:BadgeLabel', + { + defaultMessage: 'From: {date}', + values: { + date: new Date(diagnosticsBundle.params.start).toISOString(), + }, + } + )} - To: {new Date(diagnosticsBundle.params.end).toISOString()} + {i18n.translate('xpack.apm.diagnosticsApmDocuments.to:BadgeLabel', { + defaultMessage: 'To: {date}', + values: { + date: new Date(diagnosticsBundle.params.end).toISOString(), + }, + })} - Filter: {diagnosticsBundle?.params.kuery ?? Empty} + {i18n.translate( + 'xpack.apm.diagnosticsApmDocuments.filter:BadgeLabel', + { defaultMessage: 'Filter:' } + )} + {diagnosticsBundle?.params.kuery ?? ( + + {i18n.translate( + 'xpack.apm.diagnosticsApmDocuments.em.emptyLabel', + { defaultMessage: 'Empty' } + )} + + )} @@ -183,7 +210,13 @@ function IntervalDocCount({ - ({asBigNumber(interval.eventDocCount)} events) + {i18n.translate('xpack.apm.intervalDocCount.TextLabel', { + defaultMessage: + '({docCount} {docCount, plural, one {event} other {events}})', + values: { + docCount: asBigNumber(interval.eventDocCount), + }, + })}
diff --git a/x-pack/plugins/apm/public/components/app/metrics/index.tsx b/x-pack/plugins/apm/public/components/app/metrics/index.tsx index 5f290b4d4af866..0c70b6fd48d7f2 100644 --- a/x-pack/plugins/apm/public/components/app/metrics/index.tsx +++ b/x-pack/plugins/apm/public/components/app/metrics/index.tsx @@ -8,8 +8,8 @@ import React from 'react'; import { isJavaAgentName, - isJRubyAgent, - isAWSLambdaAgent, + isJRubyAgentName, + isAWSLambdaAgentName, } from '../../../../common/agent_name'; import { useApmServiceContext } from '../../../context/apm_service/use_apm_service_context'; import { ServerlessMetrics } from './serverless_metrics'; @@ -20,7 +20,7 @@ import { hasDashboardFile } from './static_dashboard/helper'; export function Metrics() { const { agentName, runtimeName, serverlessType } = useApmServiceContext(); - const isAWSLambda = isAWSLambdaAgent(serverlessType); + const isAWSLambda = isAWSLambdaAgentName(serverlessType); if (isAWSLambda) { return ; @@ -44,7 +44,7 @@ export function Metrics() { if ( !isAWSLambda && - (isJavaAgentName(agentName) || isJRubyAgent(agentName, runtimeName)) + (isJavaAgentName(agentName) || isJRubyAgentName(agentName, runtimeName)) ) { return ; } diff --git a/x-pack/plugins/apm/public/components/app/metrics/static_dashboard/helper.ts b/x-pack/plugins/apm/public/components/app/metrics/static_dashboard/helper.ts index a6d22ea7b6a556..780e4387b0e103 100644 --- a/x-pack/plugins/apm/public/components/app/metrics/static_dashboard/helper.ts +++ b/x-pack/plugins/apm/public/components/app/metrics/static_dashboard/helper.ts @@ -6,7 +6,6 @@ */ import type { DashboardPanelMap } from '@kbn/dashboard-plugin/common'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../../common/data_view_constants'; import { AGENT_NAME_DASHBOARD_FILE_MAPPING, loadDashboardFile, @@ -29,7 +28,8 @@ function getDashboardFile({ agentName }: MetricsDashboardProps) { } export async function getDashboardPanelMap( - props: MetricsDashboardProps + props: MetricsDashboardProps, + dataViewId: string ): Promise { const dashboardFile = getDashboardFile(props); const panelsRawObj = !!dashboardFile @@ -42,7 +42,7 @@ export async function getDashboardPanelMap( const panelsStr: string = ( panelsRawObj.attributes.panelsJSON as string - ).replaceAll('APM_STATIC_DATA_VIEW_ID', APM_STATIC_DATA_VIEW_ID); + ).replaceAll('APM_STATIC_DATA_VIEW_ID', dataViewId); const panelsRawObjects = JSON.parse(panelsStr) as any[]; diff --git a/x-pack/plugins/apm/public/components/app/metrics/static_dashboard/index.tsx b/x-pack/plugins/apm/public/components/app/metrics/static_dashboard/index.tsx index 50bda742eb377b..29ebf34cca44f8 100644 --- a/x-pack/plugins/apm/public/components/app/metrics/static_dashboard/index.tsx +++ b/x-pack/plugins/apm/public/components/app/metrics/static_dashboard/index.tsx @@ -19,7 +19,7 @@ import { i18n } from '@kbn/i18n'; import { controlGroupInputBuilder } from '@kbn/controls-plugin/public'; import { getDefaultControlGroupInput } from '@kbn/controls-plugin/common'; import { NotificationsStart } from '@kbn/core/public'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../../common/data_view_constants'; +import { useDataViewId } from '../../../../hooks/use_data_view_id'; import { ENVIRONMENT_ALL, ENVIRONMENT_NOT_DEFINED, @@ -28,11 +28,11 @@ import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plug import { useApmDataView } from '../../../../hooks/use_apm_data_view'; import { useApmServiceContext } from '../../../../context/apm_service/use_apm_service_context'; import { useApmParams } from '../../../../hooks/use_apm_params'; - import { getDashboardPanelMap, MetricsDashboardProps } from './helper'; export function JsonMetricsDashboard(dashboardProps: MetricsDashboardProps) { const [dashboard, setDashboard] = useState(); + const dataViewId = useDataViewId(); const { query: { environment, kuery, rangeFrom, rangeTo }, @@ -65,7 +65,7 @@ export function JsonMetricsDashboard(dashboardProps: MetricsDashboardProps) { return ( - getCreationOptions(dashboardProps, notifications) + getCreationOptions(dashboardProps, notifications, dataViewId) } ref={setDashboard} /> @@ -74,20 +74,21 @@ export function JsonMetricsDashboard(dashboardProps: MetricsDashboardProps) { async function getCreationOptions( dashboardProps: MetricsDashboardProps, - notifications: NotificationsStart + notifications: NotificationsStart, + dataViewId: string ): Promise { try { const builder = controlGroupInputBuilder; const controlGroupInput = getDefaultControlGroupInput(); await builder.addDataControlFromField(controlGroupInput, { - dataViewId: APM_STATIC_DATA_VIEW_ID, + dataViewId, title: 'Node name', fieldName: 'service.node.name', width: 'medium', grow: true, }); - const panels = await getDashboardPanelMap(dashboardProps); + const panels = await getDashboardPanelMap(dashboardProps, dataViewId); if (!panels) { throw new Error('Failed parsing dashboard panels.'); diff --git a/x-pack/plugins/apm/public/components/app/metrics_details/index.tsx b/x-pack/plugins/apm/public/components/app/metrics_details/index.tsx index ffcba4d8389713..99d3d8830ceb98 100644 --- a/x-pack/plugins/apm/public/components/app/metrics_details/index.tsx +++ b/x-pack/plugins/apm/public/components/app/metrics_details/index.tsx @@ -5,7 +5,7 @@ * 2.0. */ import React from 'react'; -import { isAWSLambdaAgent } from '../../../../common/agent_name'; +import { isAWSLambdaAgentName } from '../../../../common/agent_name'; import { useApmServiceContext } from '../../../context/apm_service/use_apm_service_context'; import { useApmParams } from '../../../hooks/use_apm_params'; import { ServerlessMetricsDetails } from './serverless_metrics_details'; @@ -17,7 +17,7 @@ export function MetricsDetails() { } = useApmParams('/services/{serviceName}/metrics/{id}'); const { serverlessType } = useApmServiceContext(); - if (isAWSLambdaAgent(serverlessType)) { + if (isAWSLambdaAgentName(serverlessType)) { return ; } diff --git a/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/embedded_map.tsx b/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/embedded_map.tsx index b046511d6ce64f..f4c530b47acc27 100644 --- a/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/embedded_map.tsx +++ b/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/embedded_map.tsx @@ -23,6 +23,7 @@ import { css } from '@emotion/react'; import { i18n } from '@kbn/i18n'; import { EuiText } from '@elastic/eui'; import type { Filter } from '@kbn/es-query'; +import { useDataViewId } from '../../../../../hooks/use_data_view_id'; import { ApmPluginStartDeps } from '../../../../../plugin'; import { getLayerList } from './map_layers/get_layer_list'; import { MapTypes } from '../../../../../../common/mobile/constants'; @@ -40,6 +41,7 @@ function EmbeddedMapComponent({ filters: Filter[]; }) { const [error, setError] = useState(); + const dataViewId = useDataViewId(); const [embeddable, setEmbeddable] = useState< MapEmbeddable | ErrorEmbeddable | undefined @@ -128,7 +130,7 @@ function EmbeddedMapComponent({ useEffect(() => { const setLayerList = async () => { if (embeddable && !isErrorEmbeddable(embeddable)) { - const layerList = await getLayerList({ selectedMap, maps }); + const layerList = await getLayerList({ selectedMap, maps, dataViewId }); await Promise.all([ embeddable.setLayerList(layerList), embeddable.reload(), @@ -137,7 +139,7 @@ function EmbeddedMapComponent({ }; setLayerList(); - }, [embeddable, selectedMap, maps]); + }, [embeddable, selectedMap, maps, dataViewId]); useEffect(() => { if (embeddable) { diff --git a/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_http_requests_map_layer_list.ts b/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_http_requests_map_layer_list.ts index 89546265462906..728658817b27a0 100644 --- a/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_http_requests_map_layer_list.ts +++ b/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_http_requests_map_layer_list.ts @@ -24,7 +24,6 @@ import { SPAN_SUBTYPE, SPAN_TYPE, } from '../../../../../../../common/es_fields/apm'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../../../../common/data_view_constants'; import { getLayerStyle, PalleteColors } from './get_map_layer_style'; import { MobileSpanSubtype, @@ -48,7 +47,10 @@ const label = i18n.translate( } ); -export async function getHttpRequestsLayerList(maps?: MapsStartApi) { +export async function getHttpRequestsLayerList( + maps: MapsStartApi | undefined, + dataViewId: string +) { const whereQuery = { language: 'kuery', query: `${PROCESSOR_EVENT}:${ProcessorEvent.span} and ${SPAN_SUBTYPE}:${MobileSpanSubtype.Http} and ${SPAN_TYPE}:${MobileSpanType.External}`, @@ -72,7 +74,7 @@ export async function getHttpRequestsLayerList(maps?: MapsStartApi) { }, ], whereQuery, - indexPatternId: APM_STATIC_DATA_VIEW_ID, + indexPatternId: dataViewId, applyGlobalQuery: true, applyGlobalTime: true, applyForceRefresh: true, @@ -114,7 +116,7 @@ export async function getHttpRequestsLayerList(maps?: MapsStartApi) { }, ], whereQuery, - indexPatternId: APM_STATIC_DATA_VIEW_ID, + indexPatternId: dataViewId, applyGlobalQuery: true, applyGlobalTime: true, applyForceRefresh: true, diff --git a/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_layer_list.ts b/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_layer_list.ts index 152f1874b143b8..d9f1d023fbf649 100644 --- a/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_layer_list.ts +++ b/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_layer_list.ts @@ -10,19 +10,21 @@ import { getHttpRequestsLayerList } from './get_http_requests_map_layer_list'; import { getSessionMapLayerList } from './get_session_map_layer_list'; import { MapTypes } from '../../../../../../../common/mobile/constants'; -export async function getLayerList({ +export function getLayerList({ selectedMap, maps, + dataViewId, }: { selectedMap: MapTypes; - maps?: MapsStartApi; + maps: MapsStartApi | undefined; + dataViewId: string; }): Promise { switch (selectedMap) { case MapTypes.Http: - return await getHttpRequestsLayerList(maps); + return getHttpRequestsLayerList(maps, dataViewId); case MapTypes.Session: - return await getSessionMapLayerList(maps); + return getSessionMapLayerList(maps, dataViewId); default: - return await getHttpRequestsLayerList(maps); + return getHttpRequestsLayerList(maps, dataViewId); } } diff --git a/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_session_map_layer_list.ts b/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_session_map_layer_list.ts index a0d2b80b218fda..be86b5da710a85 100644 --- a/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_session_map_layer_list.ts +++ b/x-pack/plugins/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_session_map_layer_list.ts @@ -21,7 +21,6 @@ import { CLIENT_GEO_REGION_ISO_CODE, SESSION_ID, } from '../../../../../../../common/es_fields/apm'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../../../../common/data_view_constants'; import { getLayerStyle, PalleteColors } from './get_map_layer_style'; interface VectorLayerDescriptor extends BaseVectorLayerDescriptor { @@ -40,7 +39,10 @@ const label = i18n.translate( defaultMessage: 'Sessions', } ); -export async function getSessionMapLayerList(maps?: MapsStartApi) { +export async function getSessionMapLayerList( + maps: MapsStartApi | undefined, + dataViewId: string +) { const basemapLayerDescriptor = await maps?.createLayerDescriptors?.createBasemapLayerDescriptor(); @@ -59,7 +61,7 @@ export async function getSessionMapLayerList(maps?: MapsStartApi) { label, }, ], - indexPatternId: APM_STATIC_DATA_VIEW_ID, + indexPatternId: dataViewId, applyGlobalQuery: true, applyGlobalTime: true, applyForceRefresh: true, @@ -101,7 +103,7 @@ export async function getSessionMapLayerList(maps?: MapsStartApi) { label, }, ], - indexPatternId: APM_STATIC_DATA_VIEW_ID, + indexPatternId: dataViewId, applyGlobalQuery: true, applyGlobalTime: true, applyForceRefresh: true, diff --git a/x-pack/plugins/apm/public/components/app/service_groups/service_group_save/service_list_preview.tsx b/x-pack/plugins/apm/public/components/app/service_groups/service_group_save/service_list_preview.tsx index 66105c106805a6..39f8ba7068abc4 100644 --- a/x-pack/plugins/apm/public/components/app/service_groups/service_group_save/service_list_preview.tsx +++ b/x-pack/plugins/apm/public/components/app/service_groups/service_group_save/service_list_preview.tsx @@ -10,11 +10,11 @@ import { EuiFlexGroup, EuiFlexItem, } from '@elastic/eui'; +import { AgentIcon } from '@kbn/custom-icons'; import { i18n } from '@kbn/i18n'; import { orderBy } from 'lodash'; import React, { useCallback, useMemo, useState } from 'react'; import { ValuesType } from 'utility-types'; -import { AgentIcon } from '../../../shared/agent_icon'; import { APIReturnType } from '../../../../services/rest/create_call_apm_api'; import { unit } from '../../../../utils/style'; import { EnvironmentBadge } from '../../../shared/environment_badge'; @@ -93,7 +93,7 @@ export function ServiceListPreview({ items, isLoading }: Props) { content={ - + {serviceName} diff --git a/x-pack/plugins/apm/public/components/app/service_map/icons.ts b/x-pack/plugins/apm/public/components/app/service_map/icons.ts index 187a84cb6cca60..f784a737f8d67b 100644 --- a/x-pack/plugins/apm/public/components/app/service_map/icons.ts +++ b/x-pack/plugins/apm/public/components/app/service_map/icons.ts @@ -5,13 +5,13 @@ * 2.0. */ +import { getAgentIcon } from '@kbn/custom-icons'; import cytoscape from 'cytoscape'; import { AGENT_NAME, SPAN_SUBTYPE, SPAN_TYPE, } from '../../../../common/es_fields/apm'; -import { getAgentIcon } from '../../shared/agent_icon/get_agent_icon'; import { getSpanIcon } from '../../shared/span_icon/get_span_icon'; export function iconForNode(node: cytoscape.NodeSingular) { diff --git a/x-pack/plugins/apm/public/components/app/service_overview/index.tsx b/x-pack/plugins/apm/public/components/app/service_overview/index.tsx index 4a4e79b39c8e92..55972ede6e5602 100644 --- a/x-pack/plugins/apm/public/components/app/service_overview/index.tsx +++ b/x-pack/plugins/apm/public/components/app/service_overview/index.tsx @@ -20,7 +20,7 @@ import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent'; import { isOpenTelemetryAgentName, isRumAgentName, - isServerlessAgent, + isServerlessAgentName, } from '../../../../common/agent_name'; import { AnnotationsContextProvider } from '../../../context/annotations/annotations_context'; import { useApmServiceContext } from '../../../context/apm_service/use_apm_service_context'; @@ -60,7 +60,7 @@ export function ServiceOverview() { const { start, end } = useTimeRange({ rangeFrom, rangeTo }); const isRumAgent = isRumAgentName(agentName); const isOpenTelemetryAgent = isOpenTelemetryAgentName(agentName as AgentName); - const isServerless = isServerlessAgent(serverlessType); + const isServerless = isServerlessAgentName(serverlessType); const dependenciesLink = router.link('/services/{serviceName}/dependencies', { path: { diff --git a/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_table/intance_details.tsx b/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_table/intance_details.tsx index fac65a44857669..09b9e461ca1c02 100644 --- a/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_table/intance_details.tsx +++ b/x-pack/plugins/apm/public/components/app/service_overview/service_overview_instances_table/intance_details.tsx @@ -6,6 +6,11 @@ */ import { EuiFlexGroup, EuiFlexItem, EuiSkeletonText } from '@elastic/eui'; +import { + CloudProvider, + getAgentIcon, + getCloudProviderIcon, +} from '@kbn/custom-icons'; import { i18n } from '@kbn/i18n'; import { get } from 'lodash'; import React from 'react'; @@ -36,10 +41,9 @@ import { import { isPending } from '../../../../hooks/use_fetcher'; import { useTheme } from '../../../../hooks/use_theme'; import { APIReturnType } from '../../../../services/rest/create_call_apm_api'; -import { getAgentIcon } from '../../../shared/agent_icon/get_agent_icon'; import { KeyValueFilterList } from '../../../shared/key_value_filter_list'; import { pushNewItemToKueryBar } from '../../../shared/kuery_bar/utils'; -import { getCloudIcon, getContainerIcon } from '../../../shared/service_icons'; +import { getContainerIcon } from '../../../shared/service_icons'; import { useInstanceDetailsFetcher } from './use_instance_details_fetcher'; type ServiceInstanceDetails = @@ -175,7 +179,7 @@ export function InstanceDetails({ 'xpack.apm.serviceOverview.instanceTable.details.cloudTitle', { defaultMessage: 'Cloud' } )} - icon={getCloudIcon(data.cloud?.provider)} + icon={getCloudProviderIcon(data.cloud?.provider as CloudProvider)} keyValueList={cloudDetailsKeyValuePairs} onClickFilter={addKueryBarFilter} /> diff --git a/x-pack/plugins/apm/public/components/app/settings/agent_explorer/agent_list/index.tsx b/x-pack/plugins/apm/public/components/app/settings/agent_explorer/agent_list/index.tsx index 665d454c440fbd..10d2cec27ee16e 100644 --- a/x-pack/plugins/apm/public/components/app/settings/agent_explorer/agent_list/index.tsx +++ b/x-pack/plugins/apm/public/components/app/settings/agent_explorer/agent_list/index.tsx @@ -12,6 +12,7 @@ import { EuiIcon, EuiToolTip, } from '@elastic/eui'; +import { AgentIcon } from '@kbn/custom-icons'; import { i18n } from '@kbn/i18n'; import { isEmpty } from 'lodash'; import React, { useMemo, useState } from 'react'; @@ -20,7 +21,6 @@ import { AgentExplorerFieldName } from '../../../../../../common/agent_explorer' import { AgentName } from '../../../../../../typings/es_schemas/ui/fields/agent'; import { useApmPluginContext } from '../../../../../context/apm_plugin/use_apm_plugin_context'; import { APIReturnType } from '../../../../../services/rest/create_call_apm_api'; -import { AgentIcon } from '../../../../shared/agent_icon'; import { EnvironmentBadge } from '../../../../shared/environment_badge'; import { ItemsBadge } from '../../../../shared/item_badge'; import { ITableColumn, ManagedTable } from '../../../../shared/managed_table'; @@ -67,7 +67,10 @@ export function getAgentsColumns({ onAgentSelected(agent)} display={isSelected ? 'base' : 'empty'} @@ -96,7 +99,7 @@ export function getAgentsColumns({ content={ - + {serviceName} diff --git a/x-pack/plugins/apm/public/components/app/transaction_details/index.tsx b/x-pack/plugins/apm/public/components/app/transaction_details/index.tsx index 1c3ea3bf7e5f01..0b9a1190b1e15d 100644 --- a/x-pack/plugins/apm/public/components/app/transaction_details/index.tsx +++ b/x-pack/plugins/apm/public/components/app/transaction_details/index.tsx @@ -18,7 +18,7 @@ import { AggregatedTransactionsBadge } from '../../shared/aggregated_transaction import { TransactionCharts } from '../../shared/charts/transaction_charts'; import { replace } from '../../shared/links/url_helpers'; import { TransactionDetailsTabs } from './transaction_details_tabs'; -import { isServerlessAgent } from '../../../../common/agent_name'; +import { isServerlessAgentName } from '../../../../common/agent_name'; import { useLocalStorage } from '../../../hooks/use_local_storage'; import { SloCallout } from '../../shared/slo_callout'; @@ -63,7 +63,7 @@ export function TransactionDetails() { [apmRouter, path, query, transactionName] ); - const isServerless = isServerlessAgent(serverlessType); + const isServerless = isServerlessAgentName(serverlessType); const [sloCalloutDismissed, setSloCalloutDismissed] = useLocalStorage( 'apm.sloCalloutDismissed', false diff --git a/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/index.tsx b/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/index.tsx index 69ed7a63b0c5b7..abd6aee61f4079 100644 --- a/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/index.tsx +++ b/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/index.tsx @@ -13,10 +13,11 @@ import { useCriticalPathFeatureEnabledSetting } from '../../../../../hooks/use_c import { TechnicalPreviewBadge } from '../../../../shared/technical_preview_badge'; import { Waterfall } from './waterfall'; import { - IWaterfall, + type IWaterfall, WaterfallLegendType, } from './waterfall/waterfall_helpers/waterfall_helpers'; import { WaterfallLegends } from './waterfall_legends'; +import { MissingTransactionWarning } from './waterfall/missing_transaction_warning'; interface Props { waterfallItemId?: string; @@ -38,7 +39,7 @@ export function WaterfallContainer({ if (!waterfall) { return null; } - const { legends, items } = waterfall; + const { legends, items, hasOrphanTraceItems } = waterfall; // Service colors are needed to color the dot in the error popover const serviceLegends = legends.filter( @@ -108,7 +109,19 @@ export function WaterfallContainer({ ) : null} - + + + + + {hasOrphanTraceItems ? ( + + + + ) : null} + + + {i18n.translate( + 'xpack.apm.transactionDetails.agentMissingTransactionLabel', + { + defaultMessage: 'Incomplete trace', + } + )} + + + ); +} diff --git a/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.test.ts b/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.test.ts index df028ee3c8f782..208102b415e577 100644 --- a/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.test.ts +++ b/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.test.ts @@ -16,6 +16,7 @@ import { IWaterfallTransaction, IWaterfallError, IWaterfallSpanOrTransaction, + getHasOrphanTraceItems, } from './waterfall_helpers'; import { APMError } from '../../../../../../../../typings/es_schemas/ui/apm_error'; import { @@ -717,4 +718,46 @@ describe('waterfall_helpers', () => { expect(getClockSkew(child, parent)).toBe(0); }); }); + + describe('getHasOrphanTraceItems', () => { + const myTransactionItem = { + processor: { event: 'transaction' }, + trace: { id: 'myTrace' }, + transaction: { + id: 'myTransactionId1', + }, + } as WaterfallTransaction; + + it('should return false if there are no orphan items', () => { + const traceItems: Array = [ + myTransactionItem, + { + processor: { event: 'span' }, + span: { + id: 'mySpanId', + }, + parent: { + id: 'myTransactionId1', + }, + } as WaterfallSpan, + ]; + expect(getHasOrphanTraceItems(traceItems)).toBe(false); + }); + + it('should return true if there are orphan items', () => { + const traceItems: Array = [ + myTransactionItem, + { + processor: { event: 'span' }, + span: { + id: 'myOrphanSpanId', + }, + parent: { + id: 'myNotExistingTransactionId1', + }, + } as WaterfallSpan, + ]; + expect(getHasOrphanTraceItems(traceItems)).toBe(true); + }); + }); }); diff --git a/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.ts b/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.ts index 62a3ddb434ee6d..b197859ff1083e 100644 --- a/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.ts +++ b/x-pack/plugins/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.ts @@ -48,6 +48,7 @@ export interface IWaterfall { totalErrorsCount: number; traceDocsTotal: number; maxTraceItems: number; + hasOrphanTraceItems: boolean; } interface IWaterfallItemBase { @@ -191,7 +192,7 @@ export function getClockSkew( case 'error': case 'span': return parentItem.skew; - // transaction is the inital entry in a service. Calculate skew for this, and it will be propogated to all child spans + // transaction is the initial entry in a service. Calculate skew for this, and it will be propagated to all child spans case 'transaction': { const parentStart = parentItem.doc.timestamp.us + parentItem.skew; @@ -415,6 +416,22 @@ function getErrorCountByParentId( }, {}); } +export const getHasOrphanTraceItems = ( + traceDocs: Array +) => { + const waterfallItemsIds = new Set( + traceDocs.map((doc) => + doc.processor.event === 'span' + ? (doc?.span as WaterfallSpan['span']).id + : doc?.transaction?.id + ) + ); + + return traceDocs.some( + (item) => item.parent?.id && !waterfallItemsIds.has(item.parent.id) + ); +}; + export function getWaterfall(apiResponse: TraceAPIResponse): IWaterfall { const { traceItems, entryTransaction } = apiResponse; if (isEmpty(traceItems.traceDocs) || !entryTransaction) { @@ -429,6 +446,7 @@ export function getWaterfall(apiResponse: TraceAPIResponse): IWaterfall { totalErrorsCount: 0, traceDocsTotal: 0, maxTraceItems: 0, + hasOrphanTraceItems: false, }; } @@ -464,6 +482,8 @@ export function getWaterfall(apiResponse: TraceAPIResponse): IWaterfall { const duration = getWaterfallDuration(items); const legends = getLegends(items); + const hasOrphanTraceItems = getHasOrphanTraceItems(traceItems.traceDocs); + return { entryWaterfallTransaction, rootWaterfallTransaction, @@ -478,5 +498,6 @@ export function getWaterfall(apiResponse: TraceAPIResponse): IWaterfall { totalErrorsCount: traceItems.errorDocs.length, traceDocsTotal: traceItems.traceDocsTotal, maxTraceItems: traceItems.maxTraceItems, + hasOrphanTraceItems, }; } diff --git a/x-pack/plugins/apm/public/components/app/transaction_overview/index.tsx b/x-pack/plugins/apm/public/components/app/transaction_overview/index.tsx index 9981533eead4f5..372138c1273a90 100644 --- a/x-pack/plugins/apm/public/components/app/transaction_overview/index.tsx +++ b/x-pack/plugins/apm/public/components/app/transaction_overview/index.tsx @@ -8,7 +8,7 @@ import { EuiFlexGroup, EuiFlexItem, EuiPanel, EuiSpacer } from '@elastic/eui'; import React from 'react'; import { useHistory } from 'react-router-dom'; -import { isServerlessAgent } from '../../../../common/agent_name'; +import { isServerlessAgentName } from '../../../../common/agent_name'; import { useApmServiceContext } from '../../../context/apm_service/use_apm_service_context'; import { useApmParams } from '../../../hooks/use_apm_params'; import { useLocalStorage } from '../../../hooks/use_local_storage'; @@ -48,7 +48,7 @@ export function TransactionOverview() { replace(history, { query: { transactionType } }); } - const isServerless = isServerlessAgent(serverlessType); + const isServerless = isServerlessAgentName(serverlessType); const [sloCalloutDismissed, setSloCalloutDismissed] = useLocalStorage( 'apm.sloCalloutDismissed', diff --git a/x-pack/plugins/apm/public/components/fleet_integration/apm_agents/agent_instructions_accordion.tsx b/x-pack/plugins/apm/public/components/fleet_integration/apm_agents/agent_instructions_accordion.tsx index 3e4ddc36413c2b..237b31219c820f 100644 --- a/x-pack/plugins/apm/public/components/fleet_integration/apm_agents/agent_instructions_accordion.tsx +++ b/x-pack/plugins/apm/public/components/fleet_integration/apm_agents/agent_instructions_accordion.tsx @@ -18,12 +18,12 @@ import { i18n } from '@kbn/i18n'; import React, { ComponentType } from 'react'; import styled from 'styled-components'; import { Markdown, useKibana } from '@kbn/kibana-react-plugin/public'; +import { AgentIcon } from '@kbn/custom-icons'; import { AgentRuntimeAttachmentProps, CreateAgentInstructions, } from './agent_instructions_mappings'; import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent'; -import { AgentIcon } from '../../shared/agent_icon'; import type { NewPackagePolicy, PackagePolicy, diff --git a/x-pack/plugins/apm/public/components/routing/templates/apm_service_template/index.tsx b/x-pack/plugins/apm/public/components/routing/templates/apm_service_template/index.tsx index b5261eb55826f9..fa5e43980ce14b 100644 --- a/x-pack/plugins/apm/public/components/routing/templates/apm_service_template/index.tsx +++ b/x-pack/plugins/apm/public/components/routing/templates/apm_service_template/index.tsx @@ -24,10 +24,10 @@ import { useHistory } from 'react-router-dom'; import { isMobileAgentName, isRumAgentName, - isAWSLambdaAgent, - isAzureFunctionsAgent, - isServerlessAgent, - isRumOrMobileAgent, + isAWSLambdaAgentName, + isAzureFunctionsAgentName, + isServerlessAgentName, + isRumOrMobileAgentName, } from '../../../../../common/agent_name'; import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plugin_context'; import { ApmServiceContextProvider } from '../../../../context/apm_service/apm_service_context'; @@ -185,13 +185,13 @@ export function isMetricsTabHidden({ serverlessType?: ServerlessType; isAwsLambdaEnabled?: boolean; }) { - if (isAWSLambdaAgent(serverlessType)) { + if (isAWSLambdaAgentName(serverlessType)) { return !isAwsLambdaEnabled; } return ( !agentName || isRumAgentName(agentName) || - isAzureFunctionsAgent(serverlessType) + isAzureFunctionsAgentName(serverlessType) ); } @@ -207,7 +207,7 @@ export function isInfraTabHidden({ return ( !agentName || isRumAgentName(agentName) || - isServerlessAgent(serverlessType) || + isServerlessAgentName(serverlessType) || !isInfraTabAvailable ); } @@ -320,7 +320,7 @@ function useTabs({ selectedTab }: { selectedTab: Tab['key'] }) { label: i18n.translate('xpack.apm.serviceDetails.metricsTabLabel', { defaultMessage: 'Metrics', }), - append: isServerlessAgent(serverlessType) && ( + append: isServerlessAgentName(serverlessType) && ( ), hidden: isMetricsTabHidden({ @@ -364,13 +364,13 @@ function useTabs({ selectedTab }: { selectedTab: Tab['key'] }) { label: i18n.translate('xpack.apm.home.serviceLogsTabLabel', { defaultMessage: 'Logs', }), - append: isServerlessAgent(serverlessType) && ( + append: isServerlessAgentName(serverlessType) && ( ), hidden: !agentName || isRumAgentName(agentName) || - isAzureFunctionsAgent(serverlessType), + isAzureFunctionsAgentName(serverlessType), }, { key: 'alerts', @@ -408,8 +408,8 @@ function useTabs({ selectedTab }: { selectedTab: Tab['key'] }) { }), hidden: !isProfilingAvailable || - isRumOrMobileAgent(agentName) || - isAWSLambdaAgent(serverlessType), + isRumOrMobileAgentName(agentName) || + isAWSLambdaAgentName(serverlessType), append: ( {i18n.translate('xpack.apm.universalProfiling.newLabel', { diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/agent_icon.stories.tsx b/x-pack/plugins/apm/public/components/shared/agent_icon/agent_icon.stories.tsx deleted file mode 100644 index be4dad7f1642a7..00000000000000 --- a/x-pack/plugins/apm/public/components/shared/agent_icon/agent_icon.stories.tsx +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - EuiCard, - EuiFlexGroup, - EuiFlexItem, - EuiImage, - EuiToolTip, -} from '@elastic/eui'; -import type { Story } from '@storybook/react'; -import React from 'react'; -import { AGENT_NAMES } from '../../../../common/agent_name'; -import { getAgentIcon } from './get_agent_icon'; -import { AgentIcon } from '.'; -import { MockApmPluginStorybook } from '../../../context/apm_plugin/mock_apm_plugin_storybook'; - -export default { - title: 'shared/AgentIcon', - component: AgentIcon, -}; - -export const List: Story = () => { - return ( - - - {AGENT_NAMES.map((agentName) => { - return ( - - -

- - - -

- - } - title={agentName} - description={ -
- - - -
- } - /> - - ); - })} - - - ); -}; diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/get_serverless_icon.ts b/x-pack/plugins/apm/public/components/shared/agent_icon/get_serverless_icon.ts deleted file mode 100644 index 70af655b9f34da..00000000000000 --- a/x-pack/plugins/apm/public/components/shared/agent_icon/get_serverless_icon.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import defaultIcon from '../span_icon/icons/default.svg'; -import lambdaIcon from './icons/lambda.svg'; -import azureFunctionsIcon from './icons/functions.svg'; -import { ServerlessType } from '../../../../common/serverless'; - -type ServerlessIcons = Record; - -const serverlessIcons: ServerlessIcons = { - 'aws.lambda': lambdaIcon, - 'azure.functions': azureFunctionsIcon, -}; - -export function getServerlessIcon(serverlessType?: ServerlessType) { - if (!serverlessType) { - return defaultIcon; - } - return serverlessIcons[serverlessType] ?? defaultIcon; -} diff --git a/x-pack/plugins/apm/public/components/shared/agent_icon/index.tsx b/x-pack/plugins/apm/public/components/shared/agent_icon/index.tsx deleted file mode 100644 index b995e2bbe7cfab..00000000000000 --- a/x-pack/plugins/apm/public/components/shared/agent_icon/index.tsx +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { EuiIcon, EuiIconProps } from '@elastic/eui'; -import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent'; -import { getAgentIcon } from './get_agent_icon'; -import { useTheme } from '../../../hooks/use_theme'; - -interface Props { - agentName?: AgentName; - size?: EuiIconProps['size']; -} - -export function AgentIcon(props: Props) { - const { agentName, size = 'l' } = props; - const theme = useTheme(); - const icon = getAgentIcon(agentName, theme.darkMode); - - return ; -} diff --git a/x-pack/plugins/apm/public/components/shared/critical_path_flamegraph/critical_path_flamegraph_tooltip.tsx b/x-pack/plugins/apm/public/components/shared/critical_path_flamegraph/critical_path_flamegraph_tooltip.tsx index e4687719cdfc38..3551bffd07f043 100644 --- a/x-pack/plugins/apm/public/components/shared/critical_path_flamegraph/critical_path_flamegraph_tooltip.tsx +++ b/x-pack/plugins/apm/public/components/shared/critical_path_flamegraph/critical_path_flamegraph_tooltip.tsx @@ -14,6 +14,7 @@ import { import React from 'react'; import { ProcessorEvent } from '@kbn/observability-plugin/common'; import { i18n } from '@kbn/i18n'; +import { AgentIcon } from '@kbn/custom-icons'; import type { CriticalPathResponse } from '../../../../server/routes/traces/get_aggregated_critical_path'; import { AGENT_NAME, @@ -25,7 +26,6 @@ import { TRANSACTION_TYPE, } from '../../../../common/es_fields/apm'; import { SpanIcon } from '../span_icon'; -import { AgentIcon } from '../agent_icon'; import { asPercent } from '../../../../common/utils/formatters'; export function CriticalPathFlamegraphTooltip({ @@ -86,7 +86,7 @@ export function CriticalPathFlamegraphTooltip({ - + {metadata[SERVICE_NAME]} diff --git a/x-pack/plugins/apm/public/components/shared/links/apm/service_link/index.tsx b/x-pack/plugins/apm/public/components/shared/links/apm/service_link/index.tsx index c3474f18d794cf..4cf6363811f8fc 100644 --- a/x-pack/plugins/apm/public/components/shared/links/apm/service_link/index.tsx +++ b/x-pack/plugins/apm/public/components/shared/links/apm/service_link/index.tsx @@ -6,6 +6,7 @@ */ import { EuiFlexGroup, EuiFlexItem, EuiLink, EuiText } from '@elastic/eui'; +import { AgentIcon } from '@kbn/custom-icons'; import { i18n } from '@kbn/i18n'; import { euiStyled } from '@kbn/kibana-react-plugin/common'; import { TypeOf } from '@kbn/typed-react-router-config'; @@ -16,7 +17,6 @@ import { AgentName } from '../../../../../../typings/es_schemas/ui/fields/agent' import { useApmRouter } from '../../../../../hooks/use_apm_router'; import { truncate, unit } from '../../../../../utils/style'; import { ApmRoutes } from '../../../../routing/apm_route_config'; -import { AgentIcon } from '../../../agent_icon'; import { PopoverTooltip } from '../../../popover_tooltip'; import { TruncateWithTooltip } from '../../../truncate_with_tooltip'; import { OTHER_SERVICE_NAME, MaxGroupsMessage } from '../max_groups_message'; @@ -88,7 +88,7 @@ export function ServiceLink({ > - + {serviceName} diff --git a/x-pack/plugins/apm/public/components/shared/links/discover_links/discover_link.tsx b/x-pack/plugins/apm/public/components/shared/links/discover_links/discover_link.tsx index dccce740b62d3c..1f066d1322eb62 100644 --- a/x-pack/plugins/apm/public/components/shared/links/discover_links/discover_link.tsx +++ b/x-pack/plugins/apm/public/components/shared/links/discover_links/discover_link.tsx @@ -12,7 +12,7 @@ import React from 'react'; import { useLocation } from 'react-router-dom'; import rison from '@kbn/rison'; import url from 'url'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../../common/data_view_constants'; +import { useDataViewId } from '../../../../hooks/use_data_view_id'; import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plugin_context'; import { getTimepickerRisonData } from '../rison_helpers'; @@ -37,16 +37,18 @@ export const getDiscoverHref = ({ basePath, location, query, + dataViewId, }: { basePath: IBasePath; location: Location; query: Props['query']; + dataViewId: string; }) => { const risonQuery = { _g: getTimepickerRisonData(location.search), _a: { ...query._a, - index: APM_STATIC_DATA_VIEW_ID, + index: dataViewId, }, }; @@ -62,11 +64,13 @@ export const getDiscoverHref = ({ export function DiscoverLink({ query = {}, ...rest }: Props) { const { core } = useApmPluginContext(); const location = useLocation(); + const dataViewId = useDataViewId(); const href = getDiscoverHref({ basePath: core.http.basePath, query, location, + dataViewId, }); return ; diff --git a/x-pack/plugins/apm/public/components/shared/links/discover_links/discover_links.integration.test.tsx b/x-pack/plugins/apm/public/components/shared/links/discover_links/discover_links.integration.test.tsx index dfd14e3a172b98..f4d95a87df5dcc 100644 --- a/x-pack/plugins/apm/public/components/shared/links/discover_links/discover_links.integration.test.tsx +++ b/x-pack/plugins/apm/public/components/shared/links/discover_links/discover_links.integration.test.tsx @@ -35,7 +35,7 @@ describe('DiscoverLinks', () => { ); expect(href).toMatchInlineSnapshot( - `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:'processor.event:\\"transaction\\" AND transaction.id:\\"8b60bd32ecc6e150\\" AND trace.id:\\"8b60bd32ecc6e1506735a8b6cfcf175c\\"'))"` + `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:'processor.event:\\"transaction\\" AND transaction.id:\\"8b60bd32ecc6e150\\" AND trace.id:\\"8b60bd32ecc6e1506735a8b6cfcf175c\\"'))"` ); }); @@ -55,7 +55,7 @@ describe('DiscoverLinks', () => { ); expect(href).toMatchInlineSnapshot( - `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:'span.id:\\"test-span-id\\"'))"` + `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:'span.id:\\"test-span-id\\"'))"` ); }); @@ -77,7 +77,7 @@ describe('DiscoverLinks', () => { ); expect(href).toMatchInlineSnapshot( - `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:'service.name:\\"service-name\\" AND error.grouping_key:\\"grouping-key\\"'),sort:('@timestamp':desc))"` + `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:'service.name:\\"service-name\\" AND error.grouping_key:\\"grouping-key\\"'),sort:('@timestamp':desc))"` ); }); @@ -100,7 +100,7 @@ describe('DiscoverLinks', () => { ); expect(href).toMatchInlineSnapshot( - `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:'service.name:\\"service-name\\" AND error.grouping_key:\\"grouping-key\\" AND some:kuery-string'),sort:('@timestamp':desc))"` + `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:'service.name:\\"service-name\\" AND error.grouping_key:\\"grouping-key\\" AND some:kuery-string'),sort:('@timestamp':desc))"` ); }); }); diff --git a/x-pack/plugins/apm/public/components/shared/service_icons/index.tsx b/x-pack/plugins/apm/public/components/shared/service_icons/index.tsx index a77c6b9c7c6045..3ce8e3032db696 100644 --- a/x-pack/plugins/apm/public/components/shared/service_icons/index.tsx +++ b/x-pack/plugins/apm/public/components/shared/service_icons/index.tsx @@ -7,12 +7,16 @@ import { EuiFlexGroup, EuiFlexItem, EuiLoadingSpinner } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; +import { + CloudProvider, + getAgentIcon, + getCloudProviderIcon, + getServerlessIcon, +} from '@kbn/custom-icons'; import React, { ReactChild, useState } from 'react'; import { useTheme } from '../../../hooks/use_theme'; import { ContainerType } from '../../../../common/service_metadata'; import { FETCH_STATUS, useFetcher } from '../../../hooks/use_fetcher'; -import { getAgentIcon } from '../agent_icon/get_agent_icon'; -import { getServerlessIcon } from '../agent_icon/get_serverless_icon'; import { CloudDetails } from './cloud_details'; import { ServerlessDetails } from './serverless_details'; import { ContainerDetails } from './container_details'; @@ -21,7 +25,6 @@ import { IconPopover } from './icon_popover'; import { ServiceDetails } from './service_details'; import { ServerlessType } from '../../../../common/serverless'; import { isOpenTelemetryAgentName } from '../../../../common/agent_name'; -import openTelemetryIcon from '../agent_icon/icons/opentelemetry.svg'; interface Props { serviceName: string; @@ -30,12 +33,6 @@ interface Props { end: string; } -const cloudIcons: Record = { - gcp: 'logoGCP', - aws: 'logoAWS', - azure: 'logoAzure', -}; - function getServerlessTitle(serverlessType?: ServerlessType): string { switch (serverlessType) { case ServerlessType.AWS_LAMBDA: { @@ -56,12 +53,6 @@ function getServerlessTitle(serverlessType?: ServerlessType): string { } } -export function getCloudIcon(provider?: string) { - if (provider) { - return cloudIcons[provider]; - } -} - export function getContainerIcon(container?: ContainerType) { if (!container) { return; @@ -155,7 +146,7 @@ export function ServiceIcons({ start, end, serviceName, environment }: Props) { { key: 'opentelemetry', icon: { - type: openTelemetryIcon, + type: getAgentIcon('opentelemetry', theme.darkMode), }, isVisible: !!icons?.agentName && isOpenTelemetryAgentName(icons.agentName), @@ -197,7 +188,7 @@ export function ServiceIcons({ start, end, serviceName, environment }: Props) { { key: 'cloud', icon: { - type: getCloudIcon(icons?.cloudProvider), + type: getCloudProviderIcon(icons?.cloudProvider as CloudProvider), }, isVisible: !!icons?.cloudProvider, title: i18n.translate('xpack.apm.serviceIcons.cloud', { diff --git a/x-pack/plugins/apm/public/components/shared/span_icon/get_span_icon.ts b/x-pack/plugins/apm/public/components/shared/span_icon/get_span_icon.ts index 5c719d51d457e6..8952c7b789777d 100644 --- a/x-pack/plugins/apm/public/components/shared/span_icon/get_span_icon.ts +++ b/x-pack/plugins/apm/public/components/shared/span_icon/get_span_icon.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { getAgentIcon } from '@kbn/custom-icons'; import { maybe } from '../../../../common/utils/maybe'; import awsIcon from './icons/aws.svg'; import cassandraIcon from './icons/cassandra.svg'; @@ -22,7 +23,6 @@ import mysqlIcon from './icons/mysql.svg'; import postgresqlIcon from './icons/postgresql.svg'; import redisIcon from './icons/redis.svg'; import websocketIcon from './icons/websocket.svg'; -import javaIcon from '../agent_icon/icons/java.svg'; import dynamodbIcon from './icons/dynamo_db.svg'; import sThreeIcon from './icons/s3.svg'; import snsIcon from './icons/sns.svg'; @@ -70,7 +70,7 @@ export const spanTypeIcons: { messaging: { azurequeue: storageQueueIcon, azureservicebus: serviceBusIcon, - jms: javaIcon, + jms: getAgentIcon('java'), kafka: kafkaIcon, sns: snsIcon, sqs: sqsIcon, diff --git a/x-pack/plugins/apm/public/components/shared/transaction_action_menu/sections.test.ts b/x-pack/plugins/apm/public/components/shared/transaction_action_menu/sections.test.ts index fe8cb9d68fdfb6..7d7a720f27cfcd 100644 --- a/x-pack/plugins/apm/public/components/shared/transaction_action_menu/sections.test.ts +++ b/x-pack/plugins/apm/public/components/shared/transaction_action_menu/sections.test.ts @@ -77,6 +77,7 @@ describe('Transaction action menu', () => { rangeFrom: 'now-24h', rangeTo: 'now', environment: 'ENVIRONMENT_ALL', + dataViewId: 'apm_static_data_view_id_default', }) ).toEqual([ [ @@ -113,7 +114,7 @@ describe('Transaction action menu', () => { { key: 'sampleDocument', label: 'View transaction in Discover', - href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', + href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', condition: true, }, ], @@ -145,6 +146,7 @@ describe('Transaction action menu', () => { rangeFrom: 'now-24h', rangeTo: 'now', environment: 'ENVIRONMENT_ALL', + dataViewId: 'apm_static_data_view_id_default', }) ).toEqual([ [ @@ -200,7 +202,7 @@ describe('Transaction action menu', () => { { key: 'sampleDocument', label: 'View transaction in Discover', - href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', + href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', condition: true, }, ], @@ -232,6 +234,7 @@ describe('Transaction action menu', () => { rangeFrom: 'now-24h', rangeTo: 'now', environment: 'ENVIRONMENT_ALL', + dataViewId: 'apm_static_data_view_id_default', }) ).toEqual([ [ @@ -286,7 +289,7 @@ describe('Transaction action menu', () => { { key: 'sampleDocument', label: 'View transaction in Discover', - href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', + href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', condition: true, }, ], diff --git a/x-pack/plugins/apm/public/components/shared/transaction_action_menu/sections.ts b/x-pack/plugins/apm/public/components/shared/transaction_action_menu/sections.ts index a944a80a458f70..b50bbd5239ccb6 100644 --- a/x-pack/plugins/apm/public/components/shared/transaction_action_menu/sections.ts +++ b/x-pack/plugins/apm/public/components/shared/transaction_action_menu/sections.ts @@ -55,6 +55,7 @@ export const getSections = ({ allDatasetsLocator, logsLocator, nodeLogsLocator, + dataViewId, }: { transaction?: Transaction; basePath: IBasePath; @@ -68,6 +69,7 @@ export const getSections = ({ allDatasetsLocator: LocatorPublic; logsLocator: LocatorPublic; nodeLogsLocator: LocatorPublic; + dataViewId: string; }) => { if (!transaction) return []; @@ -271,6 +273,7 @@ export const getSections = ({ basePath, query: getDiscoverQuery(transaction), location, + dataViewId, }), condition: true, }, diff --git a/x-pack/plugins/apm/public/components/shared/transaction_action_menu/transaction_action_menu.tsx b/x-pack/plugins/apm/public/components/shared/transaction_action_menu/transaction_action_menu.tsx index 02664e370b9c35..7895fdf7d059d1 100644 --- a/x-pack/plugins/apm/public/components/shared/transaction_action_menu/transaction_action_menu.tsx +++ b/x-pack/plugins/apm/public/components/shared/transaction_action_menu/transaction_action_menu.tsx @@ -32,6 +32,7 @@ import { NodeLogsLocatorParams, } from '@kbn/logs-shared-plugin/common'; import type { ProfilingLocators } from '@kbn/observability-shared-plugin/public'; +import { useDataViewId } from '../../../hooks/use_data_view_id'; import { useAnyOfApmParams } from '../../../hooks/use_apm_params'; import { ApmFeatureFlagName } from '../../../../common/apm_feature_flags'; import { Transaction } from '../../../../typings/es_schemas/ui/transaction'; @@ -138,6 +139,7 @@ function ActionMenuSections({ const { core, uiActions, share } = useApmPluginContext(); const location = useLocation(); const apmRouter = useApmRouter(); + const dataViewId = useDataViewId(); const allDatasetsLocator = share.url.locators.get( ALL_DATASETS_LOCATOR_ID @@ -173,6 +175,7 @@ function ActionMenuSections({ allDatasetsLocator, logsLocator, nodeLogsLocator, + dataViewId, }); const externalMenuItems = useAsync(() => { diff --git a/x-pack/plugins/apm/public/hooks/use_apm_data_view.ts b/x-pack/plugins/apm/public/hooks/use_apm_data_view.ts index 2f2d14714e513e..57ad95dce2a5a4 100644 --- a/x-pack/plugins/apm/public/hooks/use_apm_data_view.ts +++ b/x-pack/plugins/apm/public/hooks/use_apm_data_view.ts @@ -12,11 +12,11 @@ import { useEffect, useState } from 'react'; import { ApmPluginStartDeps } from '../plugin'; import { callApmApi } from '../services/rest/create_call_apm_api'; -async function getApmDataViewTitle() { - const res = await callApmApi('GET /internal/apm/data_view/title', { +async function getApmDataViewIndexPattern() { + const res = await callApmApi('GET /internal/apm/data_view/index_pattern', { signal: null, }); - return res.apmDataViewTitle; + return res.apmDataViewIndexPattern; } export function useApmDataView() { @@ -25,11 +25,11 @@ export function useApmDataView() { useEffect(() => { async function fetchDataView() { - const title = await getApmDataViewTitle(); + const indexPattern = await getApmDataViewIndexPattern(); try { const displayError = false; return await services.dataViews.create( - { title }, + { title: indexPattern }, undefined, displayError ); diff --git a/x-pack/plugins/apm/public/hooks/use_data_view_id.tsx b/x-pack/plugins/apm/public/hooks/use_data_view_id.tsx new file mode 100644 index 00000000000000..3390471ff60e79 --- /dev/null +++ b/x-pack/plugins/apm/public/hooks/use_data_view_id.tsx @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { useKibana } from '@kbn/kibana-react-plugin/public'; +import { useEffect, useState } from 'react'; +import { getDataViewId } from '../../common/data_view_constants'; +import { ApmPluginStartDeps } from '../plugin'; + +export function useDataViewId() { + const [dataViewId, setDataViewId] = useState( + getDataViewId('default') + ); + const { spaces } = useKibana().services; + + useEffect(() => { + const fetchSpaceId = async () => { + const space = await spaces?.getActiveSpace(); + setDataViewId(getDataViewId(space?.id ?? 'default')); + }; + + fetchSpaceId(); + }, [spaces]); + + return dataViewId; +} diff --git a/x-pack/plugins/apm/server/lib/apm_telemetry/types.ts b/x-pack/plugins/apm/server/lib/apm_telemetry/types.ts index fc6cfe8d3ee479..e27486c1e6454d 100644 --- a/x-pack/plugins/apm/server/lib/apm_telemetry/types.ts +++ b/x-pack/plugins/apm/server/lib/apm_telemetry/types.ts @@ -6,10 +6,7 @@ */ import { DeepPartial } from 'utility-types'; -import { - AgentName, - ElasticAgentName, -} from '../../../typings/es_schemas/ui/fields/agent'; +import { AgentName, ElasticAgentName } from '@kbn/elastic-agent-utils'; import { RollupInterval } from '../../../common/rollup'; export interface TimeframeMap { diff --git a/x-pack/plugins/apm/server/plugin.ts b/x-pack/plugins/apm/server/plugin.ts index 525b2c5e2cbc52..07010d5f8dc5b4 100644 --- a/x-pack/plugins/apm/server/plugin.ts +++ b/x-pack/plugins/apm/server/plugin.ts @@ -11,7 +11,6 @@ import { Logger, Plugin, PluginInitializerContext, - SavedObjectsClient, } from '@kbn/core/server'; import { isEmpty, mapValues } from 'lodash'; import { Dataset } from '@kbn/rule-registry-plugin/server'; @@ -50,7 +49,6 @@ import { scheduleSourceMapMigration } from './routes/source_maps/schedule_source import { createApmSourceMapIndexTemplate } from './routes/source_maps/create_apm_source_map_index_template'; import { addApiKeysToEveryPackagePolicyIfMissing } from './routes/fleet/api_keys/add_api_keys_to_policies_if_missing'; import { apmTutorialCustomIntegration } from '../common/tutorial/tutorials'; -import { APM_STATIC_DATA_VIEW_ID } from '../common/data_view_constants'; export class APMPlugin implements @@ -123,26 +121,6 @@ export class APMPlugin ], }); - // ensure that the APM data view is globally available - getCoreStart() - .then(async (coreStart) => { - const soClient = new SavedObjectsClient( - coreStart.savedObjects.createInternalRepository() - ); - - await soClient.updateObjectsSpaces( - [{ id: APM_STATIC_DATA_VIEW_ID, type: 'index-pattern' }], - ['*'], - [] - ); - }) - .catch((e) => { - this.logger?.error( - 'Failed to make APM data view available globally', - e - ); - }); - const resourcePlugins = mapValues(plugins, (value, key) => { return { setup: value, diff --git a/x-pack/plugins/apm/server/routes/data_view/create_static_data_view.test.ts b/x-pack/plugins/apm/server/routes/data_view/create_static_data_view.test.ts index 714f97b1a4801a..c3c1d7f124a54d 100644 --- a/x-pack/plugins/apm/server/routes/data_view/create_static_data_view.test.ts +++ b/x-pack/plugins/apm/server/routes/data_view/create_static_data_view.test.ts @@ -5,20 +5,22 @@ * 2.0. */ -import { createStaticDataView } from './create_static_data_view'; -import * as HistoricalAgentData from '../historical_data/has_historical_agent_data'; +import type { APMIndices } from '@kbn/apm-data-access-plugin/server'; +import { Logger } from '@kbn/core/server'; import { DataViewsService } from '@kbn/data-views-plugin/common'; -import { APMCore } from '../typings'; import { APMEventClient } from '../../lib/helpers/create_es_client/create_apm_event_client'; -import type { APMIndices } from '@kbn/apm-data-access-plugin/server'; import { APMRouteHandlerResources } from '../apm_routes/register_apm_server_routes'; +import * as HistoricalAgentData from '../historical_data/has_historical_agent_data'; +import { APMCore } from '../typings'; +import { createStaticDataView } from './create_static_data_view'; function getMockedDataViewService(existingDataViewTitle: string) { return { get: jest.fn(() => ({ - title: existingDataViewTitle, + getIndexPattern: () => existingDataViewTitle, })), createAndSave: jest.fn(), + delete: () => {}, } as unknown as DataViewsService; } @@ -36,6 +38,10 @@ const coreMock = { }, } as unknown as APMCore; +const logger = { + info: jest.fn, +} as unknown as Logger; + const apmEventClientMock = { search: jest.fn(), indices: { @@ -55,6 +61,8 @@ describe('createStaticDataView', () => { config: { autoCreateApmDataView: false }, } as APMRouteHandlerResources, dataViewService, + spaceId: 'default', + logger, }); expect(dataViewService.createAndSave).not.toHaveBeenCalled(); }); @@ -73,6 +81,8 @@ describe('createStaticDataView', () => { config: { autoCreateApmDataView: false }, } as APMRouteHandlerResources, dataViewService, + spaceId: 'default', + logger, }); expect(dataViewService.createAndSave).not.toHaveBeenCalled(); }); @@ -92,6 +102,8 @@ describe('createStaticDataView', () => { config: { autoCreateApmDataView: true }, } as APMRouteHandlerResources, dataViewService, + spaceId: 'default', + logger, }); expect(dataViewService.createAndSave).toHaveBeenCalled(); @@ -114,6 +126,8 @@ describe('createStaticDataView', () => { config: { autoCreateApmDataView: true }, } as APMRouteHandlerResources, dataViewService, + spaceId: 'default', + logger, }); expect(dataViewService.get).toHaveBeenCalled(); @@ -143,6 +157,8 @@ describe('createStaticDataView', () => { config: { autoCreateApmDataView: true }, } as APMRouteHandlerResources, dataViewService, + spaceId: 'default', + logger, }); expect(dataViewService.get).toHaveBeenCalled(); diff --git a/x-pack/plugins/apm/server/routes/data_view/create_static_data_view.ts b/x-pack/plugins/apm/server/routes/data_view/create_static_data_view.ts index 715a568eaf6bdf..5f2cf097f3e2e0 100644 --- a/x-pack/plugins/apm/server/routes/data_view/create_static_data_view.ts +++ b/x-pack/plugins/apm/server/routes/data_view/create_static_data_view.ts @@ -5,18 +5,21 @@ * 2.0. */ -import { SavedObjectsErrorHelpers } from '@kbn/core/server'; +import { Logger, SavedObjectsErrorHelpers } from '@kbn/core/server'; import { DataView, DataViewsService } from '@kbn/data-views-plugin/common'; import { i18n } from '@kbn/i18n'; +import { + DO_NOT_USE_LEGACY_APM_STATIC_DATA_VIEW_ID, + getDataViewId, +} from '../../../common/data_view_constants'; import { TRACE_ID, TRANSACTION_ID, TRANSACTION_DURATION, } from '../../../common/es_fields/apm'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../common/data_view_constants'; import { hasHistoricalAgentData } from '../historical_data/has_historical_agent_data'; import { withApmSpan } from '../../utils/with_apm_span'; -import { getApmDataViewTitle } from './get_apm_data_view_title'; +import { getApmDataViewIndexPattern } from './get_apm_data_view_index_pattern'; import { APMEventClient } from '../../lib/helpers/create_es_client/create_apm_event_client'; import { APMRouteHandlerResources } from '../apm_routes/register_apm_server_routes'; @@ -29,12 +32,18 @@ export async function createStaticDataView({ dataViewService, resources, apmEventClient, + spaceId, + logger, }: { dataViewService: DataViewsService; resources: APMRouteHandlerResources; apmEventClient: APMEventClient; + spaceId: string; + logger: Logger; }): CreateDataViewResponse { const { config } = resources; + const dataViewId = getDataViewId(spaceId); + logger.info(`create static data view ${dataViewId}`); return withApmSpan('create_static_data_view', async () => { // don't auto-create APM data view if it's been disabled via the config @@ -61,10 +70,13 @@ export async function createStaticDataView({ }; } - const apmDataViewTitle = getApmDataViewTitle(apmEventClient.indices); + const apmDataViewIndexPattern = getApmDataViewIndexPattern( + apmEventClient.indices + ); const shouldCreateOrUpdate = await getShouldCreateOrUpdate({ - apmDataViewTitle, + apmDataViewIndexPattern, dataViewService, + dataViewId, }); if (!shouldCreateOrUpdate) { @@ -72,52 +84,48 @@ export async function createStaticDataView({ created: false, reason: i18n.translate( 'xpack.apm.dataView.alreadyExistsInActiveSpace', - { defaultMessage: 'Dataview already exists in the active space' } + { + defaultMessage: + 'Dataview already exists in the active space and does not need to be updated', + } ), }; } - return await withApmSpan('create_data_view', async () => { - try { - const dataView = await createAndSaveStaticDataView({ - dataViewService, - apmDataViewTitle, - }); - - await addDataViewToAllSpaces(resources); - - return { created: true, dataView }; - } catch (e) { - // if the data view (saved object) already exists a conflict error (code: 409) will be thrown - if (SavedObjectsErrorHelpers.isConflictError(e)) { - return { - created: false, - reason: i18n.translate( - 'xpack.apm.dataView.alreadyExistsInAnotherSpace', - { - defaultMessage: - 'Dataview already exists in another space but is not made available in this space', - } - ), - }; - } + // delete legacy global data view + + const dataView = await createAndSaveStaticDataView({ + dataViewService, + apmDataViewIndexPattern, + dataViewId, + }); + + try { + await dataViewService.delete(DO_NOT_USE_LEGACY_APM_STATIC_DATA_VIEW_ID); + } catch (e) { + // swallow error if caused by the data view (saved object) not existing + if (!SavedObjectsErrorHelpers.isNotFoundError(e)) { throw e; } - }); + } + + return { created: true, dataView }; }); } // only create data view if it doesn't exist or was changed async function getShouldCreateOrUpdate({ dataViewService, - apmDataViewTitle, + apmDataViewIndexPattern, + dataViewId, }: { dataViewService: DataViewsService; - apmDataViewTitle: string; + apmDataViewIndexPattern: string; + dataViewId: string; }) { try { - const existingDataView = await dataViewService.get(APM_STATIC_DATA_VIEW_ID); - return existingDataView.title !== apmDataViewTitle; + const existingDataView = await dataViewService.get(dataViewId); + return existingDataView.getIndexPattern() !== apmDataViewIndexPattern; } catch (e) { // ignore exception if the data view (saved object) is not found if (SavedObjectsErrorHelpers.isNotFoundError(e)) { @@ -128,32 +136,21 @@ async function getShouldCreateOrUpdate({ } } -async function addDataViewToAllSpaces(resources: APMRouteHandlerResources) { - const { request, core } = resources; - const startServices = await core.start(); - const scopedClient = startServices.savedObjects.getScopedClient(request); - - // make data view available across all spaces - return scopedClient.updateObjectsSpaces( - [{ id: APM_STATIC_DATA_VIEW_ID, type: 'index-pattern' }], - ['*'], - [] - ); -} - function createAndSaveStaticDataView({ dataViewService, - apmDataViewTitle, + apmDataViewIndexPattern, + dataViewId, }: { dataViewService: DataViewsService; - apmDataViewTitle: string; + apmDataViewIndexPattern: string; + dataViewId: string; }) { return dataViewService.createAndSave( { allowNoIndex: true, - id: APM_STATIC_DATA_VIEW_ID, + id: dataViewId, name: 'APM', - title: apmDataViewTitle, + title: apmDataViewIndexPattern, timeFieldName: '@timestamp', // link to APM from Discover diff --git a/x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_title.test.ts b/x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_index_pattern.test.ts similarity index 69% rename from x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_title.test.ts rename to x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_index_pattern.test.ts index a8dc25e4930069..e7a0ee915c8ccd 100644 --- a/x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_title.test.ts +++ b/x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_index_pattern.test.ts @@ -6,23 +6,23 @@ */ import type { APMIndices } from '@kbn/apm-data-access-plugin/server'; -import { getApmDataViewTitle } from './get_apm_data_view_title'; +import { getApmDataViewIndexPattern } from './get_apm_data_view_index_pattern'; -describe('getApmDataViewTitle', () => { - it('returns a data view title by combining existing indicies', () => { - const title = getApmDataViewTitle({ +describe('getApmDataViewIndexPattern', () => { + it('returns a data view index pattern by combining existing indices', () => { + const indexPattern = getApmDataViewIndexPattern({ transaction: 'apm-*-transaction-*', span: 'apm-*-span-*', error: 'apm-*-error-*', metric: 'apm-*-metrics-*', } as APMIndices); - expect(title).toBe( + expect(indexPattern).toBe( 'apm-*-transaction-*,apm-*-span-*,apm-*-error-*,apm-*-metrics-*' ); }); it('removes duplicates', () => { - const title = getApmDataViewTitle({ + const title = getApmDataViewIndexPattern({ transaction: 'apm-*', span: 'apm-*', error: 'apm-*', diff --git a/x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_title.ts b/x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_index_pattern.ts similarity index 87% rename from x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_title.ts rename to x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_index_pattern.ts index 3061a1ac15714b..b5c3fa0f73d280 100644 --- a/x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_title.ts +++ b/x-pack/plugins/apm/server/routes/data_view/get_apm_data_view_index_pattern.ts @@ -8,7 +8,7 @@ import { uniq } from 'lodash'; import type { APMIndices } from '@kbn/apm-data-access-plugin/server'; -export function getApmDataViewTitle(apmIndices: APMIndices) { +export function getApmDataViewIndexPattern(apmIndices: APMIndices) { return uniq([ apmIndices.transaction, apmIndices.span, diff --git a/x-pack/plugins/apm/server/routes/data_view/route.ts b/x-pack/plugins/apm/server/routes/data_view/route.ts index 388884c4f5761a..429b74c99e63a1 100644 --- a/x-pack/plugins/apm/server/routes/data_view/route.ts +++ b/x-pack/plugins/apm/server/routes/data_view/route.ts @@ -5,22 +5,32 @@ * 2.0. */ +import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common'; import { CreateDataViewResponse, createStaticDataView, } from './create_static_data_view'; import { createApmServerRoute } from '../apm_routes/create_apm_server_route'; -import { getApmDataViewTitle } from './get_apm_data_view_title'; +import { getApmDataViewIndexPattern } from './get_apm_data_view_index_pattern'; import { getApmEventClient } from '../../lib/helpers/get_apm_event_client'; const staticDataViewRoute = createApmServerRoute({ endpoint: 'POST /internal/apm/data_view/static', options: { tags: ['access:apm'] }, handler: async (resources): CreateDataViewResponse => { - const { context, plugins, request } = resources; + const { context, plugins, request, logger } = resources; const apmEventClient = await getApmEventClient(resources); const coreContext = await context.core; + // get name of selected (name)space + const spacesStart = await plugins.spaces?.start(); + const spaceId = + spacesStart?.spacesService.getSpaceId(request) ?? DEFAULT_SPACE_ID; + + if (!spaceId) { + throw new Error('No spaceId found'); + } + const dataViewStart = await plugins.dataViews.start(); const dataViewService = await dataViewStart.dataViewsServiceFactory( coreContext.savedObjects.client, @@ -33,6 +43,8 @@ const staticDataViewRoute = createApmServerRoute({ dataViewService, resources, apmEventClient, + spaceId, + logger, }); return res; @@ -40,13 +52,15 @@ const staticDataViewRoute = createApmServerRoute({ }); const dataViewTitleRoute = createApmServerRoute({ - endpoint: 'GET /internal/apm/data_view/title', + endpoint: 'GET /internal/apm/data_view/index_pattern', options: { tags: ['access:apm'] }, - handler: async ({ getApmIndices }): Promise<{ apmDataViewTitle: string }> => { + handler: async ({ + getApmIndices, + }): Promise<{ apmDataViewIndexPattern: string }> => { const apmIndicies = await getApmIndices(); - const apmDataViewTitle = getApmDataViewTitle(apmIndicies); + const apmDataViewIndexPattern = getApmDataViewIndexPattern(apmIndicies); - return { apmDataViewTitle }; + return { apmDataViewIndexPattern }; }, }); diff --git a/x-pack/plugins/apm/tsconfig.json b/x-pack/plugins/apm/tsconfig.json index 0c0e2780950ead..0acdd619492ce3 100644 --- a/x-pack/plugins/apm/tsconfig.json +++ b/x-pack/plugins/apm/tsconfig.json @@ -103,6 +103,8 @@ "@kbn/monaco", "@kbn/shared-svg", "@kbn/deeplinks-observability", + "@kbn/custom-icons", + "@kbn/elastic-agent-utils", "@kbn/shared-ux-link-redirect-app" ], "exclude": ["target/**/*"] diff --git a/x-pack/plugins/apm/typings/es_schemas/ui/fields/agent.ts b/x-pack/plugins/apm/typings/es_schemas/ui/fields/agent.ts index 4f19793004815e..5aaba852055bc9 100644 --- a/x-pack/plugins/apm/typings/es_schemas/ui/fields/agent.ts +++ b/x-pack/plugins/apm/typings/es_schemas/ui/fields/agent.ts @@ -5,39 +5,13 @@ * 2.0. */ -export type ElasticAgentName = - | 'go' - | 'java' - | 'js-base' - | 'iOS/swift' - | 'rum-js' - | 'nodejs' - | 'python' - | 'dotnet' - | 'ruby' - | 'php' - | 'android/java'; +import type { AgentName } from '@kbn/elastic-agent-utils'; -export type OpenTelemetryAgentName = - | 'otlp' - | 'opentelemetry/cpp' - | 'opentelemetry/dotnet' - | 'opentelemetry/erlang' - | 'opentelemetry/go' - | 'opentelemetry/java' - | 'opentelemetry/nodejs' - | 'opentelemetry/php' - | 'opentelemetry/python' - | 'opentelemetry/ruby' - | 'opentelemetry/rust' - | 'opentelemetry/swift' - | 'opentelemetry/webjs'; - -/* - * Support additional agent types by appending definitions in mappings.json - * (for telemetry) and the AgentName type. - */ -export type AgentName = ElasticAgentName | OpenTelemetryAgentName; +export type { + ElasticAgentName, + OpenTelemetryAgentName, + AgentName, +} from '@kbn/elastic-agent-utils'; export interface Agent { ephemeral_id?: string; diff --git a/x-pack/plugins/cloud_integrations/cloud_full_story/public/plugin.test.ts b/x-pack/plugins/cloud_integrations/cloud_full_story/public/plugin.test.ts index 836cafa8ac7afb..b0abbbe568d215 100644 --- a/x-pack/plugins/cloud_integrations/cloud_full_story/public/plugin.test.ts +++ b/x-pack/plugins/cloud_integrations/cloud_full_story/public/plugin.test.ts @@ -6,9 +6,9 @@ */ import { coreMock } from '@kbn/core/public/mocks'; -import type { CloudFullStoryConfigType } from '../server/config'; -import { CloudFullStoryPlugin } from './plugin'; import { cloudMock } from '@kbn/cloud-plugin/public/mocks'; +import { duration } from 'moment'; +import { CloudFullStoryConfig, CloudFullStoryPlugin } from './plugin'; describe('Cloud Plugin', () => { describe('#setup', () => { @@ -22,7 +22,7 @@ describe('Cloud Plugin', () => { isCloudEnabled = true, isElasticStaffOwned = false, }: { - config?: Partial; + config?: Partial; isCloudEnabled?: boolean; isElasticStaffOwned?: boolean; }) => { @@ -55,6 +55,20 @@ describe('Cloud Plugin', () => { }); }); + test('register the shipper FullStory with the correct duration', async () => { + const { coreSetup } = await setupPlugin({ + config: { org_id: 'foo', pageVarsDebounceTime: `${duration(500, 'ms')}` }, + }); + + expect(coreSetup.analytics.registerShipper).toHaveBeenCalled(); + expect(coreSetup.analytics.registerShipper).toHaveBeenCalledWith(expect.anything(), { + fullStoryOrgId: 'foo', + pageVarsDebounceTimeMs: 500, + scriptUrl: '/internal/cloud/100/fullstory.js', + namespace: 'FSKibana', + }); + }); + it('does not call initializeFullStory when isCloudEnabled=false', async () => { const { coreSetup } = await setupPlugin({ config: { org_id: 'foo' }, diff --git a/x-pack/plugins/cloud_integrations/cloud_full_story/public/plugin.ts b/x-pack/plugins/cloud_integrations/cloud_full_story/public/plugin.ts index a248b27f937145..7636d38b681e1b 100755 --- a/x-pack/plugins/cloud_integrations/cloud_full_story/public/plugin.ts +++ b/x-pack/plugins/cloud_integrations/cloud_full_story/public/plugin.ts @@ -13,15 +13,17 @@ import type { Plugin, } from '@kbn/core/public'; import type { CloudSetup } from '@kbn/cloud-plugin/public'; +import { duration } from 'moment'; interface SetupFullStoryDeps { analytics: AnalyticsServiceSetup; basePath: IBasePath; } -interface CloudFullStoryConfig { +export interface CloudFullStoryConfig { org_id?: string; eventTypesAllowlist: string[]; + pageVarsDebounceTime: string; } interface CloudFullStorySetupDeps { @@ -61,7 +63,7 @@ export class CloudFullStoryPlugin implements Plugin { * @private */ private async setupFullStory({ analytics, basePath }: SetupFullStoryDeps) { - const { org_id: fullStoryOrgId, eventTypesAllowlist } = this.config; + const { org_id: fullStoryOrgId, eventTypesAllowlist, pageVarsDebounceTime } = this.config; if (!fullStoryOrgId) { return; // do not load any FullStory code in the browser if not enabled } @@ -71,6 +73,10 @@ export class CloudFullStoryPlugin implements Plugin { analytics.registerShipper(FullStoryShipper, { eventTypesAllowlist, fullStoryOrgId, + // Duration configs get stringified when forwarded to the UI and need reconversion + ...(pageVarsDebounceTime + ? { pageVarsDebounceTimeMs: duration(pageVarsDebounceTime).asMilliseconds() } + : {}), // Load an Elastic-internally audited script. Ideally, it should be hosted on a CDN. scriptUrl: basePath.prepend( `/internal/cloud/${this.initializerContext.env.packageInfo.buildNum}/fullstory.js` diff --git a/x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts b/x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts index 85822bae819ebf..8c6eb180f1db68 100644 --- a/x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts +++ b/x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @@ -26,6 +26,7 @@ const configSchema = schema.object({ 'Host Flyout Filter Added', // Worst-case scenario once per second - AT RISK, ], }), + pageVarsDebounceTime: schema.duration({ defaultValue: '500ms' }), }); export type CloudFullStoryConfigType = TypeOf; @@ -34,6 +35,7 @@ export const config: PluginConfigDescriptor = { exposeToBrowser: { org_id: true, eventTypesAllowlist: true, + pageVarsDebounceTime: true, }, schema: configSchema, deprecations: () => [ diff --git a/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts b/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts index 95dca041521e0b..ebce74d89b2dcf 100644 --- a/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts +++ b/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts @@ -9,25 +9,45 @@ import { ElasticsearchClient, type Logger } from '@kbn/core/server'; import { getSafePostureTypeRuntimeMapping } from '../../common/runtime_mappings/get_safe_posture_type_runtime_mapping'; import { IndexStatus, PostureTypes } from '../../common/types'; +export interface PostureTypeAndRetention { + postureType?: PostureTypes; + retentionTime?: string; +} + export const checkIndexStatus = async ( esClient: ElasticsearchClient, index: string, logger: Logger, - postureType?: PostureTypes + PostureTypeAndRetention?: PostureTypeAndRetention ): Promise => { - const query = - !postureType || postureType === 'all' || postureType === 'vuln_mgmt' - ? undefined - : { - bool: { - filter: { - term: { - safe_posture_type: postureType, + const isNotKspmOrCspm = + !PostureTypeAndRetention?.postureType || + PostureTypeAndRetention?.postureType === 'all' || + PostureTypeAndRetention?.postureType === 'vuln_mgmt'; + + const query = { + bool: { + filter: [ + ...(isNotKspmOrCspm + ? [] + : [ + { + term: { + safe_posture_type: PostureTypeAndRetention?.postureType, + }, }, + ]), + { + range: { + '@timestamp': { + gte: `now-${PostureTypeAndRetention?.retentionTime}`, + lte: 'now', }, }, - }; - + }, + ], + }, + }; try { const queryResult = await esClient.search({ index, @@ -37,7 +57,6 @@ export const checkIndexStatus = async ( query, size: 1, }); - return queryResult.hits.hits.length ? 'not-empty' : 'empty'; } catch (e) { logger.debug(e); diff --git a/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts b/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts index 86b0d0a66802be..ed3bcd99746fcf 100644 --- a/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts +++ b/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts @@ -29,6 +29,9 @@ import { POSTURE_TYPES, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, VULN_MGMT_POLICY_TEMPLATE, + POSTURE_TYPE_ALL, + LATEST_VULNERABILITIES_RETENTION_POLICY, + LATEST_FINDINGS_RETENTION_POLICY, } from '../../../common/constants'; import type { CspApiRequestHandlerContext, @@ -168,20 +171,53 @@ export const getCspStatus = async ({ installedPackagePoliciesVulnMgmt, installedPolicyTemplates, ] = await Promise.all([ - checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger), - checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger), - checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger), - - checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, 'cspm'), - checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger, 'cspm'), - checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger, 'cspm'), - - checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, 'kspm'), - checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger, 'kspm'), - checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger, 'kspm'), - - checkIndexStatus(esClient, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, logger), - checkIndexStatus(esClient, VULNERABILITIES_INDEX_PATTERN, logger, VULN_MGMT_POLICY_TEMPLATE), + checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, { + postureType: POSTURE_TYPE_ALL, + retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY, + }), + checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger, { + postureType: POSTURE_TYPE_ALL, + retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY, + }), + checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger, { + postureType: POSTURE_TYPE_ALL, + retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY, + }), + + checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, { + postureType: CSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger, { + postureType: CSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger, { + postureType: CSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + + checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, { + postureType: KSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger, { + postureType: KSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger, { + postureType: KSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + + checkIndexStatus(esClient, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, logger, { + postureType: VULN_MGMT_POLICY_TEMPLATE, + retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY, + }), + checkIndexStatus(esClient, VULNERABILITIES_INDEX_PATTERN, logger, { + postureType: VULN_MGMT_POLICY_TEMPLATE, + retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY, + }), packageService.asInternalUser.getInstallation(CLOUD_SECURITY_POSTURE_PACKAGE_NAME), packageService.asInternalUser.fetchFindLatestPackage(CLOUD_SECURITY_POSTURE_PACKAGE_NAME), @@ -295,6 +331,7 @@ export const getCspStatus = async ({ { latest: vulnerabilitiesLatestIndexStatus, stream: vulnerabilitiesIndexStatus, + score: scoreIndexStatus, }, installation, healthyAgentsVulMgmt, diff --git a/x-pack/plugins/features/server/feature_registry.test.ts b/x-pack/plugins/features/server/feature_registry.test.ts index d3021bf3394738..e0d0591c67d884 100644 --- a/x-pack/plugins/features/server/feature_registry.test.ts +++ b/x-pack/plugins/features/server/feature_registry.test.ts @@ -52,7 +52,7 @@ describe('FeatureRegistry', () => { app: ['app1'], savedObject: { all: ['space', 'etc', 'telemetry'], - read: ['canvas', 'config', 'url'], + read: ['canvas', 'config', 'config-global', 'url'], }, api: ['someApiEndpointTag', 'anotherEndpointTag'], ui: ['allowsFoo', 'showBar', 'showBaz'], @@ -60,7 +60,7 @@ describe('FeatureRegistry', () => { read: { savedObject: { all: [], - read: ['config', 'url', 'telemetry'], + read: ['config', 'config-global', 'url', 'telemetry'], }, ui: [], }, @@ -125,7 +125,7 @@ describe('FeatureRegistry', () => { app: ['app1'], savedObject: { all: ['space', 'etc', 'telemetry'], - read: ['canvas', 'config', 'url'], + read: ['canvas', 'config', 'config-global', 'url'], }, api: ['someApiEndpointTag', 'anotherEndpointTag'], ui: ['allowsFoo', 'showBar', 'showBaz'], @@ -290,7 +290,7 @@ describe('FeatureRegistry', () => { expect(allPrivilege?.savedObject.all).toEqual(['telemetry']); }); - it(`automatically grants access to config, url, and telemetry saved objects`, () => { + it(`automatically grants access to config, config-global, url, and telemetry saved objects`, () => { const feature: KibanaFeatureConfig = { id: 'test-feature', name: 'Test Feature', @@ -324,11 +324,16 @@ describe('FeatureRegistry', () => { const allPrivilege = result[0].privileges?.all; const readPrivilege = result[0].privileges?.read; - expect(allPrivilege?.savedObject.read).toEqual(['config', 'url']); - expect(readPrivilege?.savedObject.read).toEqual(['config', 'telemetry', 'url']); + expect(allPrivilege?.savedObject.read).toEqual(['config', 'config-global', 'url']); + expect(readPrivilege?.savedObject.read).toEqual([ + 'config', + 'config-global', + 'telemetry', + 'url', + ]); }); - it(`automatically grants 'all' access to telemetry and 'read' to [config, url] saved objects for the reserved privilege`, () => { + it(`automatically grants 'all' access to telemetry and 'read' to [config, config-global, url] saved objects for the reserved privilege`, () => { const feature: KibanaFeatureConfig = { id: 'test-feature', name: 'Test Feature', @@ -359,7 +364,7 @@ describe('FeatureRegistry', () => { const reservedPrivilege = result[0]!.reserved!.privileges[0].privilege; expect(reservedPrivilege.savedObject.all).toEqual(['telemetry']); - expect(reservedPrivilege.savedObject.read).toEqual(['config', 'url']); + expect(reservedPrivilege.savedObject.read).toEqual(['config', 'config-global', 'url']); }); it(`does not duplicate the automatic grants if specified on the incoming feature`, () => { @@ -373,14 +378,14 @@ describe('FeatureRegistry', () => { ui: [], savedObject: { all: ['telemetry'], - read: ['config', 'url'], + read: ['config', 'config-global', 'url'], }, }, read: { ui: [], savedObject: { all: [], - read: ['config', 'url'], + read: ['config', 'config-global', 'url'], }, }, }, @@ -397,8 +402,13 @@ describe('FeatureRegistry', () => { const allPrivilege = result[0].privileges!.all; const readPrivilege = result[0].privileges!.read; expect(allPrivilege?.savedObject.all).toEqual(['telemetry']); - expect(allPrivilege?.savedObject.read).toEqual(['config', 'url']); - expect(readPrivilege?.savedObject.read).toEqual(['config', 'url', 'telemetry']); + expect(allPrivilege?.savedObject.read).toEqual(['config', 'config-global', 'url']); + expect(readPrivilege?.savedObject.read).toEqual([ + 'config', + 'config-global', + 'url', + 'telemetry', + ]); }); it(`does not allow duplicate features to be registered`, () => { @@ -484,7 +494,7 @@ describe('FeatureRegistry', () => { name: 'Foo', app: ['app1', 'app2'], savedObject: { - all: ['config', 'space', 'etc'], + all: ['config', 'config-global', 'space', 'etc'], read: ['canvas'], }, api: ['someApiEndpointTag', 'anotherEndpointTag'], diff --git a/x-pack/plugins/features/server/feature_registry.ts b/x-pack/plugins/features/server/feature_registry.ts index cbcd426f6accf8..40c278b2fe4ed2 100644 --- a/x-pack/plugins/features/server/feature_registry.ts +++ b/x-pack/plugins/features/server/feature_registry.ts @@ -118,7 +118,12 @@ function applyAutomaticAllPrivilegeGrants( allPrivileges.forEach((allPrivilege) => { if (allPrivilege) { allPrivilege.savedObject.all = uniq([...allPrivilege.savedObject.all, 'telemetry']); - allPrivilege.savedObject.read = uniq([...allPrivilege.savedObject.read, 'config', 'url']); + allPrivilege.savedObject.read = uniq([ + ...allPrivilege.savedObject.read, + 'config', + 'config-global', + 'url', + ]); } }); } @@ -131,6 +136,7 @@ function applyAutomaticReadPrivilegeGrants( readPrivilege.savedObject.read = uniq([ ...readPrivilege.savedObject.read, 'config', + 'config-global', 'telemetry', 'url', ]); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.test.tsx index 6de1a3caaa2c10..6e965dc9eca6ae 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.test.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.test.tsx @@ -63,6 +63,8 @@ describe('AgentLogsUI', () => { const state = { datasets: ['elastic_agent'], logLevels: ['info', 'error'], + start: '2023-20-04T14:00:00.340Z', + end: '2023-20-04T14:20:00.340Z', query: '', } as any; return render(); @@ -97,7 +99,10 @@ describe('AgentLogsUI', () => { it('should render Open in Logs UI if capabilities not set', () => { mockStartServices(); const result = renderComponent(); - expect(result.getByTestId('viewInLogsBtn')).not.toBeNull(); + expect(result.getByTestId('viewInLogsBtn')).toHaveAttribute( + 'href', + `http://localhost:5620/app/logs/stream?logPosition=(end%3A'2023-20-04T14%3A20%3A00.340Z'%2Cstart%3A'2023-20-04T14%3A00%3A00.340Z'%2CstreamLive%3A!f)&logFilter=(expression%3A'elastic_agent.id%3Aagent1%20and%20(data_stream.dataset%3Aelastic_agent)%20and%20(log.level%3Ainfo%20or%20log.level%3Aerror)'%2Ckind%3Akuery)` + ); }); it('should render Open in Discover if serverless enabled', () => { @@ -106,7 +111,7 @@ describe('AgentLogsUI', () => { const viewInDiscover = result.getByTestId('viewInDiscoverBtn'); expect(viewInDiscover).toHaveAttribute( 'href', - `http://localhost:5620/app/discover#/?_a=(index:'logs-*',query:(language:kuery,query:'data_stream.dataset:elastic_agent%20AND%20elastic_agent.id:agent1'))` + `http://localhost:5620/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:'2023-20-04T14:00:00.340Z',to:'2023-20-04T14:20:00.340Z'))&_a=(columns:!(event.dataset,message),index:'logs-*',query:(language:kuery,query:'elastic_agent.id:agent1 and (data_stream.dataset:elastic_agent) and (log.level:info or log.level:error)'))` ); }); }); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.tsx index 8efef6592f870d..05efb3abfdcaa9 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.tsx @@ -4,21 +4,14 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ - -import url from 'url'; -import { stringify } from 'querystring'; - import React, { memo, useMemo, useState, useCallback, useEffect } from 'react'; import styled from 'styled-components'; -import { encode } from '@kbn/rison'; import { EuiFlexGroup, EuiFlexItem, EuiSuperDatePicker, EuiFilterGroup, EuiPanel, - EuiButton, - EuiButtonEmpty, EuiCallOut, EuiLink, } from '@elastic/eui'; @@ -42,6 +35,7 @@ import { LogLevelFilter } from './filter_log_level'; import { LogQueryBar } from './query_bar'; import { buildQuery } from './build_query'; import { SelectLogLevel } from './select_log_level'; +import { ViewLogsButton } from './view_logs_button'; const WrapperFlexGroup = styled(EuiFlexGroup)` height: 100%; @@ -118,7 +112,7 @@ const AgentPolicyLogsNotEnabledCallout: React.FunctionComponent<{ agentPolicy: A export const AgentLogsUI: React.FunctionComponent = memo( ({ agent, agentPolicy, state }) => { - const { data, application, http, cloud } = useStartServices(); + const { data, application, cloud } = useStartServices(); const { update: updateState } = AgentLogsUrlStateHelper.useTransitions(); const isLogsUIAvailable = !cloud?.isServerlessEnabled; @@ -218,37 +212,6 @@ export const AgentLogsUI: React.FunctionComponent = memo( [agent.id, state.datasets, state.logLevels, state.query] ); - // Generate URL to pass page state to Logs UI - const viewInLogsUrl = useMemo( - () => - http.basePath.prepend( - url.format({ - pathname: '/app/logs/stream', - search: stringify({ - logPosition: encode({ - start: state.start, - end: state.end, - streamLive: false, - }), - logFilter: encode({ - expression: logStreamQuery, - kind: 'kuery', - }), - }), - }) - ), - [http.basePath, state.start, state.end, logStreamQuery] - ); - - const viewInDiscoverUrl = useMemo(() => { - const index = 'logs-*'; - const datasetQuery = 'data_stream.dataset:elastic_agent'; - const agentIdQuery = `elastic_agent.id:${agent.id}`; - return http.basePath.prepend( - `/app/discover#/?_a=(index:'${index}',query:(language:kuery,query:'${datasetQuery}%20AND%20${agentIdQuery}'))` - ); - }, [http.basePath, agent.id]); - const agentVersion = agent.local_metadata?.elastic?.agent?.version; const isLogFeatureAvailable = useMemo(() => { if (!agentVersion) { @@ -357,30 +320,12 @@ export const AgentLogsUI: React.FunctionComponent = memo( application, }} > - {isLogsUIAvailable ? ( - - - - ) : ( - - - - )} + diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/view_logs_button.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/view_logs_button.tsx new file mode 100644 index 00000000000000..762c34ad7bc366 --- /dev/null +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/view_logs_button.tsx @@ -0,0 +1,85 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import url from 'url'; +import { stringify } from 'querystring'; + +import React, { useMemo } from 'react'; +import { encode } from '@kbn/rison'; +import { EuiButton } from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; + +import { useStartServices } from '../../../../../hooks'; + +interface ViewLogsProps { + viewInLogs: boolean; + logStreamQuery: string; + startTime: string; + endTime: string; +} + +/* + Button that takes to the Logs view Ui when that is available, otherwise fallback to the Discover UI + The urls are built using same logStreamQuery (provided by a prop), startTime and endTime, ensuring that they'll both will target same log lines +*/ +export const ViewLogsButton: React.FunctionComponent = ({ + viewInLogs, + logStreamQuery, + startTime, + endTime, +}) => { + const { http } = useStartServices(); + + // Generate URL to pass page state to Logs UI + const viewInLogsUrl = useMemo( + () => + http.basePath.prepend( + url.format({ + pathname: '/app/logs/stream', + search: stringify({ + logPosition: encode({ + start: startTime, + end: endTime, + streamLive: false, + }), + logFilter: encode({ + expression: logStreamQuery, + kind: 'kuery', + }), + }), + }) + ), + [http.basePath, startTime, endTime, logStreamQuery] + ); + + const viewInDiscoverUrl = useMemo(() => { + const index = 'logs-*'; + const query = encode({ + query: logStreamQuery, + language: 'kuery', + }); + return http.basePath.prepend( + `/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:'${startTime}',to:'${endTime}'))&_a=(columns:!(event.dataset,message),index:'${index}',query:${query})` + ); + }, [logStreamQuery, http.basePath, startTime, endTime]); + + return viewInLogs ? ( + + + + ) : ( + + + + ); +}; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.test.tsx index dffa4bc665bdb4..1518a68fd6f0c3 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.test.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.test.tsx @@ -244,8 +244,7 @@ describe('AgentUpgradeStatus', () => { expect(results.queryAllByText('Info')).toEqual([]); }); - // Unskip this test when minVersion is set. - it.skip('should render an icon with tooltip if the agent is upgrading', async () => { + it('should render an icon with tooltip if the agent is upgrading', async () => { const results = render({ agentUpgradeStartedAt: '2023-10-03T14:34:12Z', agentUpgradedAt: null, diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.tsx index 572b86d62c73d6..ab4835757f94d2 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.tsx @@ -225,7 +225,7 @@ export const AgentUpgradeStatus: React.FC<{ [agentUpgradeStartedAt, agentUpgradedAt] ); const status = useMemo(() => getStatusComponents(agentUpgradeDetails), [agentUpgradeDetails]); - const minVersion = undefined; // Change this to a string in order for a tooltip to render for upgrading agents with no upgrade details. + const minVersion = '8.12'; if (isAgentUpgradable) { return ( @@ -249,7 +249,7 @@ export const AgentUpgradeStatus: React.FC<{ ); } - if (minVersion && isAgentUpgrading) { + if (isAgentUpgrading) { return ( { + return { + ...jest.requireActual('../../../../hooks'), + useLink: jest.fn(), + useStartServices: jest.fn(), + }; +}); + +const mockUseStartServices = useStartServices as jest.Mock; + jest.mock('@kbn/shared-ux-link-redirect-app', () => ({ RedirectAppLinks: (props: any) => { return
{props.children}
; }, })); -jest.mock('../../../../hooks', () => { - return { - useStartServices: jest.fn().mockReturnValue({ - http: { - basePath: { - prepend: jest.fn().mockImplementation((str) => 'http://localhost' + str), +const mockStartServices = (isServerlessEnabled?: boolean) => { + mockUseStartServices.mockReturnValue({ + application: {}, + data: { + query: { + timefilter: { + timefilter: { + calculateBounds: jest.fn().mockReturnValue({ + min: '2023-10-04T13:08:53.340Z', + max: '2023-10-05T13:08:53.340Z', + }), + }, }, }, - }), - }; -}); + }, + http: { + basePath: { + prepend: (url: string) => 'http://localhost:5620' + url, + }, + }, + cloud: { + isServerlessEnabled, + }, + }); +}; describe('ViewErrors', () => { const renderComponent = (action: ActionStatus) => { @@ -41,7 +67,30 @@ describe('ViewErrors', () => { ); }; - it('should render error message with btn to logs', () => { + it('should render error message with btn to Logs view if serverless not enabled', () => { + mockStartServices(); + const result = renderComponent({ + actionId: 'action1', + latestErrors: [ + { + agentId: 'agent1', + error: 'Agent agent1 is not upgradeable', + timestamp: '2023-03-06T14:51:24.709Z', + }, + ], + } as any); + + const errorText = result.getByTestId('errorText'); + expect(errorText.textContent).toEqual('Agent agent1 is not upgradeable'); + + const viewErrorBtn = result.getByTestId('viewInLogsBtn'); + expect(viewErrorBtn.getAttribute('href')).toEqual( + `http://localhost:5620/app/logs/stream?logPosition=(end%3A'2023-03-06T14%3A56%3A24.709Z'%2Cstart%3A'2023-03-06T14%3A46%3A24.709Z'%2CstreamLive%3A!f)&logFilter=(expression%3A'elastic_agent.id%3Aagent1%20and%20(data_stream.dataset%3Aelastic_agent)%20and%20(log.level%3Aerror)'%2Ckind%3Akuery)` + ); + }); + + it('should render error message with btn to Discover view if serverless enabled', () => { + mockStartServices(true); const result = renderComponent({ actionId: 'action1', latestErrors: [ @@ -56,9 +105,9 @@ describe('ViewErrors', () => { const errorText = result.getByTestId('errorText'); expect(errorText.textContent).toEqual('Agent agent1 is not upgradeable'); - const viewErrorBtn = result.getByTestId('viewLogsBtn'); + const viewErrorBtn = result.getByTestId('viewInDiscoverBtn'); expect(viewErrorBtn.getAttribute('href')).toEqual( - `http://localhost/app/logs/stream?logPosition=(position%3A(time%3A1678114284709)%2CstreamLive%3A!f)&logFilter=(expression%3A'elastic_agent.id%3Aagent1%20and%20(data_stream.dataset%3Aelastic_agent)%20and%20(log.level%3Aerror)'%2Ckind%3Akuery)` + `http://localhost:5620/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:'2023-03-06T14:46:24.709Z',to:'2023-03-06T14:56:24.709Z'))&_a=(columns:!(event.dataset,message),index:'logs-*',query:(language:kuery,query:'elastic_agent.id:agent1 and (data_stream.dataset:elastic_agent) and (log.level:error)'))` ); }); }); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/view_errors.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/view_errors.tsx index d49be8d4cacda9..4d43c9a60a6183 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/view_errors.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/view_errors.tsx @@ -5,21 +5,19 @@ * 2.0. */ -import { stringify } from 'querystring'; - import styled from 'styled-components'; import React from 'react'; -import { encode } from '@kbn/rison'; import type { EuiBasicTableProps } from '@elastic/eui'; -import { EuiButton, EuiAccordion, EuiToolTip, EuiText, EuiBasicTable } from '@elastic/eui'; -import { FormattedMessage } from '@kbn/i18n-react'; +import { EuiAccordion, EuiToolTip, EuiText, EuiBasicTable } from '@elastic/eui'; import { RedirectAppLinks } from '@kbn/shared-ux-link-redirect-app'; +import moment from 'moment'; import { i18n } from '@kbn/i18n'; import type { ActionErrorResult } from '../../../../../../../common/types'; import { buildQuery } from '../../agent_details_page/components/agent_logs/build_query'; +import { ViewLogsButton } from '../../agent_details_page/components/agent_logs/view_logs_button'; import type { ActionStatus } from '../../../../types'; import { useStartServices } from '../../../../hooks'; @@ -32,27 +30,26 @@ const TruncatedEuiText = styled(EuiText)` export const ViewErrors: React.FunctionComponent<{ action: ActionStatus }> = ({ action }) => { const coreStart = useStartServices(); + const isLogsUIAvailable = !coreStart.cloud?.isServerlessEnabled; + + const getLogsButton = (agentId: string, timestamp: string, viewInLogs: boolean) => { + const startTime = moment(timestamp).subtract(5, 'm').toISOString(); + const endTime = moment(timestamp).add(5, 'm').toISOString(); - const logStreamQuery = (agentId: string) => - buildQuery({ + const logStreamQuery = buildQuery({ agentId, datasets: ['elastic_agent'], logLevels: ['error'], userQuery: '', }); - - const getErrorLogsUrl = (agentId: string, timestamp: string) => { - const queryParams = stringify({ - logPosition: encode({ - position: { time: Date.parse(timestamp) }, - streamLive: false, - }), - logFilter: encode({ - expression: logStreamQuery(agentId), - kind: 'kuery', - }), - }); - return coreStart.http.basePath.prepend(`/app/logs/stream?${queryParams}`); + return ( + + ); }; const columns: EuiBasicTableProps['columns'] = [ @@ -89,16 +86,7 @@ export const ViewErrors: React.FunctionComponent<{ action: ActionStatus }> = ({ const errorItem = (action.latestErrors ?? []).find((item) => item.agentId === agentId); return ( - - - + {getLogsButton(agentId, errorItem!.timestamp, !!isLogsUIAvailable)} ); }, diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx index ddd68d83804196..2308cc824db6d0 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx @@ -11,6 +11,7 @@ import type { Output } from '../../../../types'; import { createFleetTestRendererMock } from '../../../../../../mock'; import { useFleetStatus } from '../../../../../../hooks/use_fleet_status'; import { ExperimentalFeaturesService } from '../../../../../../services'; +import { useStartServices } from '../../../../hooks'; import { EditOutputFlyout } from '.'; @@ -25,6 +26,16 @@ jest.mock('../../../../../../hooks/use_fleet_status', () => ({ useFleetStatus: jest.fn().mockReturnValue({}), })); +jest.mock('../../../../hooks', () => { + return { + ...jest.requireActual('../../../../hooks'), + useBreadcrumbs: jest.fn(), + useStartServices: jest.fn(), + }; +}); + +const mockUseStartServices = useStartServices as jest.Mock; + const mockedUsedFleetStatus = useFleetStatus as jest.MockedFunction; function renderFlyout(output?: Output) { @@ -67,6 +78,22 @@ const kafkaSectionsLabels = [ const remoteEsOutputLabels = ['Hosts', 'Service Token']; describe('EditOutputFlyout', () => { + const mockStartServices = (isServerlessEnabled?: boolean) => { + mockUseStartServices.mockReturnValue({ + notifications: { toasts: {} }, + docLinks: { + links: { fleet: {}, logstash: {}, kibana: {} }, + }, + cloud: { + isServerlessEnabled, + }, + }); + }; + + beforeEach(() => { + mockStartServices(false); + }); + it('should render the flyout if there is not output provided', async () => { renderFlyout(); }); @@ -177,5 +204,26 @@ describe('EditOutputFlyout', () => { expect(utils.queryByLabelText(label)).not.toBeNull(); }); expect(utils.queryByTestId('serviceTokenCallout')).not.toBeNull(); + + expect(utils.queryByTestId('settingsOutputsFlyout.typeInput')?.textContent).toContain( + 'Remote Elasticsearch' + ); + }); + + it('should not display remote ES output in type lists if serverless', async () => { + jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ remoteESOutput: true }); + mockUseStartServices.mockReset(); + mockStartServices(true); + const { utils } = renderFlyout({ + type: 'elasticsearch', + name: 'dummy', + id: 'output', + is_default: false, + is_default_monitoring: false, + }); + + expect(utils.queryByTestId('settingsOutputsFlyout.typeInput')?.textContent).not.toContain( + 'Remote Elasticsearch' + ); }); }); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.tsx index b35162bc516677..0346986f3abbe7 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.tsx @@ -70,7 +70,7 @@ export const EditOutputFlyout: React.FunctionComponent = useBreadcrumbs('settings'); const form = useOutputForm(onClose, output); const inputs = form.inputs; - const { docLinks } = useStartServices(); + const { docLinks, cloud } = useStartServices(); const { euiTheme } = useEuiTheme(); const { outputSecretsStorage: isOutputSecretsStorageEnabled } = ExperimentalFeaturesService.get(); const [useSecretsStorage, setUseSecretsStorage] = React.useState(isOutputSecretsStorageEnabled); @@ -87,10 +87,12 @@ export const EditOutputFlyout: React.FunctionComponent = const { kafkaOutput: isKafkaOutputEnabled, remoteESOutput: isRemoteESOutputEnabled } = ExperimentalFeaturesService.get(); const isRemoteESOutput = inputs.typeInput.value === outputType.RemoteElasticsearch; + // Remote ES output not yet supported in serverless + const isStateful = !cloud?.isServerlessEnabled; const OUTPUT_TYPE_OPTIONS = [ { value: outputType.Elasticsearch, text: 'Elasticsearch' }, - ...(isRemoteESOutputEnabled + ...(isRemoteESOutputEnabled && isStateful ? [{ value: outputType.RemoteElasticsearch, text: 'Remote Elasticsearch' }] : []), { value: outputType.Logstash, text: 'Logstash' }, diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx index 9c2ca98479a85a..adeb17a5efdcc9 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx @@ -141,6 +141,11 @@ export const SettingsPage: React.FC = memo(({ packageInfo, theme$ }: Prop [packagePoliciesData] ); + const agentPolicyIds = useMemo( + () => packagePoliciesData?.items.map(({ policy_id: agentPolicyId }) => agentPolicyId) ?? [], + [packagePoliciesData] + ); + const { data: dryRunData } = useUpgradePackagePolicyDryRunQuery( packagePolicyIds ?? [], latestVersion, @@ -329,6 +334,7 @@ export const SettingsPage: React.FC = memo(({ packageInfo, theme$ }: Prop { dryRunData?: UpgradePackagePolicyDryRunResponse | null; packagePolicyIds?: string[]; + agentPolicyIds: string[]; isUpgradingPackagePolicies?: boolean; setIsUpgradingPackagePolicies?: React.Dispatch>; theme$: Observable; @@ -73,6 +73,7 @@ export const UpdateButton: React.FunctionComponent = ({ isUpgradingPackagePolicies = false, name, packagePolicyIds = [], + agentPolicyIds = [], setIsUpgradingPackagePolicies = () => {}, title, version, @@ -92,16 +93,7 @@ export const UpdateButton: React.FunctionComponent = ({ const [isUpdateModalVisible, setIsUpdateModalVisible] = useState(false); const [upgradePackagePolicies, setUpgradePackagePolicies] = useState(true); - const { data: agentPolicyData } = useGetAgentPoliciesQuery({ - perPage: SO_SEARCH_LIMIT, - page: 1, - // Fetch all agent policies that include one of the eligible package policies - kuery: packagePolicyIds.length - ? `${AGENT_POLICY_SAVED_OBJECT_TYPE}.package_policies:${packagePolicyIds - .map((id) => `"${id}"`) - .join(' or ')}` - : '', - }); + const { data: agentPolicyData } = useBulkGetAgentPoliciesQuery(agentPolicyIds, { full: true }); const packagePolicyCount = useMemo(() => packagePolicyIds.length, [packagePolicyIds]); diff --git a/x-pack/plugins/fleet/public/custom_logs_assets_extension.tsx b/x-pack/plugins/fleet/public/custom_logs_assets_extension.tsx index 4090c4520bf2a9..26668c4062981a 100644 --- a/x-pack/plugins/fleet/public/custom_logs_assets_extension.tsx +++ b/x-pack/plugins/fleet/public/custom_logs_assets_extension.tsx @@ -14,8 +14,12 @@ import { useStartServices } from './hooks'; import type { PackageAssetsComponent } from './types'; export const CustomLogsAssetsExtension: PackageAssetsComponent = () => { - const { http } = useStartServices(); - const logStreamUrl = http.basePath.prepend('/app/logs/stream'); + const { http, cloud } = useStartServices(); + const isLogsUIAvailable = !cloud?.isServerlessEnabled; + // if logs ui is not available, link to discover + const logStreamUrl = isLogsUIAvailable + ? http.basePath.prepend('/app/logs/stream') + : http.basePath.prepend('/app/discover'); const views: CustomAssetsAccordionProps['views'] = [ { diff --git a/x-pack/plugins/fleet/public/hooks/use_request/agent_policy.ts b/x-pack/plugins/fleet/public/hooks/use_request/agent_policy.ts index ee0481bd373afe..6ce49febdeca2e 100644 --- a/x-pack/plugins/fleet/public/hooks/use_request/agent_policy.ts +++ b/x-pack/plugins/fleet/public/hooks/use_request/agent_policy.ts @@ -22,6 +22,7 @@ import type { CopyAgentPolicyResponse, DeleteAgentPolicyRequest, DeleteAgentPolicyResponse, + BulkGetAgentPoliciesResponse, } from '../../types'; import { useRequest, sendRequest, useConditionalRequest, sendRequestForRq } from './use_request'; @@ -47,6 +48,17 @@ export const useGetAgentPoliciesQuery = (query?: GetAgentPoliciesRequest['query' ); }; +export const useBulkGetAgentPoliciesQuery = (ids: string[], options?: { full?: boolean }) => { + return useQuery(['agentPolicies', ids], () => + sendRequestForRq({ + path: agentPolicyRouteService.getBulkGetPath(), + method: 'post', + body: JSON.stringify({ ids, full: options?.full }), + version: API_VERSIONS.public.v1, + }) + ); +}; + export const sendGetAgentPolicies = (query?: GetAgentPoliciesRequest['query']) => { return sendRequest({ path: agentPolicyRouteService.getListPath(), diff --git a/x-pack/plugins/fleet/public/types/index.ts b/x-pack/plugins/fleet/public/types/index.ts index 8c7d3ddcf5b453..63837dc8095592 100644 --- a/x-pack/plugins/fleet/public/types/index.ts +++ b/x-pack/plugins/fleet/public/types/index.ts @@ -137,6 +137,7 @@ export type { KibanaSavedObjectType, GetInputsTemplatesRequest, GetInputsTemplatesResponse, + BulkGetAgentPoliciesResponse, } from '../../common/types'; export { entries, diff --git a/x-pack/plugins/fleet/server/plugin.ts b/x-pack/plugins/fleet/server/plugin.ts index 0373971c664e2a..8333d0257a8f04 100644 --- a/x-pack/plugins/fleet/server/plugin.ts +++ b/x-pack/plugins/fleet/server/plugin.ts @@ -524,6 +524,9 @@ export class FleetPlugin this.policyWatcher.start(licenseService); + // We only retry when this feature flag is enabled (Serverless) + const setupAttempts = this.configInitialValue.internal?.retrySetupOnBoot ? 25 : 1; + const fleetSetupPromise = (async () => { try { // Fleet remains `available` during setup as to excessively delay Kibana's boot process. @@ -555,10 +558,9 @@ export class FleetPlugin ); }, { - // We only retry when this feature flag is enabled - numOfAttempts: this.configInitialValue.internal?.retrySetupOnBoot ? Infinity : 1, - // 250ms initial backoff - startingDelay: 250, + numOfAttempts: setupAttempts, + // 1s initial backoff + startingDelay: 1000, // 5m max backoff maxDelay: 60000 * 5, timeMultiple: 2, @@ -566,7 +568,7 @@ export class FleetPlugin jitter: 'full', retry: (error: any, attemptCount: number) => { const summary = `Fleet setup attempt ${attemptCount} failed, will retry after backoff`; - logger.debug(summary, { error: { message: error } }); + logger.warn(summary, { error: { message: error } }); this.fleetStatus$.next({ level: ServiceStatusLevels.available, @@ -586,7 +588,9 @@ export class FleetPlugin summary: 'Fleet is available', }); } catch (error) { - logger.warn('Fleet setup failed', { error: { message: error } }); + logger.warn(`Fleet setup failed after ${setupAttempts} attempts`, { + error: { message: error }, + }); this.fleetStatus$.next({ // As long as Fleet has a dependency on EPR, we can't reliably set Kibana status to `unavailable` here. diff --git a/x-pack/plugins/fleet/server/routes/output/handler.test.ts b/x-pack/plugins/fleet/server/routes/output/handler.test.ts new file mode 100644 index 00000000000000..84443b3ad71963 --- /dev/null +++ b/x-pack/plugins/fleet/server/routes/output/handler.test.ts @@ -0,0 +1,91 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { agentPolicyService, appContextService, outputService } from '../../services'; + +import { postOutputHandler, putOutputHandler } from './handler'; + +describe('output handler', () => { + const mockContext = { + core: Promise.resolve({ + savedObjects: {}, + elasticsearch: { + client: {}, + }, + }), + } as any; + const mockResponse = { + customError: jest.fn().mockImplementation((options) => options), + ok: jest.fn().mockImplementation((options) => options), + }; + + beforeEach(() => { + jest.spyOn(appContextService, 'getLogger').mockReturnValue({ error: jest.fn() } as any); + jest.spyOn(outputService, 'create').mockResolvedValue({ id: 'output1' } as any); + jest.spyOn(outputService, 'update').mockResolvedValue({ id: 'output1' } as any); + jest.spyOn(outputService, 'get').mockResolvedValue({ id: 'output1' } as any); + jest.spyOn(agentPolicyService, 'bumpAllAgentPoliciesForOutput').mockResolvedValue({} as any); + }); + + it('should return error on post output using remote_elasticsearch in serverless', async () => { + jest.spyOn(appContextService, 'getCloud').mockReturnValue({ isServerlessEnabled: true } as any); + + const res = await postOutputHandler( + mockContext, + { body: { id: 'output1', type: 'remote_elasticsearch' } } as any, + mockResponse as any + ); + + expect(res).toEqual({ + body: { message: 'Output type remote_elasticsearch not supported in serverless' }, + statusCode: 400, + }); + }); + + it('should return ok on post output using remote_elasticsearch in stateful', async () => { + jest + .spyOn(appContextService, 'getCloud') + .mockReturnValue({ isServerlessEnabled: false } as any); + + const res = await postOutputHandler( + mockContext, + { body: { type: 'remote_elasticsearch' } } as any, + mockResponse as any + ); + + expect(res).toEqual({ body: { item: { id: 'output1' } } }); + }); + + it('should return error on put output using remote_elasticsearch in serverless', async () => { + jest.spyOn(appContextService, 'getCloud').mockReturnValue({ isServerlessEnabled: true } as any); + + const res = await putOutputHandler( + mockContext, + { body: { id: 'output1', type: 'remote_elasticsearch' } } as any, + mockResponse as any + ); + + expect(res).toEqual({ + body: { message: 'Output type remote_elasticsearch not supported in serverless' }, + statusCode: 400, + }); + }); + + it('should return ok on put output using remote_elasticsearch in stateful', async () => { + jest + .spyOn(appContextService, 'getCloud') + .mockReturnValue({ isServerlessEnabled: false } as any); + + const res = await putOutputHandler( + mockContext, + { body: { type: 'remote_elasticsearch' }, params: { outputId: 'output1' } } as any, + mockResponse as any + ); + + expect(res).toEqual({ body: { item: { id: 'output1' } } }); + }); +}); diff --git a/x-pack/plugins/fleet/server/routes/output/handler.ts b/x-pack/plugins/fleet/server/routes/output/handler.ts index 475e7e96255042..e100d9fd67e473 100644 --- a/x-pack/plugins/fleet/server/routes/output/handler.ts +++ b/x-pack/plugins/fleet/server/routes/output/handler.ts @@ -10,6 +10,8 @@ import type { TypeOf } from '@kbn/config-schema'; import Boom from '@hapi/boom'; +import type { ValueOf } from '@elastic/eui'; + import { outputType } from '../../../common/constants'; import type { @@ -23,11 +25,12 @@ import type { GetOneOutputResponse, GetOutputsResponse, Output, + OutputType, PostLogstashApiKeyResponse, } from '../../../common/types'; import { outputService } from '../../services/output'; import { defaultFleetErrorHandler, FleetUnauthorizedError } from '../../errors'; -import { agentPolicyService } from '../../services'; +import { agentPolicyService, appContextService } from '../../services'; import { generateLogstashApiKey, canCreateLogstashApiKey } from '../../services/api_keys'; function ensureNoDuplicateSecrets(output: Partial) { @@ -89,8 +92,9 @@ export const putOutputHandler: RequestHandler< const soClient = coreContext.savedObjects.client; const esClient = coreContext.elasticsearch.client.asInternalUser; const outputUpdate = request.body; - ensureNoDuplicateSecrets(outputUpdate); try { + validateOutputServerless(outputUpdate.type); + ensureNoDuplicateSecrets(outputUpdate); await outputService.update(soClient, esClient, request.params.outputId, outputUpdate); const output = await outputService.get(soClient, request.params.outputId); if (output.is_default || output.is_default_monitoring) { @@ -125,6 +129,7 @@ export const postOutputHandler: RequestHandler< const esClient = coreContext.elasticsearch.client.asInternalUser; try { const { id, ...newOutput } = request.body; + validateOutputServerless(newOutput.type); ensureNoDuplicateSecrets(newOutput); const output = await outputService.create(soClient, esClient, newOutput, { id }); if (output.is_default || output.is_default_monitoring) { @@ -141,6 +146,13 @@ export const postOutputHandler: RequestHandler< } }; +function validateOutputServerless(type?: ValueOf): void { + const cloudSetup = appContextService.getCloud(); + if (cloudSetup?.isServerlessEnabled && type === outputType.RemoteElasticsearch) { + throw Boom.badRequest('Output type remote_elasticsearch not supported in serverless'); + } +} + export const deleteOutputHandler: RequestHandler< TypeOf > = async (context, request, response) => { diff --git a/x-pack/plugins/infra/public/pages/metrics/hosts/components/table/entry_title.tsx b/x-pack/plugins/infra/public/pages/metrics/hosts/components/table/entry_title.tsx index b2fdcc1a1a734b..0f6e65ef4c1d2a 100644 --- a/x-pack/plugins/infra/public/pages/metrics/hosts/components/table/entry_title.tsx +++ b/x-pack/plugins/infra/public/pages/metrics/hosts/components/table/entry_title.tsx @@ -5,19 +5,13 @@ * 2.0. */ import React from 'react'; -import { EuiFlexGroup, EuiFlexItem, EuiIcon, EuiLink, EuiToolTip, IconType } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiLink, EuiToolTip } from '@elastic/eui'; import { useLinkProps } from '@kbn/observability-shared-plugin/public'; +import { CloudProviderIcon } from '@kbn/custom-icons'; import { useNodeDetailsRedirect } from '../../../../link_to'; -import type { CloudProvider, HostNodeRow } from '../../hooks/use_hosts_table'; +import type { HostNodeRow } from '../../hooks/use_hosts_table'; import { useUnifiedSearchContext } from '../../hooks/use_unified_search'; -const cloudIcons: Record = { - gcp: 'logoGCP', - aws: 'logoAWS', - azure: 'logoAzure', - unknownProvider: 'cloudSunny', -}; - interface EntryTitleProps { onClick: () => void; title: HostNodeRow['title']; @@ -40,7 +34,6 @@ export const EntryTitle = ({ onClick, title }: EntryTitleProps) => { }), }); - const iconType = (cloudProvider && cloudIcons[cloudProvider]) || cloudIcons.unknownProvider; const providerName = cloudProvider ?? 'Unknown'; return ( @@ -52,7 +45,7 @@ export const EntryTitle = ({ onClick, title }: EntryTitleProps) => { > - + diff --git a/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_hosts_table.tsx b/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_hosts_table.tsx index 290062a2f1d48a..c1c4093d96e466 100644 --- a/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_hosts_table.tsx +++ b/x-pack/plugins/infra/public/pages/metrics/hosts/hooks/use_hosts_table.tsx @@ -15,6 +15,7 @@ import { import createContainer from 'constate'; import { isEqual } from 'lodash'; import { isNumber } from 'lodash/fp'; +import { CloudProvider } from '@kbn/custom-icons'; import { hostLensFormulas } from '../../../../common/visualizations'; import { useKibanaContextForPlugin } from '../../../../hooks/use_kibana'; import { createInventoryMetricFormatter } from '../../inventory_view/lib/create_inventory_metric_formatter'; @@ -35,7 +36,6 @@ import { buildCombinedHostsFilter } from '../../../../utils/filters/build'; /** * Columns and items types */ -export type CloudProvider = 'gcp' | 'aws' | 'azure' | 'unknownProvider'; type HostMetrics = Record; interface HostMetadata { diff --git a/x-pack/plugins/infra/tsconfig.json b/x-pack/plugins/infra/tsconfig.json index e3b71afa57001d..ea4fa7be6565ff 100644 --- a/x-pack/plugins/infra/tsconfig.json +++ b/x-pack/plugins/infra/tsconfig.json @@ -74,7 +74,8 @@ "@kbn/expressions-plugin", "@kbn/chart-icons", "@kbn/advanced-settings-plugin", - "@kbn/cloud-plugin" + "@kbn/cloud-plugin", + "@kbn/custom-icons" ], "exclude": ["target/**/*"] } diff --git a/x-pack/plugins/lens/public/embeddable/embeddable.tsx b/x-pack/plugins/lens/public/embeddable/embeddable.tsx index b9d0bae1979097..bb99e061893f2b 100644 --- a/x-pack/plugins/lens/public/embeddable/embeddable.tsx +++ b/x-pack/plugins/lens/public/embeddable/embeddable.tsx @@ -176,7 +176,6 @@ interface LensBaseEmbeddableInput extends EmbeddableInput { onTableRowClick?: ( data: Simplify ) => void; - shouldShowLegendAction?: (actionId: string) => boolean; } export type LensByValueInput = { @@ -1110,7 +1109,6 @@ export class Embeddable }} noPadding={this.visDisplayOptions.noPadding} docLinks={this.deps.coreStart.docLinks} - shouldShowLegendAction={input.shouldShowLegendAction} /> (a.order ?? Infinity) - (b.order ?? Infinity)) .map((action) => ({ id: action.id, + type: action.type, iconType: action.getIconType({ embeddable, data, trigger: cellValueTrigger })!, displayName: action.getDisplayName({ embeddable, data, trigger: cellValueTrigger }), execute: (cellData) => diff --git a/x-pack/plugins/lens/public/embeddable/expression_wrapper.tsx b/x-pack/plugins/lens/public/embeddable/expression_wrapper.tsx index 75b141514f20c9..82205c5b5990ec 100644 --- a/x-pack/plugins/lens/public/embeddable/expression_wrapper.tsx +++ b/x-pack/plugins/lens/public/embeddable/expression_wrapper.tsx @@ -47,7 +47,6 @@ export interface ExpressionWrapperProps { lensInspector: LensInspector; noPadding?: boolean; docLinks: CoreStart['docLinks']; - shouldShowLegendAction?: (actionId: string) => boolean; } export function ExpressionWrapper({ @@ -74,7 +73,6 @@ export function ExpressionWrapper({ lensInspector, noPadding, docLinks, - shouldShowLegendAction, }: ExpressionWrapperProps) { if (!expression) return null; return ( @@ -106,7 +104,6 @@ export function ExpressionWrapper({ onEvent={handleEvent} hasCompatibleActions={hasCompatibleActions} getCompatibleCellValueActions={getCompatibleCellValueActions} - shouldShowLegendAction={shouldShowLegendAction} />
diff --git a/x-pack/plugins/lens/public/types.ts b/x-pack/plugins/lens/public/types.ts index 6ac2b98569d7f5..25b637aebf071a 100644 --- a/x-pack/plugins/lens/public/types.ts +++ b/x-pack/plugins/lens/public/types.ts @@ -1416,6 +1416,7 @@ export type LensTopNavMenuEntryGenerator = (props: { export interface LensCellValueAction { id: string; iconType: string; + type?: string; displayName: string; execute: (data: CellValueContext['data']) => void; } diff --git a/x-pack/plugins/lens/public/visualizations/datatable/components/columns.tsx b/x-pack/plugins/lens/public/visualizations/datatable/components/columns.tsx index 51aa500bbfebfc..c31486d0a0f054 100644 --- a/x-pack/plugins/lens/public/visualizations/datatable/components/columns.tsx +++ b/x-pack/plugins/lens/public/visualizations/datatable/components/columns.tsx @@ -19,10 +19,15 @@ import type { DatatableColumnMeta, } from '@kbn/expressions-plugin/common'; import { EuiDataGridColumnCellAction } from '@elastic/eui/src/components/datagrid/data_grid_types'; +import { FILTER_CELL_ACTION_TYPE } from '@kbn/cell-actions/constants'; import type { FormatFactory } from '../../../../common/types'; import type { ColumnConfig } from '../../../../common/expressions'; import { LensCellValueAction } from '../../../types'; +const hasFilterCellAction = (actions: LensCellValueAction[]) => { + return actions.some(({ type }) => type === FILTER_CELL_ACTION_TYPE); +}; + export const createGridColumns = ( bucketColumns: string[], table: Datatable, @@ -81,7 +86,16 @@ export const createGridColumns = ( const columnArgs = columnConfig.columns.find(({ columnId }) => columnId === field); const cellActions: EuiDataGridColumnCellAction[] = []; - if (filterable && handleFilterClick && !columnArgs?.oneClickFilter) { + + // compatible cell actions from actions registry + const compatibleCellActions = columnCellValueActions?.[colIndex] ?? []; + + if ( + !hasFilterCellAction(compatibleCellActions) && + filterable && + handleFilterClick && + !columnArgs?.oneClickFilter + ) { cellActions.push( ({ rowIndex, columnId, Component }: EuiDataGridColumnCellActionProps) => { const { rowValue, contentsIsDefined, cellContent } = getContentData({ @@ -166,8 +180,6 @@ export const createGridColumns = ( ); } - // Add all the column compatible cell actions - const compatibleCellActions = columnCellValueActions?.[colIndex] ?? []; compatibleCellActions.forEach((action) => { cellActions.push(({ rowIndex, columnId, Component }: EuiDataGridColumnCellActionProps) => { const rowValue = table.rows[rowIndex][columnId]; diff --git a/x-pack/plugins/lens/tsconfig.json b/x-pack/plugins/lens/tsconfig.json index 12f737244bcb05..6cb071d18352af 100644 --- a/x-pack/plugins/lens/tsconfig.json +++ b/x-pack/plugins/lens/tsconfig.json @@ -91,7 +91,8 @@ "@kbn/logging", "@kbn/core-plugins-server", "@kbn/field-utils", - "@kbn/shared-ux-button-toolbar" + "@kbn/shared-ux-button-toolbar", + "@kbn/cell-actions" ], "exclude": [ "target/**/*", diff --git a/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_chart_distribution.js b/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_chart_distribution.js index 51fbb39f9f733a..169f739de41cdd 100644 --- a/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_chart_distribution.js +++ b/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_chart_distribution.js @@ -177,7 +177,7 @@ export class ExplorerChartDistribution extends React.Component { .rangePoints([rowMargin, chartHeight - rowMargin]) .domain(scaleCategories); } else { - throw `chartType '${chartType}' not supported`; + throw new Error(`chartType '${chartType}' not supported`); } const yAxis = d3.svg diff --git a/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts index e43dbf4b5d4873..fc79d1b9a69bbf 100644 --- a/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts +++ b/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts @@ -58,7 +58,10 @@ describe('ALL - Live Query', { tags: ['@ess', '@serverless'] }, () => { expect(interception.response?.body.data.queries[0]).to.have.property('timeout', 890); }); checkResults(); - cy.get('[data-gridcell-column-index="0"][data-gridcell-row-index="0"]').should('exist').click(); + cy.get('[data-gridcell-column-index="0"][data-gridcell-row-index="0"]').should('exist'); + cy.get( + '[data-gridcell-column-index="0"][data-gridcell-row-index="0"] [data-datagrid-interactable="true"]' + ).click(); cy.url().should('include', 'app/fleet/agents/'); }); diff --git a/x-pack/plugins/osquery/package.json b/x-pack/plugins/osquery/package.json index a708e9a3830313..4e9070d780d281 100644 --- a/x-pack/plugins/osquery/package.json +++ b/x-pack/plugins/osquery/package.json @@ -12,7 +12,7 @@ "cypress:run": "yarn cypress run", "cypress:serverless": "NODE_OPTIONS=--openssl-legacy-provider node ../security_solution/scripts/start_cypress_parallel --config-file ../osquery/cypress/serverless_cypress.config.ts --ftr-config-file ../../../x-pack/test/osquery_cypress/serverless_cli_config", "cypress:serverless:open": "yarn cypress:serverless open", - "cypress:serverless:run": "yarn cypress:serverless run --spec ./cypress/e2e/all/packs_integration.cy.ts", + "cypress:serverless:run": "yarn cypress:serverless run", "nyc": "../../../node_modules/.bin/nyc report --reporter=text-summary", "junit:merge": "../../../node_modules/.bin/mochawesome-merge ../../../target/kibana-osquery/cypress/results/mochawesome*.json > ../../../target/kibana-osquery/cypress/results/output.json && ../../../node_modules/.bin/marge ../../../target/kibana-osquery/cypress/results/output.json --reportDir ../../../target/kibana-osquery/cypress/results && yarn junit:transform && mkdir -p ../../../target/junit && cp ../../../target/kibana-osquery/cypress/results/*.xml ../../../target/junit/", "junit:transform": "node ../security_solution/scripts/junit_transformer --pathPattern '../../../target/kibana-osquery/cypress/results/*.xml' --rootDirectory ../../../ --reportName 'Osquery Cypress' --writeInPlace", diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json new file mode 100644 index 00000000000000..dc58c073868999 --- /dev/null +++ b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json @@ -0,0 +1 @@ +[{"field":"labels","type":"object","normalization":"","example":{"application":"foo-bar","env":"production"},"description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","normalization":"","example":"Hello World","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","normalization":"array","example":["production","env2"],"description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","normalization":"","example":"metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","normalization":"","example":"","description":"Client network address."},{"field":"client.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the client."},{"field":"client.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"client.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"client.ip","type":"ip","normalization":"","example":"","description":"IP address of the client."},{"field":"client.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","normalization":"","example":"","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","normalization":"","example":"","description":"Client NAT port"},{"field":"client.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","normalization":"","example":"","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"client.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.origin.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.origin.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.origin.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.origin.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.origin.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.origin.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.origin.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.origin.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.origin.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.target.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.target.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.target.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.target.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.target.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.target.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.target.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.target.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.target.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.target.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.target.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"container.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"container.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"container.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"container.id","type":"keyword","normalization":"","example":"","description":"Unique container id."},{"field":"container.image.hash.all","type":"keyword","normalization":"array","example":"[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]","description":"An array of digests of the image the container was built on."},{"field":"container.image.name","type":"keyword","normalization":"","example":"","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","normalization":"array","example":"","description":"Container image tags."},{"field":"container.labels","type":"object","normalization":"","example":"","description":"Image labels."},{"field":"container.memory.usage","type":"scaled_float","normalization":"","example":"","description":"Percent memory used, between 0 and 1."},{"field":"container.name","type":"keyword","normalization":"","example":"","description":"Container name."},{"field":"container.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"container.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"container.runtime","type":"keyword","normalization":"","example":"docker","description":"Runtime managing this container."},{"field":"container.security_context.privileged","type":"boolean","normalization":"","example":"","description":"Indicates whether the container is running in privileged mode."},{"field":"data_stream.dataset","type":"constant_keyword","normalization":"","example":"nginx.access","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","normalization":"","example":"production","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","normalization":"","example":"logs","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","normalization":"","example":"","description":"Destination network address."},{"field":"destination.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the destination."},{"field":"destination.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"destination.ip","type":"ip","normalization":"","example":"","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","normalization":"","example":"","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","normalization":"","example":"","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","normalization":"","example":"","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"device.id","type":"keyword","normalization":"","example":"00000000-54b3-e7c7-0000-000046bffd97","description":"The unique identifier of a device."},{"field":"device.manufacturer","type":"keyword","normalization":"","example":"Samsung","description":"The vendor name of the device manufacturer."},{"field":"device.model.identifier","type":"keyword","normalization":"","example":"SM-G920F","description":"The machine readable identifier of the device model."},{"field":"device.model.name","type":"keyword","normalization":"","example":"Samsung Galaxy S6","description":"The human readable marketing name of the device model."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"dll.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"dll.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"dll.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"dll.name","type":"keyword","normalization":"","example":"kernel32.dll","description":"Name of the library."},{"field":"dll.path","type":"keyword","normalization":"","example":"C:\\Windows\\System32\\kernel32.dll","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"dll.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"dll.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"dll.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"dll.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"dll.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"dll.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"dll.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"dll.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"dll.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"dll.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"dll.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"dll.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"dll.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"dll.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"dns.answers","type":"object","normalization":"array","example":"","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","normalization":"","example":"IN","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","normalization":"","example":"10.10.10.10","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","normalization":"","example":"www.example.com","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","normalization":"","example":180,"description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","normalization":"","example":"CNAME","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","normalization":"array","example":["RD","RA"],"description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","normalization":"","example":62111,"description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","normalization":"","example":"QUERY","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","normalization":"","example":"IN","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","normalization":"","example":"www.example.com","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","normalization":"","example":"www","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","normalization":"","example":"AAAA","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","normalization":"array","example":["10.10.10.10","10.10.10.11"],"description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","normalization":"","example":"NOERROR","description":"The DNS response code."},{"field":"dns.type","type":"keyword","normalization":"","example":"answer","description":"The type of DNS event captured, query or answer."},{"field":"email.attachments","type":"nested","normalization":"array","example":"","description":"List of objects describing the attachments."},{"field":"email.attachments.file.extension","type":"keyword","normalization":"","example":"txt","description":"Attachment file extension."},{"field":"email.attachments.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"email.attachments.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"email.attachments.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"email.attachments.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"email.attachments.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"email.attachments.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"email.attachments.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"email.attachments.file.mime_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the attachment file."},{"field":"email.attachments.file.name","type":"keyword","normalization":"","example":"attachment.txt","description":"Name of the attachment file."},{"field":"email.attachments.file.size","type":"long","normalization":"","example":64329,"description":"Attachment file size."},{"field":"email.bcc.address","type":"keyword","normalization":"array","example":"bcc.user1@example.com","description":"Email address of BCC recipient"},{"field":"email.cc.address","type":"keyword","normalization":"array","example":"cc.user1@example.com","description":"Email address of CC recipient"},{"field":"email.content_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the email message."},{"field":"email.delivery_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time when message was delivered."},{"field":"email.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the message."},{"field":"email.from.address","type":"keyword","normalization":"array","example":"sender@example.com","description":"The sender's email address."},{"field":"email.local_id","type":"keyword","normalization":"","example":"c26dbea0-80d5-463b-b93c-4e8b708219ce","description":"Unique identifier given by the source."},{"field":"email.message_id","type":"wildcard","normalization":"","example":"81ce15$8r2j59@mail01.example.com","description":"Value from the Message-ID header."},{"field":"email.origination_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time the email was composed."},{"field":"email.reply_to.address","type":"keyword","normalization":"array","example":"reply.here@example.com","description":"Address replies should be delivered to."},{"field":"email.sender.address","type":"keyword","normalization":"","example":"","description":"Address of the message sender."},{"field":"email.subject","type":"keyword","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.subject.text","type":"match_only_text","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.to.address","type":"keyword","normalization":"array","example":"user1@example.com","description":"Email address of recipient"},{"field":"email.x_mailer","type":"keyword","normalization":"","example":"Spambot v2.5","description":"Application that drafted email."},{"field":"error.code","type":"keyword","normalization":"","example":"","description":"Error code describing the error."},{"field":"error.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","normalization":"","example":"","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","normalization":"","example":"java.lang.NullPointerException","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","normalization":"","example":"user-password-change","description":"The action captured by the event."},{"field":"event.category","type":"keyword","normalization":"array","example":"authentication","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","normalization":"","example":4648,"description":"Identification code for this event."},{"field":"event.created","type":"date","normalization":"","example":"2016-05-23T08:05:34.857Z","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","normalization":"","example":"apache.access","description":"Name of the dataset."},{"field":"event.duration","type":"long","normalization":"","example":"","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","normalization":"","example":"","description":"`event.end` contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","normalization":"","example":"123456789012345678901234567890ABCD","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","normalization":"","example":"8a4f500d","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","normalization":"","example":"alert","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","normalization":"","example":"success","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","normalization":"","example":"kernel","description":"Source of the event."},{"field":"event.reason","type":"keyword","normalization":"","example":"Terminated an unexpected process","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","normalization":"","example":"https://system.example.com/event/#0001234","description":"Event reference URL"},{"field":"event.risk_score","type":"float","normalization":"","example":"","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","normalization":"","example":"","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","normalization":"","example":"","description":"Sequence number of the event."},{"field":"event.severity","type":"long","normalization":"","example":7,"description":"Numeric severity of the event."},{"field":"event.start","type":"date","normalization":"","example":"","description":"`event.start` contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","normalization":"","example":"","description":"Event time zone."},{"field":"event.type","type":"keyword","normalization":"array","example":"","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","normalization":"","example":"https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe","description":"Event investigation URL"},{"field":"faas.coldstart","type":"boolean","normalization":"","example":"","description":"Boolean value indicating a cold start of a function."},{"field":"faas.execution","type":"keyword","normalization":"","example":"af9d5aa4-a685-4c5f-a22b-444f80b3cc28","description":"The execution ID of the current function execution."},{"field":"faas.id","type":"keyword","normalization":"","example":"arn:aws:lambda:us-west-2:123456789012:function:my-function","description":"The unique identifier of a serverless function."},{"field":"faas.name","type":"keyword","normalization":"","example":"my-function","description":"The name of a serverless function."},{"field":"faas.trigger.request_id","type":"keyword","normalization":"","example":123456789,"description":"The ID of the trigger request , message, event, etc."},{"field":"faas.trigger.type","type":"keyword","normalization":"","example":"http","description":"The trigger for the function execution."},{"field":"faas.version","type":"keyword","normalization":"","example":123,"description":"The version of a serverless function."},{"field":"file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"file.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"file.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"file.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"file.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"file.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"file.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"file.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.boot.id","type":"keyword","normalization":"","example":"88a1f0ed-5ae5-41ee-af6b-41921c311872","description":"Linux boot uuid taken from /proc/sys/kernel/random/boot_id"},{"field":"host.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","normalization":"","example":"CONTOSO","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"host.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"host.name","type":"keyword","normalization":"","example":"","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","normalization":"","example":"","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","normalization":"","example":"","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.pid_ns_ino","type":"keyword","normalization":"","example":256383,"description":"Pid namespace inode"},{"field":"host.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"host.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"host.type","type":"keyword","normalization":"","example":"","description":"Type of host."},{"field":"host.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the host has been up."},{"field":"http.request.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","normalization":"","example":"123e4567-e89b-12d3-a456-426614174000","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","normalization":"","example":"POST","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","normalization":"","example":"https://blog.example.com/","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","normalization":"","example":404,"description":"HTTP response status code."},{"field":"http.version","type":"keyword","normalization":"","example":1.1,"description":"HTTP version."},{"field":"log.file.path","type":"keyword","normalization":"","example":"/var/log/fun-times.log","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","normalization":"","example":"error","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","normalization":"","example":"org.elasticsearch.bootstrap.Bootstrap","description":"Name of the logger."},{"field":"log.origin.file.line","type":"long","normalization":"","example":42,"description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","normalization":"","example":"Bootstrap.java","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","normalization":"","example":"init","description":"The function which originated the log event."},{"field":"log.syslog","type":"object","normalization":"","example":"","description":"Syslog metadata"},{"field":"log.syslog.appname","type":"keyword","normalization":"","example":"sshd","description":"The device or application that originated the Syslog message."},{"field":"log.syslog.facility.code","type":"long","normalization":"","example":23,"description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","normalization":"","example":"local7","description":"Syslog text-based facility of the event."},{"field":"log.syslog.hostname","type":"keyword","normalization":"","example":"example-host","description":"The host that originated the Syslog message."},{"field":"log.syslog.msgid","type":"keyword","normalization":"","example":"ID47","description":"An identifier for the type of Syslog message."},{"field":"log.syslog.priority","type":"long","normalization":"","example":135,"description":"Syslog priority of the event."},{"field":"log.syslog.procid","type":"keyword","normalization":"","example":12345,"description":"The process name or ID that originated the Syslog message."},{"field":"log.syslog.severity.code","type":"long","normalization":"","example":3,"description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","normalization":"","example":"Error","description":"Syslog text-based severity of the event."},{"field":"log.syslog.structured_data","type":"flattened","normalization":"","example":"","description":"Structured data expressed in RFC 5424 messages."},{"field":"log.syslog.version","type":"keyword","normalization":"","example":1,"description":"Syslog protocol version."},{"field":"network.application","type":"keyword","normalization":"","example":"aim","description":"Application level protocol name."},{"field":"network.bytes","type":"long","normalization":"","example":368,"description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","normalization":"","example":"1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","normalization":"","example":"192.1.1.2","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","normalization":"","example":6,"description":"IANA Protocol Number."},{"field":"network.inner","type":"object","normalization":"","example":"","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","normalization":"","example":"Guest Wifi","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","normalization":"","example":24,"description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","normalization":"","example":"http","description":"Application protocol name."},{"field":"network.transport","type":"keyword","normalization":"","example":"tcp","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","normalization":"","example":"ipv4","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","normalization":"","example":"","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","normalization":"","example":"Public_Internet","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"observer.hostname","type":"keyword","normalization":"","example":"","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","normalization":"","example":"","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","normalization":"","example":"DMZ","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","normalization":"array","example":"","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","normalization":"array","example":["00-00-5E-00-53-23","00-00-5E-00-53-24"],"description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","normalization":"","example":"1_proxySG","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"observer.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","normalization":"","example":"s200","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","normalization":"","example":"","description":"Observer serial number."},{"field":"observer.type","type":"keyword","normalization":"","example":"firewall","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","normalization":"","example":"Symantec","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","normalization":"","example":"","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","normalization":"","example":"v1beta1","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the cluster."},{"field":"orchestrator.cluster.name","type":"keyword","normalization":"","example":"","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","normalization":"","example":"","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","normalization":"","example":"","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","normalization":"","example":"kube-system","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","normalization":"","example":"elastic","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.annotation","type":"keyword","normalization":"array","example":"['key1:value1', 'key2:value2', 'key3:value3']","description":"The list of annotations added to the resource."},{"field":"orchestrator.resource.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the resource being acted upon."},{"field":"orchestrator.resource.ip","type":"ip","normalization":"array","example":"","description":"IP address assigned to the resource associated with the event being observed."},{"field":"orchestrator.resource.label","type":"keyword","normalization":"array","example":"['key1:value1', 'key2:value2', 'key3:value3']","description":"The list of labels added to the resource."},{"field":"orchestrator.resource.name","type":"keyword","normalization":"","example":"test-pod-cdcws","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.parent.type","type":"keyword","normalization":"","example":"DaemonSet","description":"Type or kind of the parent resource associated with the event being observed."},{"field":"orchestrator.resource.type","type":"keyword","normalization":"","example":"service","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","normalization":"","example":"kubernetes","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","normalization":"","example":"","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","normalization":"","example":"","description":"Organization name."},{"field":"package.architecture","type":"keyword","normalization":"","example":"x86_64","description":"Package architecture."},{"field":"package.build_version","type":"keyword","normalization":"","example":"36f4f7e89dd61b0988b12ee000b98966867710cd","description":"Build version information"},{"field":"package.checksum","type":"keyword","normalization":"","example":"68b329da9893e34099c7d8ad5cb9c940","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","normalization":"","example":"Open source programming language to build simple/reliable/efficient software.","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","normalization":"","example":"global","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","normalization":"","example":"","description":"Time when package was installed."},{"field":"package.license","type":"keyword","normalization":"","example":"Apache License 2.0","description":"Package license"},{"field":"package.name","type":"keyword","normalization":"","example":"go","description":"Package name"},{"field":"package.path","type":"keyword","normalization":"","example":"/usr/local/Cellar/go/1.12.9/","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","normalization":"","example":"https://golang.org","description":"Package home page or reference URL"},{"field":"package.size","type":"long","normalization":"","example":62231,"description":"Package size in bytes."},{"field":"package.type","type":"keyword","normalization":"","example":"rpm","description":"Package type"},{"field":"package.version","type":"keyword","normalization":"","example":"1.12.9","description":"Package version"},{"field":"process.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.entry_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.entry_leader.attested_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.attested_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.attested_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.attested_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.entry_meta.source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"process.entry_leader.entry_meta.type","type":"keyword","normalization":"","example":"","description":"The entry type for the entry session leader."},{"field":"process.entry_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.entry_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.entry_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.entry_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.entry_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.entry_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.entry_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.env_vars","type":"keyword","normalization":"array","example":["PATH=/usr/local/bin:/usr/bin","USER=ubuntu"],"description":"Array of environment variable bindings."},{"field":"process.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.group_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.group_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.group_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.group_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.group_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.group_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.group_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.group_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.group_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.group_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.group_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.group_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.group_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.io","type":"object","normalization":"","example":"","description":"A chunk of input or output (IO) from a single process."},{"field":"process.io.bytes_skipped","type":"object","normalization":"array","example":"","description":"An array of byte offsets and lengths denoting where IO data has been skipped."},{"field":"process.io.bytes_skipped.length","type":"long","normalization":"","example":"","description":"The length of bytes skipped."},{"field":"process.io.bytes_skipped.offset","type":"long","normalization":"","example":"","description":"The byte offset into this event's io.text (or io.bytes in the future) where length bytes were skipped."},{"field":"process.io.max_bytes_per_process_exceeded","type":"boolean","normalization":"","example":"","description":"If true, the process producing the output has exceeded the max_kilobytes_per_process configuration setting."},{"field":"process.io.text","type":"wildcard","normalization":"","example":"","description":"A chunk of output or input sanitized to UTF-8."},{"field":"process.io.total_bytes_captured","type":"long","normalization":"","example":"","description":"The total number of bytes captured in this event."},{"field":"process.io.total_bytes_skipped","type":"long","normalization":"","example":"","description":"The total number of bytes that were not captured due to implementation restrictions such as buffer size limits."},{"field":"process.io.type","type":"keyword","normalization":"","example":"","description":"The type of object on which the IO action (read or write) was taken."},{"field":"process.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.parent.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.parent.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.parent.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.parent.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.parent.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.parent.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.group_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.parent.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.parent.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.parent.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.parent.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.parent.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.parent.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.parent.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.parent.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.parent.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.parent.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.parent.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.parent.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.parent.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.parent.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.parent.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.parent.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.thread.capabilities.effective","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities used for permission checks."},{"field":"process.parent.thread.capabilities.permitted","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities a thread could assume."},{"field":"process.parent.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.parent.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.parent.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.parent.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.parent.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.parent.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.parent.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.parent.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.previous.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.previous.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.previous.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.previous.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.session_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.session_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.session_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.session_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.session_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.session_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.session_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.session_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.thread.capabilities.effective","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities used for permission checks."},{"field":"process.thread.capabilities.permitted","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities a thread could assume."},{"field":"process.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.tty.columns","type":"long","normalization":"","example":80,"description":"The number of character columns per line. e.g terminal width"},{"field":"process.tty.rows","type":"long","normalization":"","example":24,"description":"The number of character rows in the terminal. e.g terminal height"},{"field":"process.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"related.hash","type":"keyword","normalization":"array","example":"","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","normalization":"array","example":"","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","normalization":"array","example":"","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","normalization":"array","example":"","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","normalization":"array","example":["Star-Lord"],"description":"Rule author"},{"field":"rule.category","type":"keyword","normalization":"","example":"Attempted Information Leak","description":"Rule category"},{"field":"rule.description","type":"keyword","normalization":"","example":"Block requests to public DNS over HTTPS / TLS protocols","description":"Rule description"},{"field":"rule.id","type":"keyword","normalization":"","example":101,"description":"Rule ID"},{"field":"rule.license","type":"keyword","normalization":"","example":"Apache 2.0","description":"Rule license"},{"field":"rule.name","type":"keyword","normalization":"","example":"BLOCK_DNS_over_TLS","description":"Rule name"},{"field":"rule.reference","type":"keyword","normalization":"","example":"https://en.wikipedia.org/wiki/DNS_over_TLS","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","normalization":"","example":"Standard_Protocol_Filters","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","normalization":"","example":1100110011,"description":"Rule UUID"},{"field":"rule.version","type":"keyword","normalization":"","example":1.1,"description":"Rule version"},{"field":"server.address","type":"keyword","normalization":"","example":"","description":"Server network address."},{"field":"server.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the server."},{"field":"server.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"server.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"server.ip","type":"ip","normalization":"","example":"","description":"IP address of the server."},{"field":"server.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","normalization":"","example":"","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","normalization":"","example":"","description":"Server NAT port"},{"field":"server.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","normalization":"","example":"","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"server.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.origin.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.origin.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.origin.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.origin.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.origin.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.origin.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.origin.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.origin.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.origin.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.target.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.target.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.target.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.target.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.target.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.target.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.target.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.target.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.target.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"source.address","type":"keyword","normalization":"","example":"","description":"Source network address."},{"field":"source.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the source."},{"field":"source.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"source.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"source.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","normalization":"","example":"","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","normalization":"","example":"","description":"Source NAT port"},{"field":"source.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","normalization":"","example":"","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"source.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","normalization":"","example":"3ff9a8981b7ccd5a","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","normalization":"array","example":"","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","normalization":"","example":"","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.enrichments.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.enrichments.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.enrichments.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.enrichments.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.enrichments.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.enrichments.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","normalization":"","example":"bad-domain.com","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","normalization":"","example":"file.hash.sha256","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","normalization":"","example":"ff93aee5-86a1-4a61-b0e6-0cdc313d01b5","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","normalization":"","example":"filebeat-8.0.0-2021.05.23-000011","description":"Matched indicator index"},{"field":"threat.enrichments.matched.occurred","type":"date","normalization":"","example":"2021-10-05T17:00:58.326Z","description":"Date of match"},{"field":"threat.enrichments.matched.type","type":"keyword","normalization":"","example":"indicator_match_rule","description":"Type of indicator match"},{"field":"threat.feed.dashboard_id","type":"keyword","normalization":"","example":"5ba16340-72e6-11eb-a3e3-b3cc7c78a70f","description":"Feed dashboard ID."},{"field":"threat.feed.description","type":"keyword","normalization":"","example":"Threat feed from the AlienVault Open Threat eXchange network.","description":"Description of the threat feed."},{"field":"threat.feed.name","type":"keyword","normalization":"","example":"AlienVault OTX","description":"Name of the threat feed."},{"field":"threat.feed.reference","type":"keyword","normalization":"","example":"https://otx.alienvault.com","description":"Reference for the threat feed."},{"field":"threat.framework","type":"keyword","normalization":"","example":"MITRE ATT&CK","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","normalization":"array","example":["Magecart Group 6"],"description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","normalization":"","example":"G0037","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","normalization":"","example":"FIN6","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/groups/G0037/","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","normalization":"array","example":["X-Agent"],"description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","normalization":"","example":"S0552","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","normalization":"","example":"AdFind","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","normalization":"array","example":["Windows"],"description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/software/S0552/","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","normalization":"","example":"Tool","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","normalization":"array","example":"TA0002","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","normalization":"array","example":"Execution","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/tactics/TA0002/","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","normalization":"array","example":"T1059","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","normalization":"array","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","normalization":"","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","normalization":"array","example":"T1059.001","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","normalization":"array","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","normalization":"","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/001/","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","normalization":"","example":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","normalization":"","example":"d4e5b18d6b55c71272893221c96ba240","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","normalization":"","example":"www.elastic.co","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","normalization":"","example":"CN=myclient, OU=Documentation Team, DC=example, DC=com","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","normalization":"array","example":["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","..."],"description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","normalization":"","example":"secp256r1","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","normalization":"","example":"http/1.1","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","normalization":"","example":"394441ab65754e2207b1e1b457b3641d","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","normalization":"","example":"CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.version","type":"keyword","normalization":"","example":1.2,"description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","normalization":"","example":"tls","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","normalization":"","example":"4bf92f3577b34da6a3ce929d0e0e4736","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","normalization":"","example":"00f067aa0ba902b7","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"user.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.target.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","normalization":"","example":"iPhone","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","normalization":"","example":"Safari","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"user_agent.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","normalization":"","example":12,"description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","normalization":"array","example":["Firewall"],"description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","normalization":"","example":"CVSS","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","normalization":"","example":"CVE","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","normalization":"","example":"CVE-2019-00001","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","normalization":"","example":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","normalization":"","example":20191018.0001,"description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","normalization":"","example":"Tenable","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","normalization":"","example":5.5,"description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","normalization":"","example":5.5,"description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","normalization":"","example":"","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","normalization":"","example":2,"description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","normalization":"","example":"Critical","description":"Severity of the vulnerability."}] diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.7.0.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.7.0.json deleted file mode 100644 index 0961ad25572a42..00000000000000 --- a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.7.0.json +++ /dev/null @@ -1 +0,0 @@ -[{"field":"labels","type":"object","normalization":"","example":{"application":"foo-bar","env":"production"},"description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","normalization":"","example":"Hello World","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","normalization":"array","example":["production","env2"],"description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","normalization":"","example":"metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","normalization":"","example":"","description":"Client network address."},{"field":"client.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the client."},{"field":"client.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"client.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"client.ip","type":"ip","normalization":"","example":"","description":"IP address of the client."},{"field":"client.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","normalization":"","example":"","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","normalization":"","example":"","description":"Client NAT port"},{"field":"client.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","normalization":"","example":"","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"client.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.origin.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.origin.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.origin.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.origin.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.origin.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.origin.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.origin.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.origin.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.origin.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.target.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.target.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.target.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.target.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.target.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.target.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.target.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.target.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.target.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.target.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.target.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"container.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"container.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"container.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"container.id","type":"keyword","normalization":"","example":"","description":"Unique container id."},{"field":"container.image.hash.all","type":"keyword","normalization":"array","example":"[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]","description":"An array of digests of the image the container was built on."},{"field":"container.image.name","type":"keyword","normalization":"","example":"","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","normalization":"array","example":"","description":"Container image tags."},{"field":"container.labels","type":"object","normalization":"","example":"","description":"Image labels."},{"field":"container.memory.usage","type":"scaled_float","normalization":"","example":"","description":"Percent memory used, between 0 and 1."},{"field":"container.name","type":"keyword","normalization":"","example":"","description":"Container name."},{"field":"container.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"container.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"container.runtime","type":"keyword","normalization":"","example":"docker","description":"Runtime managing this container."},{"field":"data_stream.dataset","type":"constant_keyword","normalization":"","example":"nginx.access","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","normalization":"","example":"production","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","normalization":"","example":"logs","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","normalization":"","example":"","description":"Destination network address."},{"field":"destination.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the destination."},{"field":"destination.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"destination.ip","type":"ip","normalization":"","example":"","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","normalization":"","example":"","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","normalization":"","example":"","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","normalization":"","example":"","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"device.id","type":"keyword","normalization":"","example":"00000000-54b3-e7c7-0000-000046bffd97","description":"The unique identifier of a device."},{"field":"device.manufacturer","type":"keyword","normalization":"","example":"Samsung","description":"The vendor name of the device manufacturer."},{"field":"device.model.identifier","type":"keyword","normalization":"","example":"SM-G920F","description":"The machine readable identifier of the device model."},{"field":"device.model.name","type":"keyword","normalization":"","example":"Samsung Galaxy S6","description":"The human readable marketing name of the device model."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"dll.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"dll.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"dll.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"dll.name","type":"keyword","normalization":"","example":"kernel32.dll","description":"Name of the library."},{"field":"dll.path","type":"keyword","normalization":"","example":"C:\\Windows\\System32\\kernel32.dll","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"dll.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"dll.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"dll.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"dll.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"dll.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"dll.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"dll.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"dll.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"dll.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"dll.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"dll.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"dll.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"dll.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"dll.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"dns.answers","type":"object","normalization":"array","example":"","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","normalization":"","example":"IN","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","normalization":"","example":"10.10.10.10","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","normalization":"","example":"www.example.com","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","normalization":"","example":180,"description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","normalization":"","example":"CNAME","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","normalization":"array","example":["RD","RA"],"description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","normalization":"","example":62111,"description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","normalization":"","example":"QUERY","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","normalization":"","example":"IN","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","normalization":"","example":"www.example.com","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","normalization":"","example":"www","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","normalization":"","example":"AAAA","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","normalization":"array","example":["10.10.10.10","10.10.10.11"],"description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","normalization":"","example":"NOERROR","description":"The DNS response code."},{"field":"dns.type","type":"keyword","normalization":"","example":"answer","description":"The type of DNS event captured, query or answer."},{"field":"email.attachments","type":"nested","normalization":"array","example":"","description":"List of objects describing the attachments."},{"field":"email.attachments.file.extension","type":"keyword","normalization":"","example":"txt","description":"Attachment file extension."},{"field":"email.attachments.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"email.attachments.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"email.attachments.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"email.attachments.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"email.attachments.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"email.attachments.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"email.attachments.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"email.attachments.file.mime_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the attachment file."},{"field":"email.attachments.file.name","type":"keyword","normalization":"","example":"attachment.txt","description":"Name of the attachment file."},{"field":"email.attachments.file.size","type":"long","normalization":"","example":64329,"description":"Attachment file size."},{"field":"email.bcc.address","type":"keyword","normalization":"array","example":"bcc.user1@example.com","description":"Email address of BCC recipient"},{"field":"email.cc.address","type":"keyword","normalization":"array","example":"cc.user1@example.com","description":"Email address of CC recipient"},{"field":"email.content_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the email message."},{"field":"email.delivery_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time when message was delivered."},{"field":"email.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the message."},{"field":"email.from.address","type":"keyword","normalization":"array","example":"sender@example.com","description":"The sender's email address."},{"field":"email.local_id","type":"keyword","normalization":"","example":"c26dbea0-80d5-463b-b93c-4e8b708219ce","description":"Unique identifier given by the source."},{"field":"email.message_id","type":"wildcard","normalization":"","example":"81ce15$8r2j59@mail01.example.com","description":"Value from the Message-ID header."},{"field":"email.origination_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time the email was composed."},{"field":"email.reply_to.address","type":"keyword","normalization":"array","example":"reply.here@example.com","description":"Address replies should be delivered to."},{"field":"email.sender.address","type":"keyword","normalization":"","example":"","description":"Address of the message sender."},{"field":"email.subject","type":"keyword","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.subject.text","type":"match_only_text","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.to.address","type":"keyword","normalization":"array","example":"user1@example.com","description":"Email address of recipient"},{"field":"email.x_mailer","type":"keyword","normalization":"","example":"Spambot v2.5","description":"Application that drafted email."},{"field":"error.code","type":"keyword","normalization":"","example":"","description":"Error code describing the error."},{"field":"error.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","normalization":"","example":"","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","normalization":"","example":"java.lang.NullPointerException","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","normalization":"","example":"user-password-change","description":"The action captured by the event."},{"field":"event.category","type":"keyword","normalization":"array","example":"authentication","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","normalization":"","example":4648,"description":"Identification code for this event."},{"field":"event.created","type":"date","normalization":"","example":"2016-05-23T08:05:34.857Z","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","normalization":"","example":"apache.access","description":"Name of the dataset."},{"field":"event.duration","type":"long","normalization":"","example":"","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","normalization":"","example":"","description":"event.end contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","normalization":"","example":"123456789012345678901234567890ABCD","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","normalization":"","example":"8a4f500d","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","normalization":"","example":"alert","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","normalization":"","example":"success","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","normalization":"","example":"kernel","description":"Source of the event."},{"field":"event.reason","type":"keyword","normalization":"","example":"Terminated an unexpected process","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","normalization":"","example":"https://system.example.com/event/#0001234","description":"Event reference URL"},{"field":"event.risk_score","type":"float","normalization":"","example":"","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","normalization":"","example":"","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","normalization":"","example":"","description":"Sequence number of the event."},{"field":"event.severity","type":"long","normalization":"","example":7,"description":"Numeric severity of the event."},{"field":"event.start","type":"date","normalization":"","example":"","description":"event.start contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","normalization":"","example":"","description":"Event time zone."},{"field":"event.type","type":"keyword","normalization":"array","example":"","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","normalization":"","example":"https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe","description":"Event investigation URL"},{"field":"faas.coldstart","type":"boolean","normalization":"","example":"","description":"Boolean value indicating a cold start of a function."},{"field":"faas.execution","type":"keyword","normalization":"","example":"af9d5aa4-a685-4c5f-a22b-444f80b3cc28","description":"The execution ID of the current function execution."},{"field":"faas.id","type":"keyword","normalization":"","example":"arn:aws:lambda:us-west-2:123456789012:function:my-function","description":"The unique identifier of a serverless function."},{"field":"faas.name","type":"keyword","normalization":"","example":"my-function","description":"The name of a serverless function."},{"field":"faas.trigger","type":"nested","normalization":"","example":"","description":"Details about the function trigger."},{"field":"faas.trigger.request_id","type":"keyword","normalization":"","example":123456789,"description":"The ID of the trigger request , message, event, etc."},{"field":"faas.trigger.type","type":"keyword","normalization":"","example":"http","description":"The trigger for the function execution."},{"field":"faas.version","type":"keyword","normalization":"","example":123,"description":"The version of a serverless function."},{"field":"file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"file.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"file.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"file.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"file.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"file.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"file.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"file.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.boot.id","type":"keyword","normalization":"","example":"88a1f0ed-5ae5-41ee-af6b-41921c311872","description":"Linux boot uuid taken from /proc/sys/kernel/random/boot_id"},{"field":"host.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","normalization":"","example":"CONTOSO","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"host.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"host.name","type":"keyword","normalization":"","example":"","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","normalization":"","example":"","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","normalization":"","example":"","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.pid_ns_ino","type":"keyword","normalization":"","example":256383,"description":"Pid namespace inode"},{"field":"host.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"host.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"host.type","type":"keyword","normalization":"","example":"","description":"Type of host."},{"field":"host.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the host has been up."},{"field":"http.request.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","normalization":"","example":"123e4567-e89b-12d3-a456-426614174000","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","normalization":"","example":"POST","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","normalization":"","example":"https://blog.example.com/","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","normalization":"","example":404,"description":"HTTP response status code."},{"field":"http.version","type":"keyword","normalization":"","example":1.1,"description":"HTTP version."},{"field":"log.file.path","type":"keyword","normalization":"","example":"/var/log/fun-times.log","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","normalization":"","example":"error","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","normalization":"","example":"org.elasticsearch.bootstrap.Bootstrap","description":"Name of the logger."},{"field":"log.origin.file.line","type":"long","normalization":"","example":42,"description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","normalization":"","example":"Bootstrap.java","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","normalization":"","example":"init","description":"The function which originated the log event."},{"field":"log.syslog","type":"object","normalization":"","example":"","description":"Syslog metadata"},{"field":"log.syslog.appname","type":"keyword","normalization":"","example":"sshd","description":"The device or application that originated the Syslog message."},{"field":"log.syslog.facility.code","type":"long","normalization":"","example":23,"description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","normalization":"","example":"local7","description":"Syslog text-based facility of the event."},{"field":"log.syslog.hostname","type":"keyword","normalization":"","example":"example-host","description":"The host that originated the Syslog message."},{"field":"log.syslog.msgid","type":"keyword","normalization":"","example":"ID47","description":"An identifier for the type of Syslog message."},{"field":"log.syslog.priority","type":"long","normalization":"","example":135,"description":"Syslog priority of the event."},{"field":"log.syslog.procid","type":"keyword","normalization":"","example":12345,"description":"The process name or ID that originated the Syslog message."},{"field":"log.syslog.severity.code","type":"long","normalization":"","example":3,"description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","normalization":"","example":"Error","description":"Syslog text-based severity of the event."},{"field":"log.syslog.structured_data","type":"flattened","normalization":"","example":"","description":"Structured data expressed in RFC 5424 messages."},{"field":"log.syslog.version","type":"keyword","normalization":"","example":1,"description":"Syslog protocol version."},{"field":"network.application","type":"keyword","normalization":"","example":"aim","description":"Application level protocol name."},{"field":"network.bytes","type":"long","normalization":"","example":368,"description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","normalization":"","example":"1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","normalization":"","example":"192.1.1.2","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","normalization":"","example":6,"description":"IANA Protocol Number."},{"field":"network.inner","type":"object","normalization":"","example":"","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","normalization":"","example":"Guest Wifi","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","normalization":"","example":24,"description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","normalization":"","example":"http","description":"Application protocol name."},{"field":"network.transport","type":"keyword","normalization":"","example":"tcp","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","normalization":"","example":"ipv4","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","normalization":"","example":"","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","normalization":"","example":"Public_Internet","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"observer.hostname","type":"keyword","normalization":"","example":"","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","normalization":"","example":"","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","normalization":"","example":"DMZ","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","normalization":"array","example":"","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","normalization":"array","example":["00-00-5E-00-53-23","00-00-5E-00-53-24"],"description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","normalization":"","example":"1_proxySG","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"observer.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","normalization":"","example":"s200","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","normalization":"","example":"","description":"Observer serial number."},{"field":"observer.type","type":"keyword","normalization":"","example":"firewall","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","normalization":"","example":"Symantec","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","normalization":"","example":"","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","normalization":"","example":"v1beta1","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the cluster."},{"field":"orchestrator.cluster.name","type":"keyword","normalization":"","example":"","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","normalization":"","example":"","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","normalization":"","example":"","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","normalization":"","example":"kube-system","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","normalization":"","example":"elastic","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the resource being acted upon."},{"field":"orchestrator.resource.ip","type":"ip","normalization":"array","example":"","description":"IP address assigned to the resource associated with the event being observed."},{"field":"orchestrator.resource.name","type":"keyword","normalization":"","example":"test-pod-cdcws","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.parent.type","type":"keyword","normalization":"","example":"DaemonSet","description":"Type or kind of the parent resource associated with the event being observed."},{"field":"orchestrator.resource.type","type":"keyword","normalization":"","example":"service","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","normalization":"","example":"kubernetes","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","normalization":"","example":"","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","normalization":"","example":"","description":"Organization name."},{"field":"package.architecture","type":"keyword","normalization":"","example":"x86_64","description":"Package architecture."},{"field":"package.build_version","type":"keyword","normalization":"","example":"36f4f7e89dd61b0988b12ee000b98966867710cd","description":"Build version information"},{"field":"package.checksum","type":"keyword","normalization":"","example":"68b329da9893e34099c7d8ad5cb9c940","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","normalization":"","example":"Open source programming language to build simple/reliable/efficient software.","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","normalization":"","example":"global","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","normalization":"","example":"","description":"Time when package was installed."},{"field":"package.license","type":"keyword","normalization":"","example":"Apache License 2.0","description":"Package license"},{"field":"package.name","type":"keyword","normalization":"","example":"go","description":"Package name"},{"field":"package.path","type":"keyword","normalization":"","example":"/usr/local/Cellar/go/1.12.9/","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","normalization":"","example":"https://golang.org","description":"Package home page or reference URL"},{"field":"package.size","type":"long","normalization":"","example":62231,"description":"Package size in bytes."},{"field":"package.type","type":"keyword","normalization":"","example":"rpm","description":"Package type"},{"field":"package.version","type":"keyword","normalization":"","example":"1.12.9","description":"Package version"},{"field":"process.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.entry_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.entry_leader.attested_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.attested_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.attested_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.attested_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.entry_meta.source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"process.entry_leader.entry_meta.type","type":"keyword","normalization":"","example":"","description":"The entry type for the entry session leader."},{"field":"process.entry_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.entry_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.entry_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.entry_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.entry_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.entry_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.entry_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.env_vars","type":"keyword","normalization":"array","example":["PATH=/usr/local/bin:/usr/bin","USER=ubuntu"],"description":"Array of environment variable bindings."},{"field":"process.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.group_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.group_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.group_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.group_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.group_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.group_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.group_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.group_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.group_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.group_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.group_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.group_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.io","type":"object","normalization":"","example":"","description":"A chunk of input or output (IO) from a single process."},{"field":"process.io.bytes_skipped","type":"object","normalization":"array","example":"","description":"An array of byte offsets and lengths denoting where IO data has been skipped."},{"field":"process.io.bytes_skipped.length","type":"long","normalization":"","example":"","description":"The length of bytes skipped."},{"field":"process.io.bytes_skipped.offset","type":"long","normalization":"","example":"","description":"The byte offset into this event's io.text (or io.bytes in the future) where length bytes were skipped."},{"field":"process.io.max_bytes_per_process_exceeded","type":"boolean","normalization":"","example":"","description":"If true, the process producing the output has exceeded the max_kilobytes_per_process configuration setting."},{"field":"process.io.text","type":"wildcard","normalization":"","example":"","description":"A chunk of output or input sanitized to UTF-8."},{"field":"process.io.total_bytes_captured","type":"long","normalization":"","example":"","description":"The total number of bytes captured in this event."},{"field":"process.io.total_bytes_skipped","type":"long","normalization":"","example":"","description":"The total number of bytes that were not captured due to implementation restrictions such as buffer size limits."},{"field":"process.io.type","type":"keyword","normalization":"","example":"","description":"The type of object on which the IO action (read or write) was taken."},{"field":"process.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.parent.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.parent.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.parent.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.parent.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.parent.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.parent.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.parent.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.parent.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.parent.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.parent.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.parent.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.parent.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.parent.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.parent.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.parent.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.parent.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.parent.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.parent.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.parent.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.parent.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.parent.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.parent.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.parent.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.parent.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.parent.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.parent.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.parent.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.previous.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.previous.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.previous.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.previous.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.session_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.session_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.session_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.session_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.session_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.session_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.session_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.session_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.tty.columns","type":"long","normalization":"","example":80,"description":"The number of character columns per line. e.g terminal width"},{"field":"process.tty.rows","type":"long","normalization":"","example":24,"description":"The number of character rows in the terminal. e.g terminal height"},{"field":"process.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"related.hash","type":"keyword","normalization":"array","example":"","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","normalization":"array","example":"","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","normalization":"array","example":"","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","normalization":"array","example":"","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","normalization":"array","example":["Star-Lord"],"description":"Rule author"},{"field":"rule.category","type":"keyword","normalization":"","example":"Attempted Information Leak","description":"Rule category"},{"field":"rule.description","type":"keyword","normalization":"","example":"Block requests to public DNS over HTTPS / TLS protocols","description":"Rule description"},{"field":"rule.id","type":"keyword","normalization":"","example":101,"description":"Rule ID"},{"field":"rule.license","type":"keyword","normalization":"","example":"Apache 2.0","description":"Rule license"},{"field":"rule.name","type":"keyword","normalization":"","example":"BLOCK_DNS_over_TLS","description":"Rule name"},{"field":"rule.reference","type":"keyword","normalization":"","example":"https://en.wikipedia.org/wiki/DNS_over_TLS","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","normalization":"","example":"Standard_Protocol_Filters","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","normalization":"","example":1100110011,"description":"Rule UUID"},{"field":"rule.version","type":"keyword","normalization":"","example":1.1,"description":"Rule version"},{"field":"server.address","type":"keyword","normalization":"","example":"","description":"Server network address."},{"field":"server.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the server."},{"field":"server.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"server.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"server.ip","type":"ip","normalization":"","example":"","description":"IP address of the server."},{"field":"server.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","normalization":"","example":"","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","normalization":"","example":"","description":"Server NAT port"},{"field":"server.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","normalization":"","example":"","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"server.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.origin.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.origin.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.origin.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.origin.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.origin.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.origin.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.origin.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.origin.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.origin.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.target.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.target.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.target.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.target.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.target.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.target.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.target.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.target.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.target.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"source.address","type":"keyword","normalization":"","example":"","description":"Source network address."},{"field":"source.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the source."},{"field":"source.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"source.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"source.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","normalization":"","example":"","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","normalization":"","example":"","description":"Source NAT port"},{"field":"source.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","normalization":"","example":"","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"source.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","normalization":"","example":"3ff9a8981b7ccd5a","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","normalization":"array","example":"","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","normalization":"","example":"","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.enrichments.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.enrichments.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.enrichments.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.enrichments.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.enrichments.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.enrichments.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","normalization":"","example":"bad-domain.com","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","normalization":"","example":"file.hash.sha256","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","normalization":"","example":"ff93aee5-86a1-4a61-b0e6-0cdc313d01b5","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","normalization":"","example":"filebeat-8.0.0-2021.05.23-000011","description":"Matched indicator index"},{"field":"threat.enrichments.matched.occurred","type":"date","normalization":"","example":"2021-10-05T17:00:58.326Z","description":"Date of match"},{"field":"threat.enrichments.matched.type","type":"keyword","normalization":"","example":"indicator_match_rule","description":"Type of indicator match"},{"field":"threat.feed.dashboard_id","type":"keyword","normalization":"","example":"5ba16340-72e6-11eb-a3e3-b3cc7c78a70f","description":"Feed dashboard ID."},{"field":"threat.feed.description","type":"keyword","normalization":"","example":"Threat feed from the AlienVault Open Threat eXchange network.","description":"Description of the threat feed."},{"field":"threat.feed.name","type":"keyword","normalization":"","example":"AlienVault OTX","description":"Name of the threat feed."},{"field":"threat.feed.reference","type":"keyword","normalization":"","example":"https://otx.alienvault.com","description":"Reference for the threat feed."},{"field":"threat.framework","type":"keyword","normalization":"","example":"MITRE ATT&CK","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","normalization":"array","example":["Magecart Group 6"],"description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","normalization":"","example":"G0037","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","normalization":"","example":"FIN6","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/groups/G0037/","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","normalization":"array","example":["X-Agent"],"description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","normalization":"","example":"S0552","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","normalization":"","example":"AdFind","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","normalization":"array","example":["Windows"],"description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/software/S0552/","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","normalization":"","example":"Tool","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","normalization":"array","example":"TA0002","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","normalization":"array","example":"Execution","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/tactics/TA0002/","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","normalization":"array","example":"T1059","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","normalization":"array","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","normalization":"","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","normalization":"array","example":"T1059.001","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","normalization":"array","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","normalization":"","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/001/","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","normalization":"","example":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","normalization":"","example":"d4e5b18d6b55c71272893221c96ba240","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","normalization":"","example":"www.elastic.co","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","normalization":"","example":"CN=myclient, OU=Documentation Team, DC=example, DC=com","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","normalization":"array","example":["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","..."],"description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","normalization":"","example":"secp256r1","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","normalization":"","example":"http/1.1","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","normalization":"","example":"394441ab65754e2207b1e1b457b3641d","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","normalization":"","example":"CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.version","type":"keyword","normalization":"","example":1.2,"description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","normalization":"","example":"tls","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","normalization":"","example":"4bf92f3577b34da6a3ce929d0e0e4736","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","normalization":"","example":"00f067aa0ba902b7","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"user.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.target.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","normalization":"","example":"iPhone","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","normalization":"","example":"Safari","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"user_agent.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","normalization":"","example":12,"description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","normalization":"array","example":["Firewall"],"description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","normalization":"","example":"CVSS","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","normalization":"","example":"CVE","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","normalization":"","example":"CVE-2019-00001","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","normalization":"","example":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","normalization":"","example":20191018.0001,"description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","normalization":"","example":"Tenable","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","normalization":"","example":5.5,"description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","normalization":"","example":5.5,"description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","normalization":"","example":"","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","normalization":"","example":2,"description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","normalization":"","example":"Critical","description":"Severity of the vulnerability."}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json new file mode 100644 index 00000000000000..41b1607e995ce5 --- /dev/null +++ b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json @@ -0,0 +1 @@ +[{"name":"account_policy_data","description":"Additional macOS user account data from the AccountPolicy section of OpenDirectory.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the account was first created","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_count","description":"The number of failed login attempts using an incorrect password. Count resets after a correct password is entered.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_timestamp","description":"The time of the last failed login attempt. Resets after a correct password is entered","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"password_last_set_time","description":"The time the password was last changed","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"acpi_tables","description":"Firmware ACPI functional table common metadata and content.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"ACPI table name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of compiled table data","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ad_config","description":"macOS Active Directory configuration.","platforms":["darwin"],"columns":[{"name":"name","description":"The macOS-specific configuration name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain","description":"Active Directory trust domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"Canonical name of option","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Variable typed option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf","description":"macOS application layer firewall (ALF) service details.","platforms":["darwin"],"columns":[{"name":"allow_signed_enabled","description":"1 If allow signed mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"firewall_unload","description":"1 If firewall unloading enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"global_state","description":"1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_enabled","description":"1 If logging mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_option","description":"Firewall logging option","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stealth_enabled","description":"1 If stealth mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Application Layer Firewall version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_exceptions","description":"macOS application layer firewall (ALF) service exceptions.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to the executable that is excepted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Firewall exception state","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_explicit_auths","description":"ALF services explicitly allowed to perform networking.","platforms":["darwin"],"columns":[{"name":"process","description":"Process name explicitly allowed","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"app_schemes","description":"macOS application schemes and handlers (e.g., http, file, mailto).","platforms":["darwin"],"columns":[{"name":"scheme","description":"Name of the scheme/protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handler","description":"Application label for the handler","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this handler is the OS default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"external","description":"1 if this handler does NOT exist on macOS by default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protected","description":"1 if this handler is protected (reserved) by macOS, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_events","description":"Track AppArmor events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Raw audit message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"apparmor","description":"Apparmor Status like ALLOWED, DENIED etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Permission requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process PID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"Apparmor profile name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"denied_mask","description":"Denied permissions for the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"capname","description":"Capability requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ouid","description":"Object owner's user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"capability","description":"Capability number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"requested_mask","description":"Requested access mask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info","description":"Additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error","description":"Error information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"namespace","description":"AppArmor namespace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"AppArmor label","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_profiles","description":"Track active AppArmor profiles.","platforms":["linux"],"columns":[{"name":"path","description":"Unique, aa-status compatible, policy identifier.","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Policy name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attach","description":"Which executable(s) a profile will attach to.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"How the policy is applied.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"A unique hash that identifies this policy.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"appcompat_shims","description":"Application Compatibility shims are a way to persist malware. This table presents the AppCompat Shim information from the registry in a nice format. See http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf for more details.","platforms":["windows"],"columns":[{"name":"executable","description":"Name of the executable that is being shimmed. This is pulled from the registry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Install time of the SDB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdb_id","description":"Unique GUID of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apps","description":"macOS applications installed in known search paths (e.g., /Applications).","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the Name.app folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute and full Name.app path","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_executable","description":"Info properties CFBundleExecutable label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_identifier","description":"Info properties CFBundleIdentifier label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_name","description":"Info properties CFBundleName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_short_version","description":"Info properties CFBundleShortVersionString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"Info properties CFBundleVersion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_package_type","description":"Info properties CFBundlePackageType label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"environment","description":"Application-set environment variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"element","description":"Does the app identify as a background agent","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compiler","description":"Info properties DTCompiler label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Info properties CFBundleDevelopmentRegion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Info properties CFBundleDisplayName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_string","description":"Info properties CFBundleGetInfoString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_system_version","description":"Minimum version of macOS required for the app to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The UTI that categorizes the app for the App Store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"applescript_enabled","description":"Info properties NSAppleScriptEnabled label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"copyright","description":"Info properties NSHumanReadableCopyright label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"The time that the app was last used","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apt_sources","description":"Current list of APT repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_uri","description":"Repository base URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"Release name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Repository source version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Repository maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"components","description":"Repository components","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architectures","description":"Repository architectures","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"arp_cache","description":"Address resolution cache, both static and dynamic (from ARP, NDP).","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IPv4 address target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address of broadcasted address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Interface of the network for the MAC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permanent","description":"1 for true, 0 for false","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"asl","description":"Queries the Apple System Log data structure for system events.","platforms":["darwin"],"columns":[{"name":"time","description":"Unix timestamp. Set automatically","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_nano_sec","description":"Nanosecond time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Sender's address (set by the server).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"Sender's identification string. Default is process name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Sender's facility. Default is 'user'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Sending process ID encoded as a string. Set automatically.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"GID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"UID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Log level number. See levels in asl.h.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message text.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_pid","description":"Reference PID for messages proxied by launchd","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_proc","description":"Reference process for messages proxied by launchd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"atom_packages","description":"Lists all atom packages in a directory or globally installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package's package.json path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License for package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"augeas","description":"Configuration files parsed by augeas.","platforms":["darwin","linux"],"columns":[{"name":"node","description":"The node path of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"The value of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"The label of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path to the configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authenticode","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"original_program_name","description":"The original program name that the publisher has signed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_name","description":"The certificate issuer name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_name","description":"The certificate subject name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The signature check result","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorization_mechanisms","description":"macOS Authorization mechanisms database.","platforms":["darwin"],"columns":[{"name":"label","description":"Label of the authorization right","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"plugin","description":"Authorization plugin name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mechanism","description":"Name of the mechanism that will be called","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"If privileged it will run as root, else as an anonymous user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"entry","description":"The whole string entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorizations","description":"macOS Authorization rights database.","platforms":["darwin"],"columns":[{"name":"label","description":"Item name, usually in reverse domain format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"modified","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_root","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"timeout","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tries","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authenticate_user","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shared","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_owner","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorized_keys","description":"A line-delimited authorized_keys table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local owner of authorized_keys file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"algorithm","description":"Key type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key encoded as base64","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Optional list of login options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to the authorized_keys file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"autoexec","description":"Aggregate of executables that will automatically execute on the target machine. This is an amalgamation of other tables like services, scheduled_tasks, startup_items and more.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the executable","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source table of the autoexec item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_metadata","description":"Azure instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"location","description":"Azure Region the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offer","description":"Offer information for the VM image (Azure image gallery VMs only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Publisher of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"SKU for the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Linux or Windows","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_update_domain","description":"Update domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_fault_domain","description":"Fault domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"vm_size","description":"VM size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscription_id","description":"Azure subscription for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resource_group_name","description":"Resource group for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"placement_group_id","description":"Placement group for the VM scale set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_scale_set_name","description":"VM scale set name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_tags","description":"Azure instance tags.","platforms":["darwin","linux","windows"],"columns":[{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"The tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"background_activities_moderator","description":"Background Activities Moderator (BAM) tracks application execution.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"battery","description":"Provides information about the internal battery of a Macbook.","platforms":["darwin"],"columns":[{"name":"manufacturer","description":"The battery manufacturer's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacture_date","description":"The date the battery was manufactured UNIX Epoch","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The battery's model number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The battery's unique serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cycle_count","description":"The number of charge/discharge cycles","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"health","description":"One of the following: \"Good\" describes a well-performing battery, \"Fair\" describes a functional battery with limited capacity, or \"Poor\" describes a battery that's not capable of providing power","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"condition","description":"One of the following: \"Normal\" indicates the condition of the battery is within normal tolerances, \"Service Needed\" indicates that the battery should be checked out by a licensed Mac repair service, \"Permanent Failure\" indicates the battery needs replacement","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"One of the following: \"AC Power\" indicates the battery is connected to an external power source, \"Battery Power\" indicates that the battery is drawing internal power, \"Off Line\" indicates the battery is off-line or no longer connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"charging","description":"1 if the battery is currently being charged by a power source. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"charged","description":"1 if the battery is currently completely charged. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"designed_capacity","description":"The battery's designed capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"The battery's actual capacity when it is fully charged in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_capacity","description":"The battery's current charged capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_remaining","description":"The percentage of battery remaining before it is drained","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"amperage","description":"The battery's current amperage in mA","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"voltage","description":"The battery's current voltage in mV","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_until_empty","description":"The number of minutes until the battery is fully depleted. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_to_full_charge","description":"The number of minutes until the battery is fully charged. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bitlocker_info","description":"Retrieve bitlocker status of the machine.","platforms":["windows"],"columns":[{"name":"device_id","description":"ID of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"Drive letter of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent_volume_id","description":"Persistent ID of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"conversion_status","description":"The bitlocker conversion status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_status","description":"The bitlocker protection status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_method","description":"The encryption type of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The FVE metadata version of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percentage_encrypted","description":"The percentage of the drive that is encrypted.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lock_status","description":"The accessibility status of the drive from Windows.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"block_devices","description":"Block (buffered access) device file nodes: disks, ramdisks, and DMG containers.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Block device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Block device parent name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Block device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Block device model string identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Block device size in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Block device Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Block device type string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Block device label string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bpf_process_events","description":"Track time/action process executions.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"json_cmdline","description":"Command line arguments, in JSON format","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"bpf_socket_events","description":"Track network socket opens and closes.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The socket type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"browser_plugins","description":"All C/NPAPI browser plugin details for all users. C/NPAPI has been deprecated on all major browsers. To query for plugins on modern browsers, try: `chrome_extensions` `firefox_addons` `safari_extensions`.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Plugin display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Plugin identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Plugin short version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Build SDK used to compile plugin","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Plugin description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Plugin language-localization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"native","description":"Plugin requires native execution","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"disabled","description":"Is the plugin disabled. 1 = Disabled","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carbon_black_info","description":"Returns info about a Carbon Black sensor install.","platforms":["darwin","linux","windows"],"columns":[{"name":"sensor_id","description":"Sensor ID of the Carbon Black sensor","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"config_name","description":"Sensor group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_store_files","description":"If the sensor is configured to send back binaries to the Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_loads","description":"If the sensor is configured to capture module loads","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_info","description":"If the sensor is configured to collect metadata of binaries","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_file_mods","description":"If the sensor is configured to collect file modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_reg_mods","description":"If the sensor is configured to collect registry modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_net_conns","description":"If the sensor is configured to collect network connections","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_processes","description":"If the sensor is configured to process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_cross_processes","description":"If the sensor is configured to cross process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_emet_events","description":"If the sensor is configured to EMET events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_data_file_writes","description":"If the sensor is configured to collect non binary file writes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_process_user_context","description":"If the sensor is configured to collect the user running a process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_sensor_operations","description":"Unknown","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_mb","description":"Event file disk quota in MB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_percentage","description":"Event file disk quota in a percentage","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_disabled","description":"If the sensor is configured to report tamper events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_ip_addr","description":"IP address of the sensor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_backend_server","description":"Carbon Black server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_queue","description":"Size in bytes of Carbon Black event files on disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"binary_queue","description":"Size in bytes of binaries waiting to be sent to Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carves","description":"List the set of completed and in-progress carves. If carve=1 then the query is treated as a new carve request.","platforms":["darwin","linux","windows"],"columns":[{"name":"time","description":"Time at which the carve was kicked off","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"A SHA256 sum of the carved archive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the carved archive","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the requested carve","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve_guid","description":"Identifying value of the carve session","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"request_id","description":"Identifying value of the carve request (e.g., scheduled query name, distributed request, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve","description":"Set this value to '1' to start a file carve","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"certificates","description":"Certificate Authorities installed in Keychains/ca-bundles.","platforms":["darwin","linux","windows"],"columns":[{"name":"common_name","description":"Certificate CommonName","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject","description":"Certificate distinguished name (deprecated, use subject2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer","description":"Certificate issuer distinguished name (deprecated, use issuer2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ca","description":"1 if CA: true (certificate is an authority) else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"self_signed","description":"1 if self-signed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_before","description":"Lower bound of valid date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_after","description":"Certificate expiration data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_algorithm","description":"Signing algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_algorithm","description":"Key algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_strength","description":"Key size used for RSA/DSA, or curve name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Certificate key usage and extended key usage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_id","description":"SKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_id","description":"AKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the raw certificate contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Keychain or PEM bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"SID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_location","description":"Certificate system store location","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store","description":"Certificate system store","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"username","description":"Username","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_id","description":"Exists for service/user stores. Contains raw store id provided by WinAPI.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"issuer2","description":"Certificate issuer distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"subject2","description":"Certificate distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"chassis_info","description":"Display information pertaining to the chassis and its security status.","platforms":["windows"],"columns":[{"name":"audible_alarm","description":"If TRUE, the frame is equipped with an audible alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"breach_description","description":"If provided, gives a more detailed description of a detected security breach.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chassis_types","description":"A comma-separated list of chassis types, such as Desktop or Laptop.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"An extended description of the chassis if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"lock","description":"If TRUE, the frame is equipped with a lock.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_breach","description":"The physical status of the chassis such as Breach Successful, Breach Attempted, etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"smbios_tag","description":"The assigned asset tag number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"The Stock Keeping Unit number if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"If available, gives various operational or nonoperational statuses such as OK, Degraded, and Pred Fail.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible_alarm","description":"If TRUE, the frame is equipped with a visual alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chocolatey_packages","description":"Chocolatey packages installed in a system.","platforms":["windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this package resides","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extension_content_scripts","description":"Chrome browser extension content scripts.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script","description":"The content script used by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"The pattern that the script is matched against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extensions","description":"Chrome-based browser extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"The name of the Chrome profile that contains this extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced_identifier","description":"Extension identifier, as specified by the preferences file. Empty if the extension is not in the profile.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier, computed from its manifest. Empty in case of error.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Extension-optional description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_locale","description":"Default locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_locale","description":"Current locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent","description":"1 If extension is persistent across all tabs else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The permissions required by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions_json","description":"The JSON-encoded permissions required by the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"optional_permissions","description":"The permissions optionally required by the extensions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional_permissions_json","description":"The JSON-encoded permissions optionally required by the extensions","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"manifest_hash","description":"The SHA256 hash of the manifest.json file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"from_webstore","description":"True if this extension was installed from the web store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"1 if this extension is enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Extension install time, in its original Webkit format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_timestamp","description":"Extension install time, converted to unix time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manifest_json","description":"The manifest file of the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"key","description":"The extension key, from the manifest file","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"connected_displays","description":"Provides information about the connected displays of the machine.","platforms":["darwin"],"columns":[{"name":"name","description":"The name of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"product_id","description":"The product ID of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The serial number of the display. (may not be unique)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"The vendor ID of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufactured_week","description":"The manufacture week of the display. This field is 0 if not supported","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufactured_year","description":"The manufacture year of the display. This field is 0 if not supported","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"display_id","description":"The display ID.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pixels","description":"The number of pixels of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resolution","description":"The resolution of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ambient_brightness_enabled","description":"The ambient brightness setting associated with the display. This will be 1 if enabled and is 0 if disabled or not supported.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"connection_type","description":"The connection type associated with the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_type","description":"The type of display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"main","description":"If the display is the main display.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mirror","description":"If the display is mirrored or not. This field is 1 if mirrored and 0 if not mirrored.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"online","description":"The online status of the display. This field is 1 if the display is online and 0 if it is offline.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"rotation","description":"The orientation of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"connectivity","description":"Provides the overall system's network state.","platforms":["windows"],"columns":[{"name":"disconnected","description":"True if the all interfaces are not connected to any network","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_no_traffic","description":"True if any interface is connected via IPv4, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_no_traffic","description":"True if any interface is connected via IPv6, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_subnet","description":"True if any interface is connected to the local subnet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_local_network","description":"True if any interface is connected to a routed network via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_internet","description":"True if any interface is connected to the Internet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_subnet","description":"True if any interface is connected to the local subnet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_local_network","description":"True if any interface is connected to a routed network via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_internet","description":"True if any interface is connected to the Internet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpu_info","description":"Retrieve cpu hardware info of the machine.","platforms":["darwin","linux","windows"],"columns":[{"name":"device_id","description":"The DeviceID of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"processor_type","description":"The processor type, such as Central, Math, or Video.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_status","description":"The current operating status of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"number_of_cores","description":"The number of cores of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logical_processors","description":"The number of logical processors of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address_width","description":"The width of the CPU address bus.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_clock_speed","description":"The current frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_clock_speed","description":"The maximum possible frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket_designation","description":"The assigned socket on the board for the given CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability","description":"The availability and status of the CPU.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"number_of_efficiency_cores","description":"The number of efficiency cores of the CPU. Only available on Apple Silicon","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"number_of_performance_cores","description":"The number of performance cores of the CPU. Only available on Apple Silicon","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"cpu_time","description":"Displays information from /proc/stat file about the time the cpu cores spent in different parts of the system.","platforms":["darwin","linux"],"columns":[{"name":"core","description":"Name of the cpu (core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Time spent in user mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Time spent in user mode with low priority (nice)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system","description":"Time spent in system mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idle","description":"Time spent in the idle task","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"iowait","description":"Time spent waiting for I/O to complete","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"irq","description":"Time spent servicing interrupts","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"softirq","description":"Time spent servicing softirqs","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"steal","description":"Time spent in other operating systems when running in a virtualized environment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest","description":"Time spent running a virtual CPU for a guest OS under the control of the Linux kernel","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest_nice","description":"Time spent running a niced guest ","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpuid","description":"Useful CPU features from the cpuid ASM call.","platforms":["darwin","linux","windows"],"columns":[{"name":"feature","description":"Present feature flags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Bit value or string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_register","description":"Register used to for feature value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_bit","description":"Bit in register value for feature value","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"input_eax","description":"Value of EAX used","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crashes","description":"Application, System, and Mobile App crash logs.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Identifier of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent PID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"responsible","description":"Process responsible for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the crashed process","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"datetime","description":"Date/Time at which the crash occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crashed_thread","description":"Thread ID which crashed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Most recent frame from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_type","description":"Exception type of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_codes","description":"Exception codes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_notes","description":"Exception notes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The value of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crontab","description":"Line parsed values from system and user cron/tab.","platforms":["darwin","linux"],"columns":[{"name":"event","description":"The job @event name (rare)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minute","description":"The exact minute for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"The hour of the day for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_month","description":"The day of the month for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"The month of the year for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_week","description":"The day of the week for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Raw command string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File parsed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"cups_destinations","description":"Returns all configured printers.","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the printer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_name","description":"Option name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_value","description":"Option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cups_jobs","description":"Returns all completed print jobs from cups.","platforms":["darwin"],"columns":[{"name":"title","description":"Title of the printed job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"The printer the job was sent to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The user who printed the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"format","description":"The format of the print job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the print job","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"completed_time","description":"When the job completed printing","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processing_time","description":"How long the job took to process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the print request was initiated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl","description":"Perform an http request and return stats about it.","platforms":["darwin","linux","windows"],"columns":[{"name":"url","description":"The url for the request","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"method","description":"The HTTP method for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_agent","description":"The user-agent string to use for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"response_code","description":"The HTTP status code for the response","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"round_trip_time","description":"Time taken to complete the request","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of bytes in the response","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The HTTP response body","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl_certificate","description":"Inspect TLS certificates by connecting to input hostnames.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Hostname to CURL (domain[:port], e.g. osquery.io)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"common_name","description":"Common name of company issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization","description":"Organization issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization_unit","description":"Organization unit issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_common_name","description":"Issuer common name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization","description":"Issuer organization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization_unit","description":"Issuer organization unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_from","description":"Period of validity start date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_to","description":"Period of validity end date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256_fingerprint","description":"SHA-256 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1_fingerprint","description":"SHA1 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version Number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"signature_algorithm","description":"Signature Algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signature","description":"Signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_identifier","description":"Subject Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_identifier","description":"Authority Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extended_key_usage","description":"Extended usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policies","description":"Certificate Policies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_alternative_names","description":"Subject Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_alternative_names","description":"Issuer Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_access","description":"Authority Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_info_access","description":"Subject Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_mappings","description":"Policy Mappings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"has_expired","description":"1 if the certificate has expired, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"basic_constraint","description":"Basic Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name_constraints","description":"Name Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_constraints","description":"Policy Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dump_certificate","description":"Set this value to '1' to dump certificate","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"timeout","description":"Set this value to the timeout in seconds to complete the TLS handshake (default 4s, use 0 for no timeout)","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"pem","description":"Certificate PEM format","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"deb_packages","description":"The installed DEB package database.","platforms":["linux"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Package source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Package architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Package revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Package status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Package maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"section","description":"Package section","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"priority","description":"Package priority","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"admindir","description":"libdpkg admindir. Defaults to /var/lib/dpkg","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"default_environment","description":"Default environment variables and values.","platforms":["windows"],"columns":[{"name":"variable","description":"Name of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expand","description":"1 if the variable needs expanding, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_file","description":"Similar to the file table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"A logical path within the device node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Creation time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_firmware","description":"A best-effort list of discovered firmware versions.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"The device name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Firmware version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_hash","description":"Similar to the hash table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_partitions","description":"Use TSK to enumerate details about partitions on a disk device.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number or description","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Byte size of each block","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Number of blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Number of meta nodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"disk_encryption","description":"Disk encryption status and information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Disk name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Disk Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encrypted","description":"1 If encrypted: true (disk is encrypted), else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Description of cipher type and mode if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_status","description":"Disk encryption status with one of following values: encrypted | not encrypted | undefined","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Currently authenticated user if available","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"user_uuid","description":"UUID of authenticated user if available","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"filevault_status","description":"FileVault status with one of following values: on | off | unknown","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"disk_events","description":"Track DMG disk image events (appearance/disappearance) when opened.","platforms":["darwin"],"columns":[{"name":"action","description":"Appear or disappear","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the DMG file accessed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Disk event name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Disk event BSD name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"UUID of the volume inside DMG if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of partition in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ejectable","description":"1 if ejectable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mountable","description":"1 if mountable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"writable","description":"1 if writable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content","description":"Disk event content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"media_name","description":"Disk event media name string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Disk event vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filesystem","description":"Filesystem if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"checksum","description":"UDIF Master checksum if available (CRC32)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of appearance/disappearance in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"disk_info","description":"Retrieve basic information about the physical disks of a system.","platforms":["windows"],"columns":[{"name":"partitions","description":"Number of detected partitions on disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_index","description":"Physical drive number of the disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The interface type of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pnp_device_id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_size","description":"Size of the disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hard drive model.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"The label of the disk object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The OS's description of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_cache","description":"Enumerate the DNS cache using the undocumented DnsGetCacheDataTable function in dnsapi.dll.","platforms":["windows"],"columns":[{"name":"name","description":"DNS record name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"DNS record type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"DNS record flags","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_resolvers","description":"Resolvers used by this host.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Address type index or order","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Address type: sortlist, nameserver, search","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Resolver IP/IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Address (sortlist) netmask length","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Resolver options","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_container_envs","description":"Docker container environment variables.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_fs_changes","description":"Changes to files or directories on container's filesystem.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"FIle or directory path relative to rootfs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"change_type","description":"Type of change: C:Modified, A:Added, D:Deleted","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_labels","description":"Docker container labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_mounts","description":"Docker container mounts.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Type of mount (bind, volume)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Optional mount name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source path on host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"Destination path inside container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver providing the mount","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Mount options (rw, ro)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rw","description":"1 if read/write. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"propagation","description":"Mount propagation","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_networks","description":"Docker container networks.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"network_id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"endpoint_id","description":"Endpoint ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_address","description":"IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_prefix_len","description":"IP subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_gateway","description":"IPv6 gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_prefix_len","description":"IPv6 subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mac_address","description":"MAC address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_ports","description":"Docker container ports.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Protocol (tcp, udp)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Port inside the container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host_ip","description":"Host IP address on which public port is listening","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host_port","description":"Host port","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_processes","description":"Docker container processes.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start in seconds since boot (non-sleeping)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Cumulative CPU time. [DD-]HH:MM:SS format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu","description":"CPU utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mem","description":"Memory utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_stats","description":"Docker container statistics. Queries on this table take at least one second.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pids","description":"Number of processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"read","description":"UNIX time when stats were read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"preread","description":"UNIX time when stats were last read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"Difference between read and preread in nano-seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_read","description":"Total disk read bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_write","description":"Total disk write bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"num_procs","description":"Number of processors","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_total_usage","description":"Total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_kernelmode_usage","description":"CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_usermode_usage","description":"CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_cpu_usage","description":"CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"online_cpus","description":"Online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_total_usage","description":"Last read total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_kernelmode_usage","description":"Last read CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_usermode_usage","description":"Last read CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_system_cpu_usage","description":"Last read CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_online_cpus","description":"Last read online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_usage","description":"Memory usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_cached","description":"Memory cached","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_max_usage","description":"Memory maximum usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"Memory limit","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_rx_bytes","description":"Total network bytes read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_tx_bytes","description":"Total network bytes transmitted","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_containers","description":"Docker containers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"image","description":"Docker image (name) used to launch this container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image_id","description":"Docker image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Command with arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Container state (created, restarting, running, removing, paused, exited, dead)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Container status information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Identifier of the initial process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Container path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_entrypoint","description":"Container entrypoint(s)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"started_at","description":"Container start time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"finished_at","description":"Container finish time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"Is the container privileged","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"security_options","description":"List of container security options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_variables","description":"Container environmental variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly_rootfs","description":"Is the root filesystem mounted as read only","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_namespace","description":"cgroup namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"ipc_namespace","description":"IPC namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"mnt_namespace","description":"Mount namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"net_namespace","description":"Network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pid_namespace","description":"PID namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"user_namespace","description":"User namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"uts_namespace","description":"UTS namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_image_history","description":"Docker image history information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of instruction in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_by","description":"Created by instruction","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Instruction comment","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_labels","description":"Docker image labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_layers","description":"Docker image layers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"layer_id","description":"Layer ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"layer_order","description":"Layer Order (1 = base layer)","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_images","description":"Docker images information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size_bytes","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of repository tags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_info","description":"Docker system information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Docker system ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"containers","description":"Total number of containers","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_running","description":"Number of containers currently running","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_paused","description":"Number of containers in paused state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_stopped","description":"Number of containers in stopped state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"images","description":"Number of images","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"storage_driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"1 if memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_limit","description":"1 if swap limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_memory","description":"1 if kernel memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_period","description":"1 if CPU Completely Fair Scheduler (CFS) period support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_quota","description":"1 if CPU Completely Fair Scheduler (CFS) quota support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_shares","description":"1 if CPU share weighting support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_set","description":"1 if CPU set selection support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_forwarding","description":"1 if IPv4 forwarding is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_iptables","description":"1 if bridge netfilter iptables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_ip6tables","description":"1 if bridge netfilter ip6tables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"oom_kill_disable","description":"1 if Out-of-memory kill is disabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_driver","description":"Logging driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_driver","description":"Control groups driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Operating system type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpus","description":"Number of CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory","description":"Total memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"http_proxy","description":"HTTP proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"https_proxy","description":"HTTPS proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"no_proxy","description":"Comma-separated list of domain extensions proxy should not be used for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the docker host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_version","description":"Server version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_dir","description":"Docker root directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_network_labels","description":"Docker network labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_networks","description":"Docker networks information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Network driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_ipv6","description":"1 if IPv6 is enabled on this network. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"subnet","description":"Network subnet","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Network gateway","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_version","description":"Docker version information.","platforms":["darwin","linux"],"columns":[{"name":"version","description":"Docker version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"api_version","description":"API version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_api_version","description":"Minimum API version supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"git_commit","description":"Docker build git commit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"go_version","description":"Go version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Build time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volume_labels","description":"Docker volume labels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volumes","description":"Docker volumes information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"driver","description":"Volume driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mount_point","description":"Mount point","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Volume type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"drivers","description":"Details for in-use Windows device drivers. This does not display installed but unused drivers.","platforms":["windows"],"columns":[{"name":"device_id","description":"Device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_name","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image","description":"Path to driver image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Driver description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"Driver service name, if one exists","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_key","description":"Driver service registry key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Driver version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inf","description":"Associated inf file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Device/driver class name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider","description":"Driver provider","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Device manufacturer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_key","description":"Driver key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Driver date","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"Whether the driver is signed or not","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_metadata","description":"EC2 instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_type","description":"EC2 instance type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"region","description":"AWS region in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability_zone","description":"Availability zone in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Private IPv4 DNS hostname of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ipv4","description":"Private IPv4 address of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address for the first network interface of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_groups","description":"Comma separated list of security group names","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iam_arn","description":"If there is an IAM role associated with the instance, contains instance profile ARN","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ami_id","description":"AMI ID used to launch this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reservation_id","description":"ID of the reservation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account_id","description":"AWS account ID which owns this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_tags","description":"EC2 instance tag key value pairs.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_events","description":"Process execution events from EndpointSecurity.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"original_parent","description":"Original parent process ID in case of reparenting","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_count","description":"Number of command line arguments","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_id","description":"Signature identifier of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_id","description":"Team identifier of thd process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Codesigning hash of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_binary","description":"Indicates if the binary is Apple signed binary (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of a process in case of an exit event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"child_pid","description":"Process ID of a child process in case of a fork event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"codesigning_flags","description":"Codesigning flags matching one of these options, in a comma separated list: NOT_VALID, ADHOC, NOT_RUNTIME, INSTALLER. See kern/cs_blobs.h in XNU for descriptions.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_file_events","description":"File integrity monitoring events from EndpointSecurity including process context.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"The source or target filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_filename","description":"Destination filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"etc_hosts","description":"Line-parsed /etc/hosts.","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IP address mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostnames","description":"Raw hosts mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"etc_protocols","description":"Line-parsed /etc/protocols.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Protocol name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"Protocol number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"alias","description":"Protocol alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Comment with protocol description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"etc_services","description":"Line-parsed /etc/services.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Service port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Optional space separated list of other names for a service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment for a service.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"event_taps","description":"Returns information about installed event taps.","platforms":["darwin"],"columns":[{"name":"enabled","description":"Is the Event Tap enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tap_id","description":"Unique ID for the Tap","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tapped","description":"The mask that identifies the set of events to be observed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_being_tapped","description":"The process ID of the target application","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tapping_process","description":"The process ID of the application that created the event tap.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"extended_attributes","description":"Returns the extended attributes for files (similar to Windows ADS).","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the value generated from the extended attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The parsed information from the attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base64","description":"1 if the value is base64 encoded else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"fan_speed_sensors","description":"Fan speeds.","platforms":["darwin"],"columns":[{"name":"fan","description":"Fan number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Fan name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"actual","description":"Actual speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target speed","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"file","description":"Interactive filesystem attributes and metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Device ID (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"(B)irth or (cr)eate time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"symlink","description":"1 if the path is a symlink, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attributes","description":"File attrib string. See: https://ss64.com/nt/attrib.html","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"volume_serial","description":"Volume serial number","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_id","description":"file ID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_version","description":"File version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"product_version","description":"File product version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"original_filename","description":"(Executable files only) Original filename","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"bsd_flags","description":"The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"file_events","description":"Track time/action changes to files specified in configuration data.","platforms":["darwin","linux"],"columns":[{"name":"target_path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file defined in the config","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"The MD5 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"The SHA1 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"The SHA256 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hashed","description":"1 if the file was hashed, 0 if not, -1 if hashing failed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"firefox_addons","description":"Firefox browser extensions, webapps, and addons.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the addon","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Addon display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Addon identifier","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"creator","description":"Addon-supported creator string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Extension, addon, webapp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Addon-supplied version string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Addon-supplied description string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_url","description":"URL that installed the addon","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible","description":"1 If the addon is shown in browser else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If the addon is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 If the addon is application-disabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"1 If the addon applies background updates else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Global, profile location","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper","description":"macOS Gatekeeper Details.","platforms":["darwin"],"columns":[{"name":"assessments_enabled","description":"1 If a Gatekeeper is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"dev_id_enabled","description":"1 If a Gatekeeper allows execution from identified developers else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of Gatekeeper's gke.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"opaque_version","description":"Version of Gatekeeper's gkopaque.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper_approved_apps","description":"Gatekeeper apps a user has allowed to run.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of executable allowed to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"requirement","description":"Code signing requirement language","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last change time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"hardware_events","description":"Hardware (PCI/USB/HID) events from UDEV or IOKit.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"Remove, insert, change properties, etc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local device path assigned (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of hardware and hardware event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver claiming the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Hardware device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded Hardware vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Hardware device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded Hardware model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Device serial (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Device revision (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of hardware event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hash","description":"Filesystem hash data.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"homebrew_packages","description":"The installed homebrew package database.","platforms":["darwin"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package install path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Current 'linked' version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"prefix","description":"Homebrew install prefix","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hvci_status","description":"Retrieve HVCI info of the machine.","platforms":["windows"],"columns":[{"name":"version","description":"The version number of the Device Guard build.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_identifier","description":"The instance ID of Device Guard.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vbs_status","description":"The status of the virtualization based security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code_integrity_policy_enforcement_status","description":"The status of the code integrity policy enforcement settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"umci_policy_status","description":"The status of the User Mode Code Integrity security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ibridge_info","description":"Information about the Apple iBridge hardware controller.","platforms":["darwin"],"columns":[{"name":"boot_uuid","description":"Boot UUID of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"coprocessor_version","description":"The manufacturer and chip version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_version","description":"The build version of the firmware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unique_chip_id","description":"Unique id of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ie_extensions","description":"Internet Explorer browser extensions.","platforms":["windows"],"columns":[{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registry_path","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executable","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"intel_me_info","description":"Intel ME/CSE Info.","platforms":["linux","windows"],"columns":[{"name":"version","description":"Intel ME version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"interface_addresses","description":"Network interfaces and relevant metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"Interface netmask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"broadcast","description":"Broadcast address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"point_to_point","description":"PtP address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of address. One of dhcp, manual, auto, other, unknown","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_details","description":"Detailed information and stats of network interfaces.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC of interface (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Interface type (includes virtual)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Network MTU","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Metric based on the speed of the interface","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags (netdevice) for the device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipackets","description":"Input packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"opackets","description":"Output packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ibytes","description":"Input bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"obytes","description":"Output bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ierrors","description":"Input errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"oerrors","description":"Output errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idrops","description":"Input drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"odrops","description":"Output drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"collisions","description":"Packet Collisions detected","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Time of last device modification (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"link_speed","description":"Interface speed in Mb/s","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"pci_slot","description":"PCI slot number","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"description","description":"Short description of the object a one-line string.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"manufacturer","description":"Name of the network adapter's manufacturer.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_id","description":"Name of the network connection as it appears in the Network Connections Control Panel program.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_status","description":"State of the network adapter connection to the network.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"enabled","description":"Indicates whether the adapter is enabled or not.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"physical_adapter","description":"Indicates whether the adapter is a physical or a logical adapter.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"speed","description":"Estimate of the current bandwidth in bits per second.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"service","description":"The name of the service the network adapter uses.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_enabled","description":"If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_expires","description":"Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_obtained","description":"Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_server","description":"IP address of the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain","description":"Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain_suffix_search_order","description":"Array of DNS domain suffixes to be appended to the end of host names during name resolution.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_host_name","description":"Host name used to identify the local computer for authentication by some utilities.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_server_search_order","description":"Array of server IP addresses to be used in querying for DNS servers.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_ipv6","description":"IPv6 configuration and stats of network interfaces.","platforms":["darwin","linux"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hop_limit","description":"Current Hop Limit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"forwarding_enabled","description":"Enable IP forwarding","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"redirect_accept","description":"Accept ICMP redirect messages","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"rtadv_accept","description":"Accept ICMP Router Advertisement","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_devicetree","description":"The IOKit registry matching the DeviceTree plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Device node name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent device registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device_path","description":"Device tree path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"1 if the device conforms to IOService else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the device is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The device reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Device nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_registry","description":"The full IOKit registry without selecting a plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Default name of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the node is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The node reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Node nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iptables","description":"Linux IP packet filtering and NAT tool.","platforms":["linux"],"columns":[{"name":"filter_name","description":"Packet matching filter table name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chain","description":"Size of module content.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy","description":"Policy that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Protocol number identification.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"src_port","description":"Protocol source port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_port","description":"Protocol destination port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_ip","description":"Source IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_mask","description":"Source IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface","description":"Input interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface_mask","description":"Input interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_ip","description":"Destination IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_mask","description":"Destination IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface","description":"Output interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface_mask","description":"Output interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"Matching rule that applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"packets","description":"Number of matching packets for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of matching bytes for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_extensions","description":"macOS's kernel extensions, both loaded and within the load search path.","platforms":["darwin"],"columns":[{"name":"idx","description":"Extension load tag or index","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refs","description":"Reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Bytes of wired memory used by extension","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"linked_against","description":"Indexes of extensions this extension is linked against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Optional path to extension bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_info","description":"Basic active kernel information.","platforms":["darwin","linux","windows"],"columns":[{"name":"version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arguments","description":"Kernel arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Kernel path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Kernel device identifier","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_keys","description":"List of security data, authentication keys and encryption keys.","platforms":["linux"],"columns":[{"name":"serial_number","description":"The serial key of the key.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"A set of flags describing the state of the key.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"usage","description":"the number of threads and open file references thatrefer to this key.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"timeout","description":"The amount of time until the key will expire,expressed in human-readable form. The string perm heremeans that the key is permanent (no timeout). Thestring expd means that the key has already expired.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The key permissions, expressed as four hexadecimalbytes containing, from left to right, thepossessor, user, group, and other permissions.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The user ID of the key owner.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"The group ID of the key.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The key type.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The key description.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_modules","description":"Linux kernel modules both loaded and within the load search path.","platforms":["linux"],"columns":[{"name":"name","description":"Module name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of module content","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"Module reverse dependencies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Kernel module status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Kernel module address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_panics","description":"System kernel panic logs.","platforms":["darwin"],"columns":[{"name":"path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Formatted time of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"A space delimited line of register:value pairs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"frame_backtrace","description":"Backtrace of the crashed module","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_backtrace","description":"Modules appearing in the crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dependencies","description":"Module dependencies existing in crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name corresponding to crashed thread","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_version","description":"Version of the operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Version of the system kernel","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"system_model","description":"Physical system model, for example 'MacBookPro12,1 (Mac-E43C1C25D4880AD6)'","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"System uptime at kernel panic in nanoseconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_loaded","description":"Last loaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_unloaded","description":"Last unloaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_acls","description":"Applications that have ACL entries in the keychain.","platforms":["darwin"],"columns":[{"name":"keychain_path","description":"The path of the keychain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authorizations","description":"A space delimited set of authorization attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the authorized application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The description included with the ACL entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"An optional label tag that may be included with the keychain entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_items","description":"Generic details about keychain items.","platforms":["darwin"],"columns":[{"name":"label","description":"Generic item name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional item description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional keychain comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account","description":"Optional item account","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Date item was created","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified","description":"Date of last modification","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Keychain item type (class)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pk_hash","description":"Hash of associated public key (SHA1 of subjectPublicKey, see RFC 8520 4.2.1.2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to keychain containing item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"known_hosts","description":"A line-delimited known_hosts table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local user that owns the known_hosts file","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"parsed authorized keys line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to known_hosts file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kva_speculative_info","description":"Display kernel virtual address and speculative execution information for the system.","platforms":["windows"],"columns":[{"name":"kva_shadow_enabled","description":"Kernel Virtual Address shadowing is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_user_global","description":"User pages are marked as global.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_pcid","description":"Kernel VA PCID flushing optimization is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_inv_pcid","description":"Kernel VA INVPCID is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_mitigations","description":"Branch Prediction mitigations are enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_system_pol_disabled","description":"Branch Predictions are disabled via system policy.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_microcode_disabled","description":"Branch Predictions are disabled due to lack of microcode update.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_spec_ctrl_supported","description":"SPEC_CTRL MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ibrs_support_enabled","description":"Windows uses IBRS.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stibp_support_enabled","description":"Windows uses STIBP.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_pred_cmd_supported","description":"PRED_CMD MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"last","description":"System logins and logouts.","platforms":["darwin","linux"],"columns":[{"name":"username","description":"Entry username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Entry terminal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Entry type, according to ut_type types (utmp.h)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Entry type name, according to ut_type types (utmp.h)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Entry hostname","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd","description":"LaunchAgents and LaunchDaemons from default search paths.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"File name of plist (used by launchd)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program","description":"Path to target program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_at_load","description":"Should the program run on launch load","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keep_alive","description":"Should the process be restarted if killed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"on_demand","description":"Deprecated key, replaced by keep_alive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"Skip loading this daemon or agent on boot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Run this daemon or agent as this username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Run this daemon or agent as this group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stdout_path","description":"Pipe stdout to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stderr_path","description":"Pipe stderr to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_interval","description":"Frequency to run in seconds","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program_arguments","description":"Command line arguments passed to program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"watch_paths","description":"Key that launches daemon or agent if path is modified","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"queue_directories","description":"Similar to watch_paths but only with non-empty directories","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inetd_compatibility","description":"Run this daemon or agent as it was launched from inetd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_on_mount","description":"Run daemon or agent every time a filesystem is mounted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_directory","description":"Key used to specify a directory to chroot to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"working_directory","description":"Key used to specify a directory to chdir to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_type","description":"Key describes the intended purpose of the job","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd_overrides","description":"Override keys, per user, for LaunchDaemons and Agents.","platforms":["darwin"],"columns":[{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Name of the override key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Overridden value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID applied to the override, 0 applies to all","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"listening_ports","description":"Processes with listening (bound) network sockets/ports.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Transport layer port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for bind","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path for UNIX domain sockets","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"load_average","description":"Displays information about the system wide load averages.","platforms":["darwin","linux"],"columns":[{"name":"period","description":"Period over which the average is calculated.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"average","description":"Load average over the specified period.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"location_services","description":"Reports the status of the Location Services feature of the OS.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 if Location Services are enabled, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logged_in_users","description":"Users with an active shell on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"type","description":"Login type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User login name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Remote hostname","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time entry was made","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"The user's unique security identifier","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"registry_hive","description":"HKEY_USERS registry hive","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"logical_drives","description":"Details for logical drives on the system. A logical drive generally represents a single partition.","platforms":["windows"],"columns":[{"name":"device_id","description":"The drive id, usually the drive name, e.g., 'C:'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Deprecated (always 'Unknown').","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The canonical description of the drive, e.g. 'Logical Fixed Disk', 'CD-ROM Disk'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"free_space","description":"The amount of free space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The total amount of space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_system","description":"The file system of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"boot_partition","description":"True if Windows booted from this drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logon_sessions","description":"Windows Logon Session.","platforms":["windows"],"columns":[{"name":"logon_id","description":"A locally unique identifier (LUID) that identifies a logon session.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The account name of the security principal that owns the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_domain","description":"The name of the domain used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authentication_package","description":"The authentication package used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_type","description":"The logon method.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_id","description":"The Terminal Services session identifier.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_sid","description":"The user's security identifier (SID).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_time","description":"The time the session owner logged on.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_server","description":"The name of the server used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_domain_name","description":"The DNS name for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"upn","description":"The user principal name (UPN) for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_script","description":"The script used for logging on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory_drive","description":"The drive location of the home directory of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_certificates","description":"LXD certificates information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fingerprint","description":"SHA256 hash of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"certificate","description":"Certificate content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster","description":"LXD cluster information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether clustering enabled (1) or not (0) on this node","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_entity","description":"Type of configuration parameter for this node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_name","description":"Name of configuration parameter","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_key","description":"Config key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_value","description":"Config value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_description","description":"Config description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster_members","description":"LXD cluster members information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"url","description":"URL of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"database","description":"Whether the server is a database node (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_images","description":"LXD images information.","platforms":["linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"architecture","description":"Target architecture for the image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"OS on which image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"OS release version on which the image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Image description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Comma-separated list of image aliases","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Filename of the image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_update","description":"Whether the image auto-updates (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"Whether image is cached (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"public","description":"Whether image is public (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of image creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expires_at","description":"ISO time of image expiration","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uploaded_at","description":"ISO time of image upload","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_used_at","description":"ISO time for the most recent use of this image in terms of container spawn","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_server","description":"Server for image update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_protocol","description":"Protocol used for image information update and image import from source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_certificate","description":"Certificate for update source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_alias","description":"Alias of image at update source server","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_config","description":"LXD instance configuration information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"key","description":"Configuration parameter name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Configuration parameter value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_devices","description":"LXD instance devices information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"device","description":"Name of the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_type","description":"Device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Device info param name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Device info param value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instances","description":"LXD instances information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"status","description":"Instance state (running, stopped, etc.)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stateful","description":"Whether the instance is stateful(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ephemeral","description":"Whether the instance is ephemeral(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_image","description":"ID of image used to launch this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Instance architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"The OS of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Instance description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Instance's process ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processes","description":"Number of processes running inside this instance","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_networks","description":"LXD network information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"managed","description":"1 if network created by LXD, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_address","description":"IPv4 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"URLs for containers using this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_received","description":"Number of bytes received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_sent","description":"Number of bytes sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_received","description":"Number of packets received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_sent","description":"Number of packets sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hwaddr","description":"Hardware address for this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Network status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"MTU size","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_storage_pools","description":"LXD storage pool information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Storage pool source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"space_used","description":"Storage space used in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"space_total","description":"Total available storage space in bytes for this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_used","description":"Number of inodes used","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_total","description":"Total number of inodes available in this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"magic","description":"Magic number recognition library table.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute path to target file","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"magic_db_files","description":"Colon(:) separated list of files where the magic db file can be found. By default one of the following is used: /usr/share/file/magic/magic, /usr/share/misc/magic or /usr/share/misc/magic.mgc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Magic number data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_type","description":"MIME type data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_encoding","description":"MIME encoding data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"managed_policies","description":"The managed configuration policies from AD, MDM, MCX, etc.","platforms":["darwin"],"columns":[{"name":"domain","description":"System or manager-chosen domain key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Optional UUID assigned to policy set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Policy key name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Policy value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Policy applies only this user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manual","description":"1 if policy was loaded manually, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_devices","description":"Software RAID array settings.","platforms":["linux"],"columns":[{"name":"device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Current state of the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_level","description":"Current raid level of the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"size of the array in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"chunk_size","description":"chunk size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_disks","description":"Number of configured RAID disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nr_raid_disks","description":"Number of partitions or disk devices to comprise the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"working_disks","description":"Number of working disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active_disks","description":"Number of active disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_disks","description":"Number of failed disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"spare_disks","description":"Number of idle disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_state","description":"State of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_version","description":"Version of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_update_time","description":"Unix timestamp of last update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_on_mem","description":"Pages allocated in in-memory bitmap, if enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_chunk_size","description":"Bitmap chunk size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_external_file","description":"External referenced bitmap file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_progress","description":"Progress of the recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_finish","description":"Estimated duration of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_speed","description":"Speed of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_progress","description":"Progress of the resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_finish","description":"Estimated duration of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_speed","description":"Speed of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_progress","description":"Progress of the reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_finish","description":"Estimated duration of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_speed","description":"Speed of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_progress","description":"Progress of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_finish","description":"Estimated duration of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_speed","description":"Speed of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unused_devices","description":"Unused devices","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"other","description":"Other information associated with array from /proc/mdstat","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_drives","description":"Drive devices used for Software RAID.","platforms":["linux"],"columns":[{"name":"md_device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_name","description":"Drive device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"Slot position of disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the drive","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_personalities","description":"Software RAID setting supported by the kernel.","platforms":["linux"],"columns":[{"name":"name","description":"Name of personality supported by kernel","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mdfind","description":"Run searches against the spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file returned from spotlight","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The query that was run to find the file","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"mdls","description":"Query file metadata in the Spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value stored in the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valuetype","description":"CoreFoundation type of data stored in value","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"memory_array_mapped_addresses","description":"Data associated for address mapping of physical memory arrays.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_handle","description":"Handle of the memory array associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_width","description":"Number of memory devices that form a single row of memory for the address partition of this structure","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_arrays","description":"Data associated with collection of memory devices that operate to form a memory address.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Physical location of the memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"Function for which the array is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_correction","description":"Primary hardware error correction or detection method supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"Maximum capacity of array in gigabytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_info_handle","description":"Handle, or instance number, associated with any error that was detected for the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number_memory_devices","description":"Number of memory devices on array","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_device_mapped_addresses","description":"Data associated for address mapping of physical memory devices.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_device_handle","description":"Handle of the memory device structure associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_mapped_address_handle","description":"Handle of the memory array mapped address to which this device range is mapped to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_row_position","description":"Identifies the position of the referenced memory device in a row of the address partition","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_position","description":"The position of the device in a interleave, i.e. 0 indicates non-interleave, 1 indicates 1st interleave, 2 indicates 2nd interleave, etc.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_data_depth","description":"The max number of consecutive rows from memory device that are accessed in a single interleave transfer; 0 indicates device is non-interleave","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_devices","description":"Physical memory device (type 17) information retrieved from SMBIOS.","platforms":["darwin","linux","windows"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure in SMBIOS","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"array_handle","description":"The memory array that the device is attached to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"form_factor","description":"Implementation form factor for this memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"total_width","description":"Total width, in bits, of this memory device, including any check or error-correction bits","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"data_width","description":"Data width, in bits, of this memory device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of memory device in Megabyte","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"set","description":"Identifies if memory device is one of a set of devices. A value of 0 indicates no set affiliation.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"device_locator","description":"String number of the string that identifies the physically-labeled socket or board position where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bank_locator","description":"String number of the string that identifies the physically-labeled bank where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type","description":"Type of memory used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type_details","description":"Additional details for memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_speed","description":"Max speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_clock_speed","description":"Configured speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Manufacturer ID string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"asset_tag","description":"Manufacturer specific asset tag of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"part_number","description":"Manufacturer specific serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_voltage","description":"Minimum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_voltage","description":"Maximum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_voltage","description":"Configured operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_error_info","description":"Data associated with errors of a physical memory array.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_type","description":"type of error associated with current error status for array or device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_granularity","description":"Granularity to which the error can be resolved","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_operation","description":"Memory access operation that caused the error","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_syndrome","description":"Vendor specific ECC syndrome or CRC data associated with the erroneous access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_error_address","description":"32 bit physical address of the error based on the addressing of the bus to which the memory array is connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_error_address","description":"32 bit physical address of the error relative to the start of the failing memory address, in bytes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_resolution","description":"Range, in bytes, within which this error can be determined, when an error address is given","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_info","description":"Main memory information in bytes.","platforms":["linux"],"columns":[{"name":"memory_total","description":"Total amount of physical RAM, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_free","description":"The amount of physical RAM, in bytes, left unused by the system","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_available","description":"The amount of physical RAM, in bytes, available for starting new applications, without swapping","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"buffers","description":"The amount of physical RAM, in bytes, used for file buffers","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"The amount of physical RAM, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_cached","description":"The amount of swap, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"The total amount of buffer or page cache memory, in bytes, that is in active use","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"The total amount of buffer or page cache memory, in bytes, that are free and available","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_total","description":"The total amount of swap available, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_free","description":"The total amount of swap free, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_map","description":"OS memory region map.","platforms":["linux"],"columns":[{"name":"name","description":"Region name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start","description":"Start address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"End address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mounts","description":"System mounted devices and filesystems (not process specific).","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Mounted device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_alias","description":"Mounted device alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Mounted device path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Mounted device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Block size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Mounted device used blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_free","description":"Mounted device free blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_available","description":"Mounted device available blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Mounted device used inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_free","description":"Mounted device free inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Mounted device flags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"msr","description":"Various pieces of data stored in the model specific register per processor. NOTE: the msr kernel module must be enabled, and osquery must be run as root.","platforms":["linux"],"columns":[{"name":"processor_number","description":"The processor number as reported in /proc/cpuinfo","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_disabled","description":"Whether the turbo feature is disabled.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_ratio_limit","description":"The turbo feature ratio limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_info","description":"Platform information.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_ctl","description":"Performance setting for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_status","description":"Performance status for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"feature_control","description":"Bitfield controlling enabled features.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_limit","description":"Run Time Average Power Limiting power limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_energy_status","description":"Run Time Average Power Limiting energy status.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_units","description":"Run Time Average Power Limiting power units.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"nfs_shares","description":"NFS shares exported by the host.","platforms":["darwin"],"columns":[{"name":"share","description":"Filesystem path to the share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Options string set on the export share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly","description":"1 if the share is exported readonly else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"npm_packages","description":"Node packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package-supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Package-supplied author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where node_modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"ntdomains","description":"Display basic NT domain information of a Windows machine.","platforms":["windows"],"columns":[{"name":"name","description":"The label by which the object is known.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"client_site_name","description":"The name of the site where the domain controller is configured.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dc_site_name","description":"The name of the site where the domain controller is located.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_forest_name","description":"The name of the root of the DNS tree.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_address","description":"The IP Address of the discovered domain controller..","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_name","description":"The name of the discovered domain controller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_name","description":"The name of the domain.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"The current status of the domain object.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_acl_permissions","description":"Retrieve NTFS ACL permission information for files and directories.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the file or directory.","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"type","description":"Type of access mode for the access control entry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"principal","description":"User or group to which the ACE applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"access","description":"Specific permissions that indicate the rights described by the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inherited_from","description":"The inheritance policy of the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_journal_events","description":"Track time/action changes to files specified in configuration data.","platforms":["windows"],"columns":[{"name":"action","description":"Change action (Write, Delete, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category that the event originated from","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"old_path","description":"Old path (renames only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_timestamp","description":"Journal record timestamp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_usn","description":"The update sequence number that identifies the journal record","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"node_ref_number","description":"The ordinal that associates a journal record with a filename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent_ref_number","description":"The ordinal that associates a journal record with a filename's parent directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"The drive letter identifying the source journal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"file_attributes","description":"File attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"Set to 1 if either path or old_path only contains the file or folder name","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"nvram","description":"Apple NVRAM variable listing.","platforms":["darwin"],"columns":[{"name":"name","description":"Variable name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Data type (CFData, CFString, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Raw variable data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"oem_strings","description":"OEM defined strings retrieved from SMBIOS.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the Type 11 structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"The string index of the structure","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The value of the OEM string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"office_mru","description":"View recently opened Office documents.","platforms":["windows"],"columns":[{"name":"application","description":"Associated Office application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Office application version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"Most recent opened time file was opened","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"os_version","description":"A single row containing the operating system name and version.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Distribution or product name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Pretty, suitable for presentation, OS version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major","description":"Major release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor","description":"Minor release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"patch","description":"Optional patch release","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build","description":"Optional build-specific or variant string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"OS Platform or ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_like","description":"Closely related platforms","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"codename","description":"OS version codename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"OS Architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Optional extra release specification","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"install_date","description":"The install date of the OS.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"osquery_events","description":"Information about the event publishers and subscribers.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Event publisher or subscriber name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the associated publisher","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either publisher or subscriber","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscriptions","description":"Number of subscriptions the publisher received or subscriber used","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"events","description":"Number of events emitted or received since osquery started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refreshes","description":"Publisher only: number of runloop restarts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 if the publisher or subscriber is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_extensions","description":"List of active osquery extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"uuid","description":"The transient ID assigned for communication","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension's version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk_version","description":"osquery SDK version used to build the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the extension's Thrift connection or library path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"SDK extension type: core, extension, or module","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_flags","description":"Configurable flags that modify osquery's behavior.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Flag name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Flag type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Flag description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_value","description":"Flag default value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Flag value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell_only","description":"Is the flag shell only?","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_info","description":"Top level information about the running version of osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread/handle) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_id","description":"Unique, long-lived ID per instance of osquery","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"osquery toolkit version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_hash","description":"Hash of the working configuration state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_valid","description":"1 if the config was loaded and considered valid, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"extensions","description":"osquery extensions status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_platform","description":"osquery toolkit build platform","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_distro","description":"osquery toolkit platform distribution name (os version)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"UNIX time in seconds when the process started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"watcher","description":"Process (or thread/handle) ID of optional watcher process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_mask","description":"The osquery platform bitmask","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_packs","description":"Information about the current query packs that are loaded in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query pack","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"Platforms this query is supported on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Minimum osquery version that this query will run on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shard","description":"Shard restriction limit, 1-100, 0 meaning no restriction","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_cache_hits","description":"The number of times that the discovery query used cached values since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_executions","description":"The number of times that the discovery queries have been executed since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_registry","description":"List the osquery registry plugins.","platforms":["darwin","linux","windows"],"columns":[{"name":"registry","description":"Name of the osquery registry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the plugin item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uuid","description":"Extension route UUID (0 for core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internal","description":"1 If the plugin is internal else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If this plugin is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_schedule","description":"Information about the current queries that are scheduled in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The exact query to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"The interval in seconds to run this query, not an exact interval","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"executions","description":"Number of times the query was executed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_executed","description":"UNIX time stamp in seconds of the last completed execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"denylisted","description":"1 if the query is denylisted else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"output_size","description":"Cumulative total number of bytes generated by the resultant rows of the query","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time","description":"Total wall time in seconds spent executing (deprecated), hidden=True","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time_ms","description":"Total wall time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_wall_time_ms","description":"Wall time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"Total user time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_user_time","description":"User time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"Total system time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_system_time","description":"System time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"average_memory","description":"Average of the bytes of resident memory left allocated after collecting results","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_memory","description":"Resident memory in bytes left allocated after collecting results of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_bom","description":"macOS package bill of materials (BOM) file list.","platforms":["darwin"],"columns":[{"name":"filepath","description":"Package file or directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Expected user of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Expected group of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Expected permissions","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Timestamp the file was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of package bom","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"package_install_history","description":"macOS package install history.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Label packageIdentifiers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Label date as UNIX timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package display version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Install source: usually the installer process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"content_type","description":"Package content_type (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_receipts","description":"macOS package receipt details.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Package domain identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_filename","description":"Filename of original .pkg file","type":"text","notes":"","hidden":true,"required":false,"index":true},{"name":"version","description":"Installed package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Optional relative install path on volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Timestamp of install time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"installer_name","description":"Name of installer process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of receipt plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"password_policy","description":"Password Policies for macOS.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID for the policy, -1 for policies that are global","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"policy_identifier","description":"Policy Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_content","description":"Policy content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_description","description":"Policy description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"patches","description":"Lists all the patches applied. Note: This does not include patches applied via MSI or downloaded from Windows Update (e.g. Service Packs).","platforms":["windows"],"columns":[{"name":"csname","description":"The name of the host the patch is installed on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hotfix_id","description":"The KB ID of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Short description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Fuller description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fix_comments","description":"Additional comments about the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_by","description":"The system context in which the patch as installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_on","description":"The date when the patch was installed.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pci_devices","description":"PCI devices active on the host system.","platforms":["darwin","linux"],"columns":[{"name":"pci_slot","description":"PCI Device used slot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class","description":"PCI Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"PCI Device used driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"PCI Device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded PCI Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"PCI Device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded PCI Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class_id","description":"PCI Device class ID in hex format","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass_id","description":"PCI Device subclass in hex format","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass","description":"PCI Device subclass","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor_id","description":"Vendor ID of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor","description":"Vendor of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model_id","description":"Model ID of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model","description":"Device description of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"physical_disk_performance","description":"Provides provides raw data from performance counters that monitor hard or fixed disk drives on the system.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the physical disk","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_read","description":"Average number of bytes transferred from the disk during read operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_write","description":"Average number of bytes transferred to the disk during write operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_read_queue_length","description":"Average number of read requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_write_queue_length","description":"Average number of write requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_read","description":"Average time, in seconds, of a read operation of data from the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_write","description":"Average time, in seconds, of a write operation of data to the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_disk_queue_length","description":"Number of requests outstanding on the disk at the time the performance data is collected","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_read_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_write_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read or write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_idle_time","description":"Percentage of time during the sample interval that the disk was idle","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pipes","description":"Named and Anonymous pipes.","platforms":["windows"],"columns":[{"name":"pid","description":"Process ID of the process to which the pipe belongs","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the pipe","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instances","description":"Number of instances of the named pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_instances","description":"The maximum number of instances creatable for this pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"The flags indicating whether this pipe connection is a server or client end, and if the pipe for sending messages or bytes","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"platform_info","description":"Information about EFI/UEFI/ROM and platform/boot.","platforms":["darwin","linux","windows"],"columns":[{"name":"vendor","description":"Platform code vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Platform code version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Self-reported platform code update date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"BIOS major and minor revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Platform-specific additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_type","description":"The type of firmware (uefi, bios, iboot, openfirmware, unknown).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Relative address of firmware mapping","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"size","description":"Size in bytes of firmware","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"volume_size","description":"(Optional) size of firmware volume","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"plist","description":"Read and parse a plist file.","platforms":["darwin"],"columns":[{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subkey","description":"Intermediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"(required) read preferences from a plist","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"portage_keywords","description":"A summary about portage configurations like keywords, mask and unmask.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keyword","description":"The keyword applied to the package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"If the package is masked","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"unmask","description":"If the package is unmasked","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_packages","description":"List of currently installed packages.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"The slot used by package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Unix time when package was built","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"repository","description":"From which repository the ebuild was used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eapi","description":"The eapi for the ebuild","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the package","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"world","description":"If package is in the world file","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_use","description":"List of enabled portage USE values for specific package.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version of the installed package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"USE flag which has been enabled for package","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"power_sensors","description":"Machine power (currents, voltages, wattages, etc) sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"category","description":"The sensor category: currents, voltage, wattage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of power source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Power in Watts","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"powershell_events","description":"Powershell script blocks reconstructed to their full script content, this table requires script block logging to be enabled.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received by the osquery event publisher","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the Powershell script event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_id","description":"The unique GUID of the powershell script to which this block belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_count","description":"The total number of script blocks for this script","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"The text content of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_name","description":"The name of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_path","description":"The path for the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cosine_similarity","description":"How similar the Powershell script is to a provided 'normal' character frequency","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"preferences","description":"macOS defaults and managed preferences.","platforms":["darwin"],"columns":[{"name":"domain","description":"Application ID usually in com.name.product format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"subkey","description":"Intemediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"forced","description":"1 if the value is forced/managed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"(optional) read preferences for a specific user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"'current' or 'any' host, where 'current' takes precedence","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prefetch","description":"Prefetch files show metadata related to file execution.","platforms":["windows"],"columns":[{"name":"path","description":"Prefetch file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Executable filename.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash","description":"Prefetch CRC hash.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Most recent time application was run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"other_run_times","description":"Other execution times in prefetch file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_count","description":"Number of times the application has been run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Application file size.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_creation","description":"Volume creation time.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files_count","description":"Number of files accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories_count","description":"Number of directories accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files","description":"Files accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories","description":"Directories accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_envs","description":"A key/value table of environment variables for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_etw_events","description":"Windows process execution events.","platforms":["windows"],"columns":[{"name":"type","description":"Event Type (ProcessStart, ProcessStop)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"session_id","description":"Session ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Process Flags","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit Code - Present only on ProcessStop events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command Line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"User rights - primary token username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"token_elevation_type","description":"Primary token elevation type - Present only on ProcessStart events","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"token_elevation_status","description":"Primary token elevation status - Present only on ProcessStart events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mandatory_label","description":"Primary token mandatory label sid - Present only on ProcessStart events","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Event timestamp in DATETIME format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time_windows","description":"Event timestamp in Windows format","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"time","description":"Event timestamp in Unix format","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"header_pid","description":"Process ID of the process reporting the event","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"process_sequence_number","description":"Process Sequence Number - Present only on ProcessStart events","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"parent_process_sequence_number","description":"Parent Process Sequence Number - Present only on ProcessStart events","type":"bigint","notes":"","hidden":true,"required":false,"index":false}]},{"name":"process_events","description":"Track time/action process executions.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File mode permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_size","description":"Actual size (bytes) of command line arguments","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env_size","description":"Actual size (bytes) of environment list","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"File owner user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_gid","description":"File owner group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"File last access in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"File modification in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"File last metadata change in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"File creation in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"overflows","description":"List of structures that overflowed","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"parent","description":"Process parent's PID, or -1 if cannot be determined.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"status","description":"OpenBSM Attribute: Status of the process","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"fsuid","description":"Filesystem user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"suid","description":"Saved user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"fsgid","description":"Filesystem group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"sgid","description":"Saved group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"syscall","description":"Syscall name: fork, vfork, clone, execve, execveat","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"process_file_events","description":"A File Integrity Monitor implementation using the audit service.","platforms":["linux"],"columns":[{"name":"operation","description":"Operation type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"executable","description":"The executable path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"True if this is a partial event (i.e.: this process existed before we started osquery)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The current working directory of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_path","description":"The canonical path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The uid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"The gid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsgid","description":"Filesystem group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"process_memory_map","description":"Process memory mapped files and pseudo device/regions.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"start","description":"Virtual start address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"Virtual end address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"r=read, w=write, x=execute, p=private (cow)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"Offset into mapped path","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"MA:MI Major/minor device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Mapped path inode, 0 means uninitialized (BSS)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to mapped file or mapped type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pseudo","description":"1 If path is a pseudo path, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_namespaces","description":"Linux namespaces for processes running on the host system.","platforms":["linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"cgroup_namespace","description":"cgroup namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipc_namespace","description":"ipc namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mnt_namespace","description":"mnt namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"net namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_namespace","description":"pid namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_namespace","description":"user namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uts_namespace","description":"uts namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_files","description":"File descriptors for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Process-specific file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Filesystem path of descriptor","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_pipes","description":"Pipes and partner processes for each process.","platforms":["linux"],"columns":[{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"File descriptor","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Pipe open mode (r/w)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Pipe inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Pipe Type: named vs unnamed/anonymous","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_pid","description":"Process ID of partner process sharing a particular pipe","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_fd","description":"File descriptor of shared pipe at partner's end","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_mode","description":"Mode of shared pipe at partner's end","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_sockets","description":"Processes which have open network sockets on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Socket local address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Socket remote address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Socket local port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Socket remote port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"For UNIX sockets (family=AF_UNIX), the domain path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"TCP socket state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"programs","description":"Represents products as they are installed by Windows Installer. A product generally correlates to one installation package on Windows. Some fields may be blank as Windows installation details are left to the discretion of the product author.","platforms":["windows"],"columns":[{"name":"name","description":"Commonly used product name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Product version information.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_location","description":"The installation location directory of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_source","description":"The installation source of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"language","description":"The language of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the product supplier.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uninstall_string","description":"Path and filename of the uninstaller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Date that this product was installed on the system. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifying_number","description":"Product identification such as a serial number on software, or a die number on a hardware chip.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prometheus_metrics","description":"Retrieve metrics from a Prometheus server.","platforms":["darwin","linux"],"columns":[{"name":"target_name","description":"Address of prometheus target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_name","description":"Name of collected Prometheus metric","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_value","description":"Value of collected Prometheus metric","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp_ms","description":"Unix timestamp of collected data in MS","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"python_packages","description":"Python packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where Python modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"quicklook_cache","description":"Files and thumbnails within macOS's Quicklook Cache.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rowid","description":"Quicklook file rowid key","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"fs_id","description":"Quicklook file fs_id key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_id","description":"Parsed volume ID from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Parsed file ID (inode) from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Parsed version date field","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Parsed version size field","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Parsed version 'gen' field","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_hit_date","description":"Apple date format for last thumbnail cache hit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hit_count","description":"Number of cache hits on thumbnail","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icon_mode","description":"Thumbnail icon mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cache_path","description":"Path to cache data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"registry","description":"All of the Windows registry hives.","platforms":["windows"],"columns":[{"name":"key","description":"Name of the key to search for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Full path to the value","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the registry value entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the registry value, or 'subkey' if item is a subkey","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data content of registry value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"timestamp of the most recent registry write","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"routes","description":"The active route table for the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"destination","description":"Destination IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Netmask length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Route gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Route source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags to describe route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Route local interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Maximum Transmission Unit for the route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Cost of route. Lowest is preferred","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of route","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hopcount","description":"Max hops expected","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"rpm_package_files","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"package","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"path","description":"File path within the package","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"username","description":"File default username from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"File default groupname from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File permissions mode from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size in bytes from RPM info DB","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 file digest from RPM info DB","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"rpm_packages","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"name","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"release","description":"Package release","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source RPM package name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the package contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Architecture(s) supported","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"epoch","description":"Package epoch value","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"install_time","description":"When the package was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Package vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_group","description":"Package group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"running_apps","description":"macOS applications currently running on the host system.","platforms":["darwin"],"columns":[{"name":"pid","description":"The pid of the application","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_identifier","description":"The bundle identifier of the application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"is_active","description":"(DEPRECATED)","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"safari_extensions","description":"Safari browser extension details for all users. This table requires Full Disk Access (FDA) permission.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension long version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Bundle SDK used to compile extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Optional developer identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional extension description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension XAR bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"The version of the build that identifies an iteration of the bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"copyright","description":"A human-readable copyright notice for the bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extension_type","description":"Extension Type: WebOrAppExtension or LegacyExtension","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sandboxes","description":"macOS application sandboxes container details.","platforms":["darwin"],"columns":[{"name":"label","description":"UTI-format bundle or label ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Sandbox owner","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Application sandboxings enabled on container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_id","description":"Sandbox-specific identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"Application bundle used by the sandbox","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to sandbox container directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"scheduled_tasks","description":"Lists all of the tasks in the Windows task scheduler.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Actions executed by the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the executable to be run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether or not the scheduled task is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"Whether or not the task is visible in the UI","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Timestamp the task last ran","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"next_run_time","description":"Timestamp the task is scheduled to run next","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_message","description":"Exit status message of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_code","description":"Exit status code of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"screenlock","description":"macOS screenlock status. Note: only fetches results for osquery's current logged-in user context. The user must also have recently logged in.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 If a password is required after sleep or the screensaver begins; else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grace_period","description":"The amount of time in seconds the screen must be asleep or the screensaver on before a password is required on-wake. 0 = immediately; -1 = no password is required on-wake","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"seccomp_events","description":"A virtual table that tracks seccomp events.","platforms":["linux"],"columns":[{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID (loginuid) of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ses","description":"Session ID of the session from which the analyzed process was invoked","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exe","description":"The path to the executable that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sig","description":"Signal value sent to process by seccomp","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Information about the CPU architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"Type of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compat","description":"Is system call in compatibility mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ip","description":"Instruction pointer value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code","description":"The seccomp action","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"secureboot","description":"Secure Boot UEFI Settings.","platforms":["darwin","linux","windows"],"columns":[{"name":"secure_boot","description":"Whether secure boot is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"secure_mode","description":"Secure mode for Intel-based macOS: 0 disabled, 1 full security, 2 medium security","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"setup_mode","description":"Whether setup mode is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","windows","win32","cygwin"]}]},{"name":"security_profile_info","description":"Information on the security profile of a given system by listing the system Account and Audit Policies. This table mimics the exported securitypolicy output from the secedit tool.","platforms":["windows"],"columns":[{"name":"minimum_password_age","description":"Determines the minimum number of days that a password must be used before the user can change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_password_age","description":"Determines the maximum number of days that a password can be used before the client requires the user to change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_password_length","description":"Determines the least number of characters that can make up a password for a user account","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_complexity","description":"Determines whether passwords must meet a series of strong-password guidelines","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_history_size","description":"Number of unique new passwords that must be associated with a user account before an old password can be reused","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lockout_bad_count","description":"Number of failed logon attempts after which a user account MUST be locked out","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_to_change_password","description":"Determines if logon session is required to change the password","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"force_logoff_when_expire","description":"Determines whether SMB client sessions with the SMB server will be forcibly disconnected when the client's logon hours expire","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"new_administrator_name","description":"Determines the name of the Administrator account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"new_guest_name","description":"Determines the name of the Guest account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"clear_text_password","description":"Determines whether passwords MUST be stored by using reversible encryption","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lsa_anonymous_name_lookup","description":"Determines if an anonymous user is allowed to query the local LSA policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_admin_account","description":"Determines whether the Administrator account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_guest_account","description":"Determines whether the Guest account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_system_events","description":"Determines whether the operating system MUST audit System Change, System Startup, System Shutdown, Authentication Component Load, and Loss or Excess of Security events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_logon_events","description":"Determines whether the operating system MUST audit each instance of a user attempt to log on or log off this computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_object_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access a non-Active Directory object that has its own SACL specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_privilege_use","description":"Determines whether the operating system MUST audit each instance of user attempts to exercise a user right","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_policy_change","description":"Determines whether the operating system MUST audit each instance of user attempts to change user rights assignment policy, audit policy, account policy, or trust policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_manage","description":"Determines whether the operating system MUST audit each event of account management on a computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_process_tracking","description":"Determines whether the operating system MUST audit process-related events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_ds_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access an Active Directory object that has its own system access control list (SACL) specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_logon","description":"Determines whether the operating system MUST audit each time this computer validates the credentials of an account","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"selinux_events","description":"Track SELinux events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"selinux_settings","description":"Track active SELinux settings.","platforms":["linux"],"columns":[{"name":"scope","description":"Where the key is located inside the SELinuxFS mount point.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key or class name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Active value.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"services","description":"Lists all installed Windows services and their relevant data.","platforms":["windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_type","description":"Service Type: OWN_PROCESS, SHARE_PROCESS and maybe Interactive (can interact with the desktop)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Service Display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Service Current status: STOPPED, START_PENDING, STOP_PENDING, RUNNING, CONTINUE_PENDING, PAUSE_PENDING, PAUSED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the Process ID of the service","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"start_type","description":"Service start type: BOOT_START, SYSTEM_START, AUTO_START, DEMAND_START, DISABLED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win32_exit_code","description":"The error code that the service uses to report an error that occurs when it is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_exit_code","description":"The service-specific error code that the service returns when an error occurs while the service is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Service Executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_path","description":"Path to ServiceDll","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Service Description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account","description":"The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\\UserName. If the account belongs to the built-in domain, the name can be of the form .\\UserName.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shadow","description":"Local system users encrypted passwords and related information. Please note, that you usually need superuser rights to access `/etc/shadow`.","platforms":["linux"],"columns":[{"name":"password_status","description":"Password status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash_alg","description":"Password hashing algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Date of last password change (starting from UNIX epoch date)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimal number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"warning","description":"Number of days before password expires to warn user about it","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Number of days after password expires until account is blocked","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"expire","description":"Number of days since UNIX epoch date until account is disabled","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flag","description":"Reserved","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"shared_folders","description":"Folders available to others via SMB or AFP.","platforms":["darwin"],"columns":[{"name":"name","description":"The shared name of the folder as it appears to other users","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute path of shared folder on the local system","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_memory","description":"OS shared memory regions.","platforms":["linux"],"columns":[{"name":"shmid","description":"Shared memory segment ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"User ID of owning process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_uid","description":"User ID of creator process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID to last use the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_pid","description":"Process ID that created the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Attached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"dtime","description":"Detached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Changed time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Memory segment permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"attached","description":"Number of attached processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Destination/attach status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"locked","description":"1 if segment is locked else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_resources","description":"Displays shared resources on a computer system running Windows. This may be a disk drive, printer, interprocess communication, or other sharable device.","platforms":["windows"],"columns":[{"name":"description","description":"A textual description of the object","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the object was installed. Lack of a value does not indicate that the object is not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"String that indicates the current status of the object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_maximum","description":"Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_allowed","description":"Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Alias given to a path set up as a share on a computer system running Windows.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local path of the Windows share.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Human readable value for the 'type' column","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sharing_preferences","description":"macOS Sharing preferences.","platforms":["darwin"],"columns":[{"name":"screen_sharing","description":"1 If screen sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"file_sharing","description":"1 If file sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"printer_sharing","description":"1 If printer sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_login","description":"1 If remote login is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_management","description":"1 If remote management is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_apple_events","description":"1 If remote apple events are enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internet_sharing","description":"1 If internet sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bluetooth_sharing","description":"1 If bluetooth sharing is enabled for any user else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disc_sharing","description":"1 If CD or DVD sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content_caching","description":"1 If content caching is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shell_history","description":"A line-delimited (command) table of per-user .*_history data.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"Shell history owner","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp. It could be absent, default value is 0.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Unparsed date/line/command history line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"history_file","description":"Path to the .*_history for this user","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shellbags","description":"Shows directories accessed via Windows Explorer.","platforms":["windows"],"columns":[{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Shellbags source Registry file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Directory name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Directory Modified time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_time","description":"Directory Created time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_time","description":"Directory Accessed time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_entry","description":"Directory master file table entry.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_sequence","description":"Directory master file table sequence.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shimcache","description":"Application Compatibility Cache, contains artifacts of execution.","platforms":["windows"],"columns":[{"name":"entry","description":"Execution order.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the executed file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"File Modified time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"execution_flag","description":"Boolean Execution flag, 1 for execution, 0 for no execution, -1 for missing (this flag does not exist on Windows 10 and higher).","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"signature","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["darwin"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"hash_resources","description":"Set to 1 to also hash resources, or 0 otherwise. Default is 1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"If applicable, the arch of the signed code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"1 If the file is signed else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"The signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Hash of the application Code Directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_identifier","description":"The team signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority","description":"Certificate Common Name","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sip_config","description":"Apple's System Integrity Protection (rootless) status.","platforms":["darwin"],"columns":[{"name":"config_flag","description":"The System Integrity Protection config flag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled_nvram","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smbios_tables","description":"BIOS (DMI) structure common details and content.","platforms":["darwin","linux"],"columns":[{"name":"number","description":"Table entry number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Table entry type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Table entry description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handle","description":"Table entry handle","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"header_size","description":"Header size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Table entry size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smc_keys","description":"Apple's system management controller keys.","platforms":["darwin"],"columns":[{"name":"key","description":"4-character key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"SMC-reported type literal type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Reported size of data in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"A type-encoded representation of the key value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"1 if this key is normally hidden, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"socket_events","description":"Track network socket opens and closes.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"The socket action (bind, listen, close)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Either 'succeeded', 'failed', 'in_progress' (connect() on non-blocking socket) or 'no_client' (null accept() on non-blocking socket)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"The local path (UNIX domain socket only)","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"success","description":"Deprecated. Use the 'status' column instead","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ssh_configs","description":"A table of parsed ssh_configs.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local owner of the ssh_config file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block","description":"The host or match block","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"The option and value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_config_file","description":"Path to the ssh_config file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"startup_items","description":"Applications and binaries set as user/login startup items.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Name of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"args","description":"Arguments provided to startup executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Startup Item or Login Item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Directory or plist containing startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Startup status; either enabled or disabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"The user associated with the startup item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sudoers","description":"Rules for running commands as other users via sudo.","platforms":["darwin","linux"],"columns":[{"name":"source","description":"Source file containing the given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"header","description":"Symbol for given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rule_details","description":"Rule definition","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"suid_bin","description":"suid binaries in common locations.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Binary owner username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Binary owner group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Binary permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"syslog_events","description":"","platforms":["linux"],"columns":[{"name":"time","description":"Current unix epoch time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Time known to syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Hostname configured for syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"severity","description":"Syslog severity","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Syslog facility","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tag","description":"The syslog tag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"The syslog message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"system_controls","description":"sysctl names, values, and settings information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Full sysctl MIB name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"oid","description":"Control MIB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"Subsystem ID, control type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_value","description":"Value of setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_value","description":"The MIB value set in /etc/sysctl.conf","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Data type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"field_name","description":"Specific attribute of opaque type","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"system_extensions","description":"macOS (>= 10.15) system extension table.","platforms":["darwin"],"columns":[{"name":"path","description":"Original path of system extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"UUID","description":"Extension unique id","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"System extension state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Identifier name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"System extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"System extension category","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"System extension bundle path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team","description":"Signing team ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mdm_managed","description":"1 if managed by MDM system extension payload configuration, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"system_info","description":"System information for identification.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Network hostname including domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"CPU type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"CPU subtype","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_brand","description":"CPU brand string, contains vendor and model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_physical_cores","description":"Number of physical CPU cores in to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_logical_cores","description":"Number of logical CPU cores available to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_sockets","description":"Number of processor sockets in the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_microcode","description":"Microcode version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_memory","description":"Total physical memory in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_vendor","description":"Hardware vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hardware model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_version","description":"Hardware version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_serial","description":"Device serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_vendor","description":"Board vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_model","description":"Board model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_version","description":"Board version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_serial","description":"Board serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Friendly computer name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Local hostname (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"systemd_units","description":"Track systemd units.","platforms":["linux"],"columns":[{"name":"id","description":"Unique unit identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Unit description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"load_state","description":"Reflects whether the unit definition was properly loaded","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"active_state","description":"The high-level unit activation state, i.e. generalization of SUB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sub_state","description":"The low-level unit activation state, values depend on unit type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unit_file_state","description":"Whether the unit file is enabled, e.g. `enabled`, `masked`, `disabled`, etc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"following","description":"The name of another unit that this unit follows in state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_path","description":"The object path for this unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_id","description":"Next queued job id","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"job_type","description":"Job type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_path","description":"The object path for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fragment_path","description":"The unit file path this unit was read from, if there is any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The configured user, if any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_path","description":"Path to the (possibly generated) unit configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"temperature_sensors","description":"Machine's temperature sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of temperature source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"celsius","description":"Temperature in Celsius","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"fahrenheit","description":"Temperature in Fahrenheit","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time","description":"Track current date and time in UTC.","platforms":["darwin","linux","windows"],"columns":[{"name":"weekday","description":"Current weekday in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"year","description":"Current year in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"Current month in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"day","description":"Current day in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"Current hour in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Current minutes in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Current seconds in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timezone","description":"Timezone for reported time (hardcoded to UTC)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_timezone","description":"Current local timezone in of the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unix_time","description":"Current UNIX time in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp","description":"Current timestamp (log format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Current date and time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iso_8601","description":"Current time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win_timestamp","description":"Timestamp value in 100 nanosecond units","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"time_machine_backups","description":"Backups to drives using TimeMachine.","platforms":["darwin"],"columns":[{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"backup_date","description":"Backup Date","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time_machine_destinations","description":"Locations backed up to using Time Machine.","platforms":["darwin"],"columns":[{"name":"alias","description":"Human readable name of drive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"consistency_scan_date","description":"Consistency scan date","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"root_volume_uuid","description":"Root UUID of backup volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_available","description":"Bytes available on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_used","description":"Bytes used on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption","description":"Last known encrypted state","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"tpm_info","description":"A table that lists the TPM related information.","platforms":["windows"],"columns":[{"name":"activated","description":"TPM is activated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"TPM is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owned","description":"TPM is owned","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_version","description":"TPM version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_id","description":"TPM manufacturers ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_name","description":"TPM manufacturers name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"product_name","description":"Product name of the TPM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_presence_version","description":"Version of the Physical Presence Interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"spec_version","description":"Trusted Computing Group specification that the TPM supports","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ulimit_info","description":"System resource usage limits.","platforms":["darwin","linux"],"columns":[{"name":"type","description":"System resource to be limited","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"soft_limit","description":"Current limit value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_limit","description":"Maximum limit value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"unified_log","description":"Queries the OSLog framework for entries in the system log. The maximum number of rows returned is limited for performance issues. Use timestamp > or >= constraints to optimize query performance. This table introduces a new idiom for extracting sequential data in batches using multiple queries, ordered by timestamp. To trigger it, the user should include the condition \"timestamp > -1\", and the table will handle pagination. Note that the saved pagination counter is incremented globally across all queries and table invocations within a query. To avoid multiple table invocations within a query, use only AND and = constraints in WHERE clause.","platforms":["darwin"],"columns":[{"name":"timestamp","description":"unix timestamp associated with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"storage","description":"the storage category for the entry","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"composed message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"activity","description":"the activity ID associate with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"process","description":"the name of the process that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the pid of the process that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"the name of the binary image that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"the tid of the thread that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"the category of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"the subsystem of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"the severity level of the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_rows","description":"the max number of rows returned (defaults to 100)","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"predicate","description":"predicate to search (see `log help predicates`), note that this is merged into the predicate created from the column constraints","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"uptime","description":"Track time passed since last boot. Some systems track this as calendar time, some as runtime.","platforms":["darwin","linux","windows"],"columns":[{"name":"days","description":"Days of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hours","description":"Hours of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Minutes of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Seconds of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"total_seconds","description":"Total uptime seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"usb_devices","description":"USB devices that are actively plugged into the host system.","platforms":["darwin","linux"],"columns":[{"name":"usb_address","description":"USB Device used address","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"usb_port","description":"USB Device used port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"USB Device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded USB Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"USB Device version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"USB Device model string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded USB Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"USB Device serial connection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"USB Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subclass","description":"USB Device subclass","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"USB Device protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"removable","description":"1 If USB device is removable else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_events","description":"Track user events from the audit framework.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The file description for the process socket","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Supplied path from event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"The Internet protocol address or family ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"terminal","description":"The network protocol ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"user_groups","description":"Local system user group relationships.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"user_interaction_events","description":"Track user interaction events from macOS' event tapping framework.","platforms":["darwin"],"columns":[{"name":"time","description":"Time","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_ssh_keys","description":"Returns the private keys in the users ~/.ssh directory and whether or not they are encrypted.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the key file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to key file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"encrypted","description":"1 if key is encrypted, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"key_type","description":"The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"userassist","description":"UserAssist Registry Key tracks when a user executes an application from Windows Explorer.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of times the application has been executed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"video_info","description":"Retrieve video card information of the machine.","platforms":["windows"],"columns":[{"name":"color_depth","description":"The amount of bits per pixel to represent color.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"The driver of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_date","description":"The date listed on the installed driver.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_version","description":"The version of the installed driver.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"series","description":"The series of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"video_mode","description":"The current resolution of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"virtual_memory_info","description":"Darwin Virtual Memory statistics.","platforms":["darwin"],"columns":[{"name":"free","description":"Total number of free pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Total number of active pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Total number of inactive pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"speculative","description":"Total number of speculative pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"throttled","description":"Total number of throttled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired","description":"Total number of wired down pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purgeable","description":"Total number of purgeable pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"faults","description":"Total number of calls to vm_faults.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"copy","description":"Total number of copy-on-write pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"zero_fill","description":"Total number of zero filled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"reactivated","description":"Total number of reactivated pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purged","description":"Total number of purged pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_backed","description":"Total number of file backed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"anonymous","description":"Total number of anonymous pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uncompressed","description":"Total number of uncompressed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressor","description":"The number of pages used to store compressed VM pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"decompressed","description":"The total number of pages that have been decompressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressed","description":"The total number of pages that have been compressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_ins","description":"The total number of requests for pages from a pager.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_outs","description":"Total number of pages paged out.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_ins","description":"The total number of compressed pages that have been swapped out to disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_outs","description":"The total number of compressed pages that have been swapped back in from disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_networks","description":"macOS known/remembered Wi-Fi networks list.","platforms":["darwin"],"columns":[{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_connected","description":"Last time this network was connected to as a unix_time","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"passpoint","description":"1 if Passpoint is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"possibly_hidden","description":"1 if network is possibly a hidden network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"roaming","description":"1 if roaming is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"roaming_profile","description":"Describe the roaming profile, usually one of Single, Dual or Multi","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_login","description":"1 if auto login is enabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"temporarily_disabled","description":"1 if this network is temporarily disabled, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 if this network is disabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"add_reason","description":"Shows why this network was added, via menubar or command line or something else ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"added_at","description":"Time this network was added as a unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_portal","description":"1 if this network has a captive portal, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_login_date","description":"Time this network logged in to a captive portal as unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"was_captive_network","description":"1 if this network was previously a captive network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_join","description":"1 if this network set to join automatically, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"personal_hotspot","description":"1 if this network is a personal hotspot, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_status","description":"macOS current WiFi status.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"transmit_rate","description":"The current transmit rate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"The current operating mode for the Wi-Fi interface","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_survey","description":"Scan for nearby WiFi networks.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"winbaseobj","description":"Lists named Windows objects in the default object directories, across all terminal services sessions. Example Windows ojbect types include Mutexes, Events, Jobs and Semaphors.","platforms":["windows"],"columns":[{"name":"session_id","description":"Terminal Services Session Id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"object_name","description":"Object Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_type","description":"Object Type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_crashes","description":"Extracted information from Windows crash logs (Minidumps).","platforms":["windows"],"columns":[{"name":"datetime","description":"Timestamp (log format) of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module","description":"Path of the crashed module within the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the executable file for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID of the crashed thread","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"File version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_uptime","description":"Uptime of the process in seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Multiple stack frames from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_code","description":"The Windows exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_message","description":"The NTSTATUS error message associated with the exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_address","description":"Address (in hex) where the exception occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The values of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line","description":"Command-line string passed to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_directory","description":"Current working directory of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username of the user who ran the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"machine_name","description":"Name of the machine where the crash happened","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major_version","description":"Windows major version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor_version","description":"Windows minor version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_number","description":"Windows build number of the crashing machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Path of the log file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_eventlog","description":"Table for querying all recorded Windows event logs.","platforms":["windows"],"columns":[{"name":"channel","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_range","description":"System time to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"timestamp","description":"Timestamp to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"xpath","description":"The custom query to filter events","type":"text","notes":"","hidden":true,"required":true,"index":false}]},{"name":"windows_events","description":"Windows Event logs.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"The severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"windows_firewall_rules","description":"Provides the list of Windows firewall rules.","platforms":["windows"],"columns":[{"name":"name","description":"Friendly name of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"app_name","description":"Friendly name of the application to which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Action for the rule or default setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if the rule is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grouping","description":"Group to which an individual rule belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"direction","description":"Direction of traffic for which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"IP protocol of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_addresses","description":"Local addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_addresses","description":"Remote addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ports","description":"Local ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_ports","description":"Remote ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icmp_types_codes","description":"ICMP types and codes for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_domain","description":"1 if the rule profile type is domain","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_private","description":"1 if the rule profile type is private","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_public","description":"1 if the rule profile type is public","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_name","description":"Service name property of the application","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_optional_features","description":"Lists names and installation states of windows features. Maps to Win32_OptionalFeature WMI class.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Caption of feature in settings UI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Installation state value. 1 == Enabled, 2 == Disabled, 3 == Absent","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"statename","description":"Installation state name. 'Enabled','Disabled','Absent'","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_search","description":"Run searches against the Windows system index database using Advanced Query Syntax. See https://learn.microsoft.com/en-us/windows/win32/search/-search-3x-advancedquerysyntax for details.","platforms":["windows"],"columns":[{"name":"name","description":"The name of the item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The full path of the item.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The item size in bytes.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"date_created","description":"The unix timestamp of when the item was created.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"date_modified","description":"The unix timestamp of when the item was last modified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owner","description":"The owner of the item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The item type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"properties","description":"Additional property values JSON","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows search query","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"sort","description":"Sort for windows api","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"max_results","description":"Maximum number of results returned by windows api, set to -1 for unlimited","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"additional_properties","description":"Comma separated list of columns to include in properties JSON","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"windows_security_center","description":"The health status of Window Security features. Health values can be \"Good\", \"Poor\". \"Snoozed\", \"Not Monitored\", and \"Error\".","platforms":["windows"],"columns":[{"name":"firewall","description":"The health of the monitored Firewall (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"The health of the Windows Autoupdate feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antivirus","description":"The health of the monitored Antivirus solution (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antispyware","description":"Deprecated (always 'Good').","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"internet_settings","description":"The health of the Internet Settings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"windows_security_center_service","description":"The health of the Windows Security Center Service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account_control","description":"The health of the User Account Control (UAC) capability in Windows","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_security_products","description":"Enumeration of registered Windows security products. Note: Not compatible with Windows Server.","platforms":["windows"],"columns":[{"name":"type","description":"Type of security product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of protection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state_timestamp","description":"Timestamp for the product state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remediation_path","description":"Remediation path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signatures_up_to_date","description":"1 if product signatures are up to date, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_update_history","description":"Provides the history of the windows update events.","platforms":["windows"],"columns":[{"name":"client_app_id","description":"Identifier of the client application that processed an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Date and the time an update was applied","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hresult","description":"HRESULT value that is returned from the operation on an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result_code","description":"Result of an operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_selection","description":"Value that indicates which server provided an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_id","description":"Service identifier of an update service that is not a Windows update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"support_url","description":"Hyperlink to the language-specific support information for an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"title","description":"Title of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_id","description":"Revision-independent identifier of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_revision","description":"Revision number of an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_bios_info","description":"Lists important information from the system bios.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_cli_event_consumers","description":"WMI CommandLineEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique name of a consumer.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line_template","description":"Standard string template that specifies the process to be started. This property can be NULL, and the ExecutablePath property is used as the command line.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"executable_path","description":"Module to execute. The string can specify the full path and file name of the module to execute, or it can specify a partial name. If a partial name is specified, the current drive and current directory are assumed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_event_filters","description":"Lists WMI event filters.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier of an event filter.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows Management Instrumentation Query Language (WQL) event query that specifies the set of events for consumer notification, and the specific conditions for notification.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query_language","description":"Query language that the query is written in.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_filter_consumer_binding","description":"Lists the relationship between event consumers and filters.","platforms":["windows"],"columns":[{"name":"consumer","description":"Reference to an instance of __EventConsumer that represents the object path to a logical consumer, the recipient of an event.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filter","description":"Reference to an instance of __EventFilter that represents the object path to an event filter which is a query that specifies the type of event to be received.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_script_event_consumers","description":"WMI ActiveScriptEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier for the event consumer. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"scripting_engine","description":"Name of the scripting engine to use, for example, 'VBScript'. This property cannot be NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_file_name","description":"Name of the file from which the script text is read, intended as an alternative to specifying the text of the script in the ScriptText property.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"Text of the script that is expressed in a language known to the scripting engine. This property must be NULL if the ScriptFileName property is not NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_entries","description":"Database of the machine's XProtect signatures.","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"launch_type","description":"Launch services content type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identity","description":"XProtect identity (SHA1) of content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Use this file name to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filetype","description":"Use this file type to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional","description":"Match any of the identities/patterns for this XProtect name","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uses_pattern","description":"Uses a match pattern instead of identity","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_meta","description":"Database of the machine's XProtect browser-related signatures.","platforms":["darwin"],"columns":[{"name":"identifier","description":"Browser plugin or extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either plugin or extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Developer identity (SHA1) of extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_version","description":"The minimum allowed plugin version.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_reports","description":"Database of XProtect matches (if user generated/sent an XProtect report).","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_action","description":"Action taken by user after prompted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Quarantine alert time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"yara","description":"Triggers one-off YARA query for files at the specified path. Requires one of `sig_group`, `sigfile`, or `sigrule`.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sig_group","description":"Signature group used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigfile","description":"Signature file used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigrule","description":"Signature strings used","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigurl","description":"Signature url","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"yara_events","description":"Track YARA matches for files specified in configuration data.","platforms":["darwin","linux","windows"],"columns":[{"name":"target_path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of the scan","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ycloud_instance_metadata","description":"Yandex.Cloud instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"folder_id","description":"Folder identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cloud_id","description":"Cloud identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostname","description":"Hostname of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_port_enabled","description":"Indicates if serial port is enabled for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metadata_endpoint","description":"Endpoint used to fetch VM metadata","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"yum_sources","description":"Current list of Yum repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"baseurl","description":"Repository base URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mirrorlist","description":"Mirrorlist URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether the repository is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgcheck","description":"Whether packages are GPG checked","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgkey","description":"URL to GPG key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.7.0.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.7.0.json deleted file mode 100644 index 8649b18090b76b..00000000000000 --- a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.7.0.json +++ /dev/null @@ -1 +0,0 @@ -[{"name":"account_policy_data","description":"Additional macOS user account data from the AccountPolicy section of OpenDirectory.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the account was first created","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_count","description":"The number of failed login attempts using an incorrect password. Count resets after a correct password is entered.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_timestamp","description":"The time of the last failed login attempt. Resets after a correct password is entered","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"password_last_set_time","description":"The time the password was last changed","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"acpi_tables","description":"Firmware ACPI functional table common metadata and content.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"ACPI table name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of compiled table data","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ad_config","description":"macOS Active Directory configuration.","platforms":["darwin"],"columns":[{"name":"name","description":"The macOS-specific configuration name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain","description":"Active Directory trust domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"Canonical name of option","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Variable typed option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf","description":"macOS application layer firewall (ALF) service details.","platforms":["darwin"],"columns":[{"name":"allow_signed_enabled","description":"1 If allow signed mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"firewall_unload","description":"1 If firewall unloading enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"global_state","description":"1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_enabled","description":"1 If logging mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_option","description":"Firewall logging option","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stealth_enabled","description":"1 If stealth mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Application Layer Firewall version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_exceptions","description":"macOS application layer firewall (ALF) service exceptions.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to the executable that is excepted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Firewall exception state","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_explicit_auths","description":"ALF services explicitly allowed to perform networking.","platforms":["darwin"],"columns":[{"name":"process","description":"Process name explicitly allowed","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"app_schemes","description":"macOS application schemes and handlers (e.g., http, file, mailto).","platforms":["darwin"],"columns":[{"name":"scheme","description":"Name of the scheme/protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handler","description":"Application label for the handler","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this handler is the OS default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"external","description":"1 if this handler does NOT exist on macOS by default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protected","description":"1 if this handler is protected (reserved) by macOS, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_events","description":"Track AppArmor events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Raw audit message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"apparmor","description":"Apparmor Status like ALLOWED, DENIED etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Permission requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process PID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"Apparmor profile name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"denied_mask","description":"Denied permissions for the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"capname","description":"Capability requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ouid","description":"Object owner's user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"capability","description":"Capability number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"requested_mask","description":"Requested access mask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info","description":"Additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error","description":"Error information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"namespace","description":"AppArmor namespace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"AppArmor label","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_profiles","description":"Track active AppArmor profiles.","platforms":["linux"],"columns":[{"name":"path","description":"Unique, aa-status compatible, policy identifier.","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Policy name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attach","description":"Which executable(s) a profile will attach to.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"How the policy is applied.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"A unique hash that identifies this policy.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"appcompat_shims","description":"Application Compatibility shims are a way to persist malware. This table presents the AppCompat Shim information from the registry in a nice format. See http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf for more details.","platforms":["windows"],"columns":[{"name":"executable","description":"Name of the executable that is being shimmed. This is pulled from the registry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Install time of the SDB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdb_id","description":"Unique GUID of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apps","description":"macOS applications installed in known search paths (e.g., /Applications).","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the Name.app folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute and full Name.app path","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_executable","description":"Info properties CFBundleExecutable label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_identifier","description":"Info properties CFBundleIdentifier label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_name","description":"Info properties CFBundleName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_short_version","description":"Info properties CFBundleShortVersionString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"Info properties CFBundleVersion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_package_type","description":"Info properties CFBundlePackageType label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"environment","description":"Application-set environment variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"element","description":"Does the app identify as a background agent","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compiler","description":"Info properties DTCompiler label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Info properties CFBundleDevelopmentRegion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Info properties CFBundleDisplayName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_string","description":"Info properties CFBundleGetInfoString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_system_version","description":"Minimum version of macOS required for the app to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The UTI that categorizes the app for the App Store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"applescript_enabled","description":"Info properties NSAppleScriptEnabled label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"copyright","description":"Info properties NSHumanReadableCopyright label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"The time that the app was last used","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apt_sources","description":"Current list of APT repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_uri","description":"Repository base URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"Release name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Repository source version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Repository maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"components","description":"Repository components","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architectures","description":"Repository architectures","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"arp_cache","description":"Address resolution cache, both static and dynamic (from ARP, NDP).","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IPv4 address target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address of broadcasted address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Interface of the network for the MAC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permanent","description":"1 for true, 0 for false","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"asl","description":"Queries the Apple System Log data structure for system events.","platforms":["darwin"],"columns":[{"name":"time","description":"Unix timestamp. Set automatically","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_nano_sec","description":"Nanosecond time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Sender's address (set by the server).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"Sender's identification string. Default is process name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Sender's facility. Default is 'user'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Sending process ID encoded as a string. Set automatically.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"GID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"UID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Log level number. See levels in asl.h.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message text.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_pid","description":"Reference PID for messages proxied by launchd","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_proc","description":"Reference process for messages proxied by launchd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"atom_packages","description":"Lists all atom packages in a directory or globally installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package's package.json path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License for package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"augeas","description":"Configuration files parsed by augeas.","platforms":["darwin","linux"],"columns":[{"name":"node","description":"The node path of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"The value of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"The label of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path to the configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authenticode","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"original_program_name","description":"The original program name that the publisher has signed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_name","description":"The certificate issuer name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_name","description":"The certificate subject name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The signature check result","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorization_mechanisms","description":"macOS Authorization mechanisms database.","platforms":["darwin"],"columns":[{"name":"label","description":"Label of the authorization right","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"plugin","description":"Authorization plugin name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mechanism","description":"Name of the mechanism that will be called","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"If privileged it will run as root, else as an anonymous user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"entry","description":"The whole string entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorizations","description":"macOS Authorization rights database.","platforms":["darwin"],"columns":[{"name":"label","description":"Item name, usually in reverse domain format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"modified","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_root","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"timeout","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tries","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authenticate_user","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shared","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_owner","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorized_keys","description":"A line-delimited authorized_keys table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local owner of authorized_keys file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"algorithm","description":"Key type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key encoded as base64","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Optional list of login options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to the authorized_keys file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"autoexec","description":"Aggregate of executables that will automatically execute on the target machine. This is an amalgamation of other tables like services, scheduled_tasks, startup_items and more.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the executable","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source table of the autoexec item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_metadata","description":"Azure instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"location","description":"Azure Region the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offer","description":"Offer information for the VM image (Azure image gallery VMs only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Publisher of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"SKU for the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Linux or Windows","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_update_domain","description":"Update domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_fault_domain","description":"Fault domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"vm_size","description":"VM size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscription_id","description":"Azure subscription for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resource_group_name","description":"Resource group for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"placement_group_id","description":"Placement group for the VM scale set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_scale_set_name","description":"VM scale set name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_tags","description":"Azure instance tags.","platforms":["darwin","linux","windows"],"columns":[{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"The tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"background_activities_moderator","description":"Background Activities Moderator (BAM) tracks application execution.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"battery","description":"Provides information about the internal battery of a Macbook.","platforms":["darwin"],"columns":[{"name":"manufacturer","description":"The battery manufacturer's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacture_date","description":"The date the battery was manufactured UNIX Epoch","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The battery's model number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The battery's unique serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cycle_count","description":"The number of charge/discharge cycles","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"health","description":"One of the following: \"Good\" describes a well-performing battery, \"Fair\" describes a functional battery with limited capacity, or \"Poor\" describes a battery that's not capable of providing power","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"condition","description":"One of the following: \"Normal\" indicates the condition of the battery is within normal tolerances, \"Service Needed\" indicates that the battery should be checked out by a licensed Mac repair service, \"Permanent Failure\" indicates the battery needs replacement","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"One of the following: \"AC Power\" indicates the battery is connected to an external power source, \"Battery Power\" indicates that the battery is drawing internal power, \"Off Line\" indicates the battery is off-line or no longer connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"charging","description":"1 if the battery is currently being charged by a power source. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"charged","description":"1 if the battery is currently completely charged. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"designed_capacity","description":"The battery's designed capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"The battery's actual capacity when it is fully charged in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_capacity","description":"The battery's current charged capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_remaining","description":"The percentage of battery remaining before it is drained","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"amperage","description":"The battery's current amperage in mA","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"voltage","description":"The battery's current voltage in mV","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_until_empty","description":"The number of minutes until the battery is fully depleted. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_to_full_charge","description":"The number of minutes until the battery is fully charged. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bitlocker_info","description":"Retrieve bitlocker status of the machine.","platforms":["windows"],"columns":[{"name":"device_id","description":"ID of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"Drive letter of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent_volume_id","description":"Persistent ID of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"conversion_status","description":"The bitlocker conversion status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_status","description":"The bitlocker protection status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_method","description":"The encryption type of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The FVE metadata version of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percentage_encrypted","description":"The percentage of the drive that is encrypted.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lock_status","description":"The accessibility status of the drive from Windows.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"block_devices","description":"Block (buffered access) device file nodes: disks, ramdisks, and DMG containers.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Block device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Block device parent name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Block device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Block device model string identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Block device size in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Block device Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Block device type string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Block device label string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bpf_process_events","description":"Track time/action process executions.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"json_cmdline","description":"Command line arguments, in JSON format","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"bpf_socket_events","description":"Track network socket opens and closes.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The socket type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"browser_plugins","description":"All C/NPAPI browser plugin details for all users. C/NPAPI has been deprecated on all major browsers. To query for plugins on modern browsers, try: `chrome_extensions` `firefox_addons` `safari_extensions`.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Plugin display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Plugin identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Plugin short version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Build SDK used to compile plugin","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Plugin description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Plugin language-localization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"native","description":"Plugin requires native execution","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"disabled","description":"Is the plugin disabled. 1 = Disabled","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carbon_black_info","description":"Returns info about a Carbon Black sensor install.","platforms":["darwin","linux","windows"],"columns":[{"name":"sensor_id","description":"Sensor ID of the Carbon Black sensor","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"config_name","description":"Sensor group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_store_files","description":"If the sensor is configured to send back binaries to the Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_loads","description":"If the sensor is configured to capture module loads","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_info","description":"If the sensor is configured to collect metadata of binaries","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_file_mods","description":"If the sensor is configured to collect file modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_reg_mods","description":"If the sensor is configured to collect registry modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_net_conns","description":"If the sensor is configured to collect network connections","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_processes","description":"If the sensor is configured to process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_cross_processes","description":"If the sensor is configured to cross process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_emet_events","description":"If the sensor is configured to EMET events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_data_file_writes","description":"If the sensor is configured to collect non binary file writes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_process_user_context","description":"If the sensor is configured to collect the user running a process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_sensor_operations","description":"Unknown","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_mb","description":"Event file disk quota in MB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_percentage","description":"Event file disk quota in a percentage","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_disabled","description":"If the sensor is configured to report tamper events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_ip_addr","description":"IP address of the sensor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_backend_server","description":"Carbon Black server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_queue","description":"Size in bytes of Carbon Black event files on disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"binary_queue","description":"Size in bytes of binaries waiting to be sent to Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carves","description":"List the set of completed and in-progress carves. If carve=1 then the query is treated as a new carve request.","platforms":["darwin","linux","windows"],"columns":[{"name":"time","description":"Time at which the carve was kicked off","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"A SHA256 sum of the carved archive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the carved archive","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the requested carve","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve_guid","description":"Identifying value of the carve session","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"request_id","description":"Identifying value of the carve request (e.g., scheduled query name, distributed request, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve","description":"Set this value to '1' to start a file carve","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"certificates","description":"Certificate Authorities installed in Keychains/ca-bundles.","platforms":["darwin","linux","windows"],"columns":[{"name":"common_name","description":"Certificate CommonName","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject","description":"Certificate distinguished name (deprecated, use subject2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer","description":"Certificate issuer distinguished name (deprecated, use issuer2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ca","description":"1 if CA: true (certificate is an authority) else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"self_signed","description":"1 if self-signed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_before","description":"Lower bound of valid date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_after","description":"Certificate expiration data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_algorithm","description":"Signing algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_algorithm","description":"Key algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_strength","description":"Key size used for RSA/DSA, or curve name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Certificate key usage and extended key usage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_id","description":"SKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_id","description":"AKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the raw certificate contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Keychain or PEM bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"SID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_location","description":"Certificate system store location","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store","description":"Certificate system store","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"username","description":"Username","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_id","description":"Exists for service/user stores. Contains raw store id provided by WinAPI.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"issuer2","description":"Certificate issuer distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"subject2","description":"Certificate distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"chassis_info","description":"Display information pertaining to the chassis and its security status.","platforms":["windows"],"columns":[{"name":"audible_alarm","description":"If TRUE, the frame is equipped with an audible alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"breach_description","description":"If provided, gives a more detailed description of a detected security breach.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chassis_types","description":"A comma-separated list of chassis types, such as Desktop or Laptop.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"An extended description of the chassis if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"lock","description":"If TRUE, the frame is equipped with a lock.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_breach","description":"The physical status of the chassis such as Breach Successful, Breach Attempted, etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"smbios_tag","description":"The assigned asset tag number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"The Stock Keeping Unit number if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"If available, gives various operational or nonoperational statuses such as OK, Degraded, and Pred Fail.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible_alarm","description":"If TRUE, the frame is equipped with a visual alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chocolatey_packages","description":"Chocolatey packages installed in a system.","platforms":["windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this package resides","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extension_content_scripts","description":"Chrome browser extension content scripts.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script","description":"The content script used by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"The pattern that the script is matched against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extensions","description":"Chrome-based browser extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"The name of the Chrome profile that contains this extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced_identifier","description":"Extension identifier, as specified by the preferences file. Empty if the extension is not in the profile.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier, computed from its manifest. Empty in case of error.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Extension-optional description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_locale","description":"Default locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_locale","description":"Current locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent","description":"1 If extension is persistent across all tabs else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The permissions required by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions_json","description":"The JSON-encoded permissions required by the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"optional_permissions","description":"The permissions optionally required by the extensions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional_permissions_json","description":"The JSON-encoded permissions optionally required by the extensions","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"manifest_hash","description":"The SHA256 hash of the manifest.json file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"from_webstore","description":"True if this extension was installed from the web store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"1 if this extension is enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Extension install time, in its original Webkit format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_timestamp","description":"Extension install time, converted to unix time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manifest_json","description":"The manifest file of the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"key","description":"The extension key, from the manifest file","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"connectivity","description":"Provides the overall system's network state.","platforms":["windows"],"columns":[{"name":"disconnected","description":"True if the all interfaces are not connected to any network","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_no_traffic","description":"True if any interface is connected via IPv4, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_no_traffic","description":"True if any interface is connected via IPv6, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_subnet","description":"True if any interface is connected to the local subnet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_local_network","description":"True if any interface is connected to a routed network via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_internet","description":"True if any interface is connected to the Internet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_subnet","description":"True if any interface is connected to the local subnet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_local_network","description":"True if any interface is connected to a routed network via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_internet","description":"True if any interface is connected to the Internet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpu_info","description":"Retrieve cpu hardware info of the machine.","platforms":["linux","windows"],"columns":[{"name":"device_id","description":"The DeviceID of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"processor_type","description":"The processor type, such as Central, Math, or Video.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_status","description":"The current operating status of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"number_of_cores","description":"The number of cores of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logical_processors","description":"The number of logical processors of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address_width","description":"The width of the CPU address bus.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_clock_speed","description":"The current frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_clock_speed","description":"The maximum possible frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket_designation","description":"The assigned socket on the board for the given CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability","description":"The availability and status of the CPU.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"cpu_time","description":"Displays information from /proc/stat file about the time the cpu cores spent in different parts of the system.","platforms":["darwin","linux"],"columns":[{"name":"core","description":"Name of the cpu (core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Time spent in user mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Time spent in user mode with low priority (nice)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system","description":"Time spent in system mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idle","description":"Time spent in the idle task","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"iowait","description":"Time spent waiting for I/O to complete","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"irq","description":"Time spent servicing interrupts","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"softirq","description":"Time spent servicing softirqs","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"steal","description":"Time spent in other operating systems when running in a virtualized environment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest","description":"Time spent running a virtual CPU for a guest OS under the control of the Linux kernel","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest_nice","description":"Time spent running a niced guest ","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpuid","description":"Useful CPU features from the cpuid ASM call.","platforms":["darwin","linux","windows"],"columns":[{"name":"feature","description":"Present feature flags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Bit value or string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_register","description":"Register used to for feature value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_bit","description":"Bit in register value for feature value","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"input_eax","description":"Value of EAX used","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crashes","description":"Application, System, and Mobile App crash logs.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Identifier of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent PID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"responsible","description":"Process responsible for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the crashed process","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"datetime","description":"Date/Time at which the crash occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crashed_thread","description":"Thread ID which crashed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Most recent frame from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_type","description":"Exception type of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_codes","description":"Exception codes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_notes","description":"Exception notes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The value of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crontab","description":"Line parsed values from system and user cron/tab.","platforms":["darwin","linux"],"columns":[{"name":"event","description":"The job @event name (rare)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minute","description":"The exact minute for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"The hour of the day for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_month","description":"The day of the month for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"The month of the year for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_week","description":"The day of the week for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Raw command string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File parsed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"cups_destinations","description":"Returns all configured printers.","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the printer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_name","description":"Option name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_value","description":"Option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cups_jobs","description":"Returns all completed print jobs from cups.","platforms":["darwin"],"columns":[{"name":"title","description":"Title of the printed job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"The printer the job was sent to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The user who printed the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"format","description":"The format of the print job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the print job","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"completed_time","description":"When the job completed printing","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processing_time","description":"How long the job took to process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the print request was initiated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl","description":"Perform an http request and return stats about it.","platforms":["darwin","linux","windows"],"columns":[{"name":"url","description":"The url for the request","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"method","description":"The HTTP method for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_agent","description":"The user-agent string to use for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"response_code","description":"The HTTP status code for the response","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"round_trip_time","description":"Time taken to complete the request","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of bytes in the response","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The HTTP response body","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl_certificate","description":"Inspect TLS certificates by connecting to input hostnames.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Hostname to CURL (domain[:port], e.g. osquery.io)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"common_name","description":"Common name of company issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization","description":"Organization issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization_unit","description":"Organization unit issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_common_name","description":"Issuer common name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization","description":"Issuer organization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization_unit","description":"Issuer organization unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_from","description":"Period of validity start date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_to","description":"Period of validity end date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256_fingerprint","description":"SHA-256 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1_fingerprint","description":"SHA1 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version Number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"signature_algorithm","description":"Signature Algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signature","description":"Signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_identifier","description":"Subject Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_identifier","description":"Authority Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extended_key_usage","description":"Extended usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policies","description":"Certificate Policies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_alternative_names","description":"Subject Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_alternative_names","description":"Issuer Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_access","description":"Authority Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_info_access","description":"Subject Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_mappings","description":"Policy Mappings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"has_expired","description":"1 if the certificate has expired, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"basic_constraint","description":"Basic Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name_constraints","description":"Name Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_constraints","description":"Policy Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dump_certificate","description":"Set this value to '1' to dump certificate","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"timeout","description":"Set this value to the timeout in seconds to complete the TLS handshake (default 4s, use 0 for no timeout)","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"pem","description":"Certificate PEM format","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"deb_packages","description":"The installed DEB package database.","platforms":["linux"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Package source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Package architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Package revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Package status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Package maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"section","description":"Package section","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"priority","description":"Package priority","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"admindir","description":"libdpkg admindir. Defaults to /var/lib/dpkg","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"default_environment","description":"Default environment variables and values.","platforms":["windows"],"columns":[{"name":"variable","description":"Name of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expand","description":"1 if the variable needs expanding, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_file","description":"Similar to the file table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"A logical path within the device node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Creation time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_firmware","description":"A best-effort list of discovered firmware versions.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"The device name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Firmware version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_hash","description":"Similar to the hash table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_partitions","description":"Use TSK to enumerate details about partitions on a disk device.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number or description","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Byte size of each block","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Number of blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Number of meta nodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"disk_encryption","description":"Disk encryption status and information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Disk name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"uuid","description":"Disk Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encrypted","description":"1 If encrypted: true (disk is encrypted), else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Description of cipher type and mode if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_status","description":"Disk encryption status with one of following values: encrypted | not encrypted | undefined","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Currently authenticated user if available","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"user_uuid","description":"UUID of authenticated user if available","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"filevault_status","description":"FileVault status with one of following values: on | off | unknown","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"disk_events","description":"Track DMG disk image events (appearance/disappearance) when opened.","platforms":["darwin"],"columns":[{"name":"action","description":"Appear or disappear","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the DMG file accessed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Disk event name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Disk event BSD name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"UUID of the volume inside DMG if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of partition in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ejectable","description":"1 if ejectable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mountable","description":"1 if mountable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"writable","description":"1 if writable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content","description":"Disk event content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"media_name","description":"Disk event media name string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Disk event vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filesystem","description":"Filesystem if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"checksum","description":"UDIF Master checksum if available (CRC32)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of appearance/disappearance in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"disk_info","description":"Retrieve basic information about the physical disks of a system.","platforms":["windows"],"columns":[{"name":"partitions","description":"Number of detected partitions on disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_index","description":"Physical drive number of the disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The interface type of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pnp_device_id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_size","description":"Size of the disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hard drive model.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"The label of the disk object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The OS's description of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_cache","description":"Enumerate the DNS cache using the undocumented DnsGetCacheDataTable function in dnsapi.dll.","platforms":["windows"],"columns":[{"name":"name","description":"DNS record name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"DNS record type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"DNS record flags","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_resolvers","description":"Resolvers used by this host.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Address type index or order","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Address type: sortlist, nameserver, search","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Resolver IP/IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Address (sortlist) netmask length","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Resolver options","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_container_envs","description":"Docker container environment variables.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_fs_changes","description":"Changes to files or directories on container's filesystem.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"FIle or directory path relative to rootfs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"change_type","description":"Type of change: C:Modified, A:Added, D:Deleted","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_labels","description":"Docker container labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_mounts","description":"Docker container mounts.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Type of mount (bind, volume)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Optional mount name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source path on host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"Destination path inside container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver providing the mount","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Mount options (rw, ro)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rw","description":"1 if read/write. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"propagation","description":"Mount propagation","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_networks","description":"Docker container networks.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"network_id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"endpoint_id","description":"Endpoint ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_address","description":"IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_prefix_len","description":"IP subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_gateway","description":"IPv6 gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_prefix_len","description":"IPv6 subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mac_address","description":"MAC address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_ports","description":"Docker container ports.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Protocol (tcp, udp)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Port inside the container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host_ip","description":"Host IP address on which public port is listening","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host_port","description":"Host port","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_processes","description":"Docker container processes.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start in seconds since boot (non-sleeping)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Cumulative CPU time. [DD-]HH:MM:SS format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu","description":"CPU utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mem","description":"Memory utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_stats","description":"Docker container statistics. Queries on this table take at least one second.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pids","description":"Number of processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"read","description":"UNIX time when stats were read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"preread","description":"UNIX time when stats were last read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"Difference between read and preread in nano-seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_read","description":"Total disk read bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_write","description":"Total disk write bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"num_procs","description":"Number of processors","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_total_usage","description":"Total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_kernelmode_usage","description":"CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_usermode_usage","description":"CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_cpu_usage","description":"CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"online_cpus","description":"Online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_total_usage","description":"Last read total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_kernelmode_usage","description":"Last read CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_usermode_usage","description":"Last read CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_system_cpu_usage","description":"Last read CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_online_cpus","description":"Last read online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_usage","description":"Memory usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_max_usage","description":"Memory maximum usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"Memory limit","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_rx_bytes","description":"Total network bytes read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_tx_bytes","description":"Total network bytes transmitted","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_containers","description":"Docker containers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"image","description":"Docker image (name) used to launch this container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image_id","description":"Docker image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Command with arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Container state (created, restarting, running, removing, paused, exited, dead)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Container status information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Identifier of the initial process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Container path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_entrypoint","description":"Container entrypoint(s)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"started_at","description":"Container start time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"finished_at","description":"Container finish time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"Is the container privileged","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"security_options","description":"List of container security options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_variables","description":"Container environmental variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly_rootfs","description":"Is the root filesystem mounted as read only","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_namespace","description":"cgroup namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"ipc_namespace","description":"IPC namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mnt_namespace","description":"Mount namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"net_namespace","description":"Network namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"pid_namespace","description":"PID namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"user_namespace","description":"User namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"uts_namespace","description":"UTS namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_image_history","description":"Docker image history information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of instruction in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_by","description":"Created by instruction","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Instruction comment","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_labels","description":"Docker image labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_layers","description":"Docker image layers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"layer_id","description":"Layer ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"layer_order","description":"Layer Order (1 = base layer)","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_images","description":"Docker images information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size_bytes","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of repository tags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_info","description":"Docker system information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Docker system ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"containers","description":"Total number of containers","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_running","description":"Number of containers currently running","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_paused","description":"Number of containers in paused state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_stopped","description":"Number of containers in stopped state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"images","description":"Number of images","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"storage_driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"1 if memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_limit","description":"1 if swap limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_memory","description":"1 if kernel memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_period","description":"1 if CPU Completely Fair Scheduler (CFS) period support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_quota","description":"1 if CPU Completely Fair Scheduler (CFS) quota support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_shares","description":"1 if CPU share weighting support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_set","description":"1 if CPU set selection support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_forwarding","description":"1 if IPv4 forwarding is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_iptables","description":"1 if bridge netfilter iptables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_ip6tables","description":"1 if bridge netfilter ip6tables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"oom_kill_disable","description":"1 if Out-of-memory kill is disabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_driver","description":"Logging driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_driver","description":"Control groups driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Operating system type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpus","description":"Number of CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory","description":"Total memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"http_proxy","description":"HTTP proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"https_proxy","description":"HTTPS proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"no_proxy","description":"Comma-separated list of domain extensions proxy should not be used for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the docker host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_version","description":"Server version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_dir","description":"Docker root directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_network_labels","description":"Docker network labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_networks","description":"Docker networks information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Network driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_ipv6","description":"1 if IPv6 is enabled on this network. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"subnet","description":"Network subnet","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Network gateway","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_version","description":"Docker version information.","platforms":["darwin","linux"],"columns":[{"name":"version","description":"Docker version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"api_version","description":"API version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_api_version","description":"Minimum API version supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"git_commit","description":"Docker build git commit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"go_version","description":"Go version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Build time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volume_labels","description":"Docker volume labels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volumes","description":"Docker volumes information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"driver","description":"Volume driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mount_point","description":"Mount point","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Volume type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"drivers","description":"Details for in-use Windows device drivers. This does not display installed but unused drivers.","platforms":["windows"],"columns":[{"name":"device_id","description":"Device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_name","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image","description":"Path to driver image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Driver description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"Driver service name, if one exists","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_key","description":"Driver service registry key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Driver version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inf","description":"Associated inf file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Device/driver class name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider","description":"Driver provider","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Device manufacturer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_key","description":"Driver key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Driver date","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"Whether the driver is signed or not","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_metadata","description":"EC2 instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_type","description":"EC2 instance type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"region","description":"AWS region in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability_zone","description":"Availability zone in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Private IPv4 DNS hostname of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ipv4","description":"Private IPv4 address of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address for the first network interface of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_groups","description":"Comma separated list of security group names","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iam_arn","description":"If there is an IAM role associated with the instance, contains instance profile ARN","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ami_id","description":"AMI ID used to launch this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reservation_id","description":"ID of the reservation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account_id","description":"AWS account ID which owns this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_tags","description":"EC2 instance tag key value pairs.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_events","description":"Process execution events from EndpointSecurity.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"original_parent","description":"Original parent process ID in case of reparenting","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_count","description":"Number of command line arguments","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_id","description":"Signature identifier of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_id","description":"Team identifier of thd process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Codesigning hash of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_binary","description":"Indicates if the binary is Apple signed binary (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of a process in case of an exit event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"child_pid","description":"Process ID of a child process in case of a fork event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"codesigning_flags","description":"Codesigning flags matching one of these options, in a comma separated list: NOT_VALID, ADHOC, NOT_RUNTIME, INSTALLER. See kern/cs_blobs.h in XNU for descriptions.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_file_events","description":"Process execution events from EndpointSecurity.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"The source or target filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_filename","description":"Destination filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"etc_hosts","description":"Line-parsed /etc/hosts.","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IP address mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostnames","description":"Raw hosts mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"etc_protocols","description":"Line-parsed /etc/protocols.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Protocol name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"Protocol number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"alias","description":"Protocol alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Comment with protocol description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"etc_services","description":"Line-parsed /etc/services.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Service port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Optional space separated list of other names for a service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment for a service.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"event_taps","description":"Returns information about installed event taps.","platforms":["darwin"],"columns":[{"name":"enabled","description":"Is the Event Tap enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tap_id","description":"Unique ID for the Tap","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tapped","description":"The mask that identifies the set of events to be observed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_being_tapped","description":"The process ID of the target application","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tapping_process","description":"The process ID of the application that created the event tap.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"extended_attributes","description":"Returns the extended attributes for files (similar to Windows ADS).","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the value generated from the extended attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The parsed information from the attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base64","description":"1 if the value is base64 encoded else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"fan_speed_sensors","description":"Fan speeds.","platforms":["darwin"],"columns":[{"name":"fan","description":"Fan number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Fan name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"actual","description":"Actual speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target speed","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"file","description":"Interactive filesystem attributes and metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Device ID (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"(B)irth or (cr)eate time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"symlink","description":"1 if the path is a symlink, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attributes","description":"File attrib string. See: https://ss64.com/nt/attrib.html","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"volume_serial","description":"Volume serial number","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_id","description":"file ID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_version","description":"File version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"product_version","description":"File product version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"original_filename","description":"(Executable files only) Original filename","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"bsd_flags","description":"The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"file_events","description":"Track time/action changes to files specified in configuration data.","platforms":["darwin","linux"],"columns":[{"name":"target_path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file defined in the config","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"The MD5 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"The SHA1 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"The SHA256 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hashed","description":"1 if the file was hashed, 0 if not, -1 if hashing failed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"firefox_addons","description":"Firefox browser extensions, webapps, and addons.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the addon","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Addon display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Addon identifier","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"creator","description":"Addon-supported creator string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Extension, addon, webapp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Addon-supplied version string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Addon-supplied description string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_url","description":"URL that installed the addon","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible","description":"1 If the addon is shown in browser else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If the addon is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 If the addon is application-disabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"1 If the addon applies background updates else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Global, profile location","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper","description":"macOS Gatekeeper Details.","platforms":["darwin"],"columns":[{"name":"assessments_enabled","description":"1 If a Gatekeeper is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"dev_id_enabled","description":"1 If a Gatekeeper allows execution from identified developers else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of Gatekeeper's gke.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"opaque_version","description":"Version of Gatekeeper's gkopaque.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper_approved_apps","description":"Gatekeeper apps a user has allowed to run.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of executable allowed to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"requirement","description":"Code signing requirement language","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last change time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"hardware_events","description":"Hardware (PCI/USB/HID) events from UDEV or IOKit.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"Remove, insert, change properties, etc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local device path assigned (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of hardware and hardware event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver claiming the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Hardware device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded Hardware vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Hardware device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded Hardware model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Device serial (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Device revision (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of hardware event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hash","description":"Filesystem hash data.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"homebrew_packages","description":"The installed homebrew package database.","platforms":["darwin"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package install path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Current 'linked' version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"prefix","description":"Homebrew install prefix","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hvci_status","description":"Retrieve HVCI info of the machine.","platforms":["windows"],"columns":[{"name":"version","description":"The version number of the Device Guard build.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_identifier","description":"The instance ID of Device Guard.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vbs_status","description":"The status of the virtualization based security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code_integrity_policy_enforcement_status","description":"The status of the code integrity policy enforcement settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"umci_policy_status","description":"The status of the User Mode Code Integrity security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ibridge_info","description":"Information about the Apple iBridge hardware controller.","platforms":["darwin"],"columns":[{"name":"boot_uuid","description":"Boot UUID of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"coprocessor_version","description":"The manufacturer and chip version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_version","description":"The build version of the firmware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unique_chip_id","description":"Unique id of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ie_extensions","description":"Internet Explorer browser extensions.","platforms":["windows"],"columns":[{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registry_path","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executable","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"intel_me_info","description":"Intel ME/CSE Info.","platforms":["linux","windows"],"columns":[{"name":"version","description":"Intel ME version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"interface_addresses","description":"Network interfaces and relevant metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"Interface netmask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"broadcast","description":"Broadcast address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"point_to_point","description":"PtP address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of address. One of dhcp, manual, auto, other, unknown","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_details","description":"Detailed information and stats of network interfaces.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC of interface (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Interface type (includes virtual)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Network MTU","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Metric based on the speed of the interface","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags (netdevice) for the device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipackets","description":"Input packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"opackets","description":"Output packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ibytes","description":"Input bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"obytes","description":"Output bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ierrors","description":"Input errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"oerrors","description":"Output errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idrops","description":"Input drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"odrops","description":"Output drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"collisions","description":"Packet Collisions detected","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Time of last device modification (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"link_speed","description":"Interface speed in Mb/s","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"pci_slot","description":"PCI slot number","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"description","description":"Short description of the object a one-line string.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"manufacturer","description":"Name of the network adapter's manufacturer.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_id","description":"Name of the network connection as it appears in the Network Connections Control Panel program.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_status","description":"State of the network adapter connection to the network.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"enabled","description":"Indicates whether the adapter is enabled or not.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"physical_adapter","description":"Indicates whether the adapter is a physical or a logical adapter.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"speed","description":"Estimate of the current bandwidth in bits per second.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"service","description":"The name of the service the network adapter uses.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_enabled","description":"If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_expires","description":"Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_obtained","description":"Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_server","description":"IP address of the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain","description":"Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain_suffix_search_order","description":"Array of DNS domain suffixes to be appended to the end of host names during name resolution.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_host_name","description":"Host name used to identify the local computer for authentication by some utilities.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_server_search_order","description":"Array of server IP addresses to be used in querying for DNS servers.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_ipv6","description":"IPv6 configuration and stats of network interfaces.","platforms":["darwin","linux"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hop_limit","description":"Current Hop Limit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"forwarding_enabled","description":"Enable IP forwarding","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"redirect_accept","description":"Accept ICMP redirect messages","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"rtadv_accept","description":"Accept ICMP Router Advertisement","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_devicetree","description":"The IOKit registry matching the DeviceTree plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Device node name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent device registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device_path","description":"Device tree path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"1 if the device conforms to IOService else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the device is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The device reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Device nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_registry","description":"The full IOKit registry without selecting a plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Default name of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the node is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The node reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Node nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iptables","description":"Linux IP packet filtering and NAT tool.","platforms":["linux"],"columns":[{"name":"filter_name","description":"Packet matching filter table name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chain","description":"Size of module content.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy","description":"Policy that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Protocol number identification.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"src_port","description":"Protocol source port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_port","description":"Protocol destination port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_ip","description":"Source IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_mask","description":"Source IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface","description":"Input interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface_mask","description":"Input interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_ip","description":"Destination IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_mask","description":"Destination IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface","description":"Output interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface_mask","description":"Output interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"Matching rule that applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"packets","description":"Number of matching packets for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of matching bytes for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_extensions","description":"macOS's kernel extensions, both loaded and within the load search path.","platforms":["darwin"],"columns":[{"name":"idx","description":"Extension load tag or index","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refs","description":"Reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Bytes of wired memory used by extension","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"linked_against","description":"Indexes of extensions this extension is linked against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Optional path to extension bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_info","description":"Basic active kernel information.","platforms":["darwin","linux","windows"],"columns":[{"name":"version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arguments","description":"Kernel arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Kernel path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Kernel device identifier","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_modules","description":"Linux kernel modules both loaded and within the load search path.","platforms":["linux"],"columns":[{"name":"name","description":"Module name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of module content","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"Module reverse dependencies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Kernel module status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Kernel module address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_panics","description":"System kernel panic logs.","platforms":["darwin"],"columns":[{"name":"path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Formatted time of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"A space delimited line of register:value pairs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"frame_backtrace","description":"Backtrace of the crashed module","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_backtrace","description":"Modules appearing in the crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dependencies","description":"Module dependencies existing in crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name corresponding to crashed thread","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_version","description":"Version of the operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Version of the system kernel","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"system_model","description":"Physical system model, for example 'MacBookPro12,1 (Mac-E43C1C25D4880AD6)'","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"System uptime at kernel panic in nanoseconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_loaded","description":"Last loaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_unloaded","description":"Last unloaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_acls","description":"Applications that have ACL entries in the keychain.","platforms":["darwin"],"columns":[{"name":"keychain_path","description":"The path of the keychain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authorizations","description":"A space delimited set of authorization attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the authorized application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The description included with the ACL entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"An optional label tag that may be included with the keychain entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_items","description":"Generic details about keychain items.","platforms":["darwin"],"columns":[{"name":"label","description":"Generic item name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional item description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional keychain comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account","description":"Optional item account","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Date item was created","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified","description":"Date of last modification","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Keychain item type (class)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to keychain containing item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"known_hosts","description":"A line-delimited known_hosts table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local user that owns the known_hosts file","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"parsed authorized keys line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to known_hosts file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kva_speculative_info","description":"Display kernel virtual address and speculative execution information for the system.","platforms":["windows"],"columns":[{"name":"kva_shadow_enabled","description":"Kernel Virtual Address shadowing is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_user_global","description":"User pages are marked as global.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_pcid","description":"Kernel VA PCID flushing optimization is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_inv_pcid","description":"Kernel VA INVPCID is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_mitigations","description":"Branch Prediction mitigations are enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_system_pol_disabled","description":"Branch Predictions are disabled via system policy.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_microcode_disabled","description":"Branch Predictions are disabled due to lack of microcode update.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_spec_ctrl_supported","description":"SPEC_CTRL MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ibrs_support_enabled","description":"Windows uses IBRS.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stibp_support_enabled","description":"Windows uses STIBP.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_pred_cmd_supported","description":"PRED_CMD MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"last","description":"System logins and logouts.","platforms":["darwin","linux"],"columns":[{"name":"username","description":"Entry username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Entry terminal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Entry type, according to ut_type types (utmp.h)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Entry type name, according to ut_type types (utmp.h)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Entry hostname","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd","description":"LaunchAgents and LaunchDaemons from default search paths.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"File name of plist (used by launchd)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program","description":"Path to target program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_at_load","description":"Should the program run on launch load","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keep_alive","description":"Should the process be restarted if killed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"on_demand","description":"Deprecated key, replaced by keep_alive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"Skip loading this daemon or agent on boot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Run this daemon or agent as this username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Run this daemon or agent as this group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stdout_path","description":"Pipe stdout to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stderr_path","description":"Pipe stderr to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_interval","description":"Frequency to run in seconds","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program_arguments","description":"Command line arguments passed to program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"watch_paths","description":"Key that launches daemon or agent if path is modified","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"queue_directories","description":"Similar to watch_paths but only with non-empty directories","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inetd_compatibility","description":"Run this daemon or agent as it was launched from inetd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_on_mount","description":"Run daemon or agent every time a filesystem is mounted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_directory","description":"Key used to specify a directory to chroot to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"working_directory","description":"Key used to specify a directory to chdir to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_type","description":"Key describes the intended purpose of the job","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd_overrides","description":"Override keys, per user, for LaunchDaemons and Agents.","platforms":["darwin"],"columns":[{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Name of the override key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Overridden value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID applied to the override, 0 applies to all","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"listening_ports","description":"Processes with listening (bound) network sockets/ports.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Transport layer port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for bind","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path for UNIX domain sockets","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"load_average","description":"Displays information about the system wide load averages.","platforms":["darwin","linux"],"columns":[{"name":"period","description":"Period over which the average is calculated.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"average","description":"Load average over the specified period.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"location_services","description":"Reports the status of the Location Services feature of the OS.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 if Location Services are enabled, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logged_in_users","description":"Users with an active shell on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"type","description":"Login type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User login name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Remote hostname","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time entry was made","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"The user's unique security identifier","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"registry_hive","description":"HKEY_USERS registry hive","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"logical_drives","description":"Details for logical drives on the system. A logical drive generally represents a single partition.","platforms":["windows"],"columns":[{"name":"device_id","description":"The drive id, usually the drive name, e.g., 'C:'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Deprecated (always 'Unknown').","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The canonical description of the drive, e.g. 'Logical Fixed Disk', 'CD-ROM Disk'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"free_space","description":"The amount of free space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The total amount of space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_system","description":"The file system of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"boot_partition","description":"True if Windows booted from this drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logon_sessions","description":"Windows Logon Session.","platforms":["windows"],"columns":[{"name":"logon_id","description":"A locally unique identifier (LUID) that identifies a logon session.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The account name of the security principal that owns the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_domain","description":"The name of the domain used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authentication_package","description":"The authentication package used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_type","description":"The logon method.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_id","description":"The Terminal Services session identifier.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_sid","description":"The user's security identifier (SID).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_time","description":"The time the session owner logged on.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_server","description":"The name of the server used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_domain_name","description":"The DNS name for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"upn","description":"The user principal name (UPN) for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_script","description":"The script used for logging on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory_drive","description":"The drive location of the home directory of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_certificates","description":"LXD certificates information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fingerprint","description":"SHA256 hash of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"certificate","description":"Certificate content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster","description":"LXD cluster information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether clustering enabled (1) or not (0) on this node","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_entity","description":"Type of configuration parameter for this node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_name","description":"Name of configuration parameter","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_key","description":"Config key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_value","description":"Config value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_description","description":"Config description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster_members","description":"LXD cluster members information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"url","description":"URL of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"database","description":"Whether the server is a database node (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_images","description":"LXD images information.","platforms":["linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"architecture","description":"Target architecture for the image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"OS on which image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"OS release version on which the image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Image description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Comma-separated list of image aliases","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Filename of the image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_update","description":"Whether the image auto-updates (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"Whether image is cached (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"public","description":"Whether image is public (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of image creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expires_at","description":"ISO time of image expiration","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uploaded_at","description":"ISO time of image upload","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_used_at","description":"ISO time for the most recent use of this image in terms of container spawn","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_server","description":"Server for image update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_protocol","description":"Protocol used for image information update and image import from source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_certificate","description":"Certificate for update source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_alias","description":"Alias of image at update source server","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_config","description":"LXD instance configuration information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"key","description":"Configuration parameter name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Configuration parameter value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_devices","description":"LXD instance devices information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"device","description":"Name of the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_type","description":"Device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Device info param name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Device info param value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instances","description":"LXD instances information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"status","description":"Instance state (running, stopped, etc.)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stateful","description":"Whether the instance is stateful(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ephemeral","description":"Whether the instance is ephemeral(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_image","description":"ID of image used to launch this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Instance architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"The OS of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Instance description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Instance's process ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processes","description":"Number of processes running inside this instance","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_networks","description":"LXD network information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"managed","description":"1 if network created by LXD, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_address","description":"IPv4 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"URLs for containers using this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_received","description":"Number of bytes received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_sent","description":"Number of bytes sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_received","description":"Number of packets received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_sent","description":"Number of packets sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hwaddr","description":"Hardware address for this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Network status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"MTU size","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_storage_pools","description":"LXD storage pool information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Storage pool source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"space_used","description":"Storage space used in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"space_total","description":"Total available storage space in bytes for this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_used","description":"Number of inodes used","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_total","description":"Total number of inodes available in this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"magic","description":"Magic number recognition library table.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute path to target file","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"magic_db_files","description":"Colon(:) separated list of files where the magic db file can be found. By default one of the following is used: /usr/share/file/magic/magic, /usr/share/misc/magic or /usr/share/misc/magic.mgc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Magic number data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_type","description":"MIME type data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_encoding","description":"MIME encoding data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"managed_policies","description":"The managed configuration policies from AD, MDM, MCX, etc.","platforms":["darwin"],"columns":[{"name":"domain","description":"System or manager-chosen domain key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Optional UUID assigned to policy set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Policy key name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Policy value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Policy applies only this user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manual","description":"1 if policy was loaded manually, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_devices","description":"Software RAID array settings.","platforms":["linux"],"columns":[{"name":"device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Current state of the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_level","description":"Current raid level of the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"size of the array in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"chunk_size","description":"chunk size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_disks","description":"Number of configured RAID disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nr_raid_disks","description":"Number of partitions or disk devices to comprise the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"working_disks","description":"Number of working disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active_disks","description":"Number of active disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_disks","description":"Number of failed disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"spare_disks","description":"Number of idle disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_state","description":"State of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_version","description":"Version of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_update_time","description":"Unix timestamp of last update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_on_mem","description":"Pages allocated in in-memory bitmap, if enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_chunk_size","description":"Bitmap chunk size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_external_file","description":"External referenced bitmap file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_progress","description":"Progress of the recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_finish","description":"Estimated duration of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_speed","description":"Speed of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_progress","description":"Progress of the resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_finish","description":"Estimated duration of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_speed","description":"Speed of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_progress","description":"Progress of the reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_finish","description":"Estimated duration of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_speed","description":"Speed of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_progress","description":"Progress of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_finish","description":"Estimated duration of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_speed","description":"Speed of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unused_devices","description":"Unused devices","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"other","description":"Other information associated with array from /proc/mdstat","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_drives","description":"Drive devices used for Software RAID.","platforms":["linux"],"columns":[{"name":"md_device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_name","description":"Drive device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"Slot position of disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the drive","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_personalities","description":"Software RAID setting supported by the kernel.","platforms":["linux"],"columns":[{"name":"name","description":"Name of personality supported by kernel","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mdfind","description":"Run searches against the spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file returned from spotlight","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The query that was run to find the file","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"mdls","description":"Query file metadata in the Spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value stored in the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valuetype","description":"CoreFoundation type of data stored in value","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"memory_array_mapped_addresses","description":"Data associated for address mapping of physical memory arrays.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_handle","description":"Handle of the memory array associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_width","description":"Number of memory devices that form a single row of memory for the address partition of this structure","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_arrays","description":"Data associated with collection of memory devices that operate to form a memory address.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Physical location of the memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"Function for which the array is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_correction","description":"Primary hardware error correction or detection method supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"Maximum capacity of array in gigabytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_info_handle","description":"Handle, or instance number, associated with any error that was detected for the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number_memory_devices","description":"Number of memory devices on array","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_device_mapped_addresses","description":"Data associated for address mapping of physical memory devices.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_device_handle","description":"Handle of the memory device structure associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_mapped_address_handle","description":"Handle of the memory array mapped address to which this device range is mapped to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_row_position","description":"Identifies the position of the referenced memory device in a row of the address partition","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_position","description":"The position of the device in a interleave, i.e. 0 indicates non-interleave, 1 indicates 1st interleave, 2 indicates 2nd interleave, etc.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_data_depth","description":"The max number of consecutive rows from memory device that are accessed in a single interleave transfer; 0 indicates device is non-interleave","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_devices","description":"Physical memory device (type 17) information retrieved from SMBIOS.","platforms":["darwin","linux","windows"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure in SMBIOS","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"array_handle","description":"The memory array that the device is attached to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"form_factor","description":"Implementation form factor for this memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"total_width","description":"Total width, in bits, of this memory device, including any check or error-correction bits","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"data_width","description":"Data width, in bits, of this memory device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of memory device in Megabyte","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"set","description":"Identifies if memory device is one of a set of devices. A value of 0 indicates no set affiliation.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"device_locator","description":"String number of the string that identifies the physically-labeled socket or board position where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bank_locator","description":"String number of the string that identifies the physically-labeled bank where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type","description":"Type of memory used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type_details","description":"Additional details for memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_speed","description":"Max speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_clock_speed","description":"Configured speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Manufacturer ID string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"asset_tag","description":"Manufacturer specific asset tag of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"part_number","description":"Manufacturer specific serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_voltage","description":"Minimum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_voltage","description":"Maximum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_voltage","description":"Configured operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_error_info","description":"Data associated with errors of a physical memory array.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_type","description":"type of error associated with current error status for array or device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_granularity","description":"Granularity to which the error can be resolved","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_operation","description":"Memory access operation that caused the error","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_syndrome","description":"Vendor specific ECC syndrome or CRC data associated with the erroneous access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_error_address","description":"32 bit physical address of the error based on the addressing of the bus to which the memory array is connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_error_address","description":"32 bit physical address of the error relative to the start of the failing memory address, in bytes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_resolution","description":"Range, in bytes, within which this error can be determined, when an error address is given","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_info","description":"Main memory information in bytes.","platforms":["linux"],"columns":[{"name":"memory_total","description":"Total amount of physical RAM, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_free","description":"The amount of physical RAM, in bytes, left unused by the system","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_available","description":"The amount of physical RAM, in bytes, available for starting new applications, without swapping","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"buffers","description":"The amount of physical RAM, in bytes, used for file buffers","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"The amount of physical RAM, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_cached","description":"The amount of swap, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"The total amount of buffer or page cache memory, in bytes, that is in active use","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"The total amount of buffer or page cache memory, in bytes, that are free and available","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_total","description":"The total amount of swap available, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_free","description":"The total amount of swap free, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_map","description":"OS memory region map.","platforms":["linux"],"columns":[{"name":"name","description":"Region name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start","description":"Start address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"End address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mounts","description":"System mounted devices and filesystems (not process specific).","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Mounted device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_alias","description":"Mounted device alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Mounted device path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Mounted device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Block size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Mounted device used blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_free","description":"Mounted device free blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_available","description":"Mounted device available blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Mounted device used inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_free","description":"Mounted device free inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Mounted device flags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"msr","description":"Various pieces of data stored in the model specific register per processor. NOTE: the msr kernel module must be enabled, and osquery must be run as root.","platforms":["linux"],"columns":[{"name":"processor_number","description":"The processor number as reported in /proc/cpuinfo","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_disabled","description":"Whether the turbo feature is disabled.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_ratio_limit","description":"The turbo feature ratio limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_info","description":"Platform information.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_ctl","description":"Performance setting for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_status","description":"Performance status for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"feature_control","description":"Bitfield controlling enabled features.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_limit","description":"Run Time Average Power Limiting power limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_energy_status","description":"Run Time Average Power Limiting energy status.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_units","description":"Run Time Average Power Limiting power units.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"nfs_shares","description":"NFS shares exported by the host.","platforms":["darwin"],"columns":[{"name":"share","description":"Filesystem path to the share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Options string set on the export share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly","description":"1 if the share is exported readonly else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"npm_packages","description":"Node packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package-supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Package-supplied author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where node_modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"ntdomains","description":"Display basic NT domain information of a Windows machine.","platforms":["windows"],"columns":[{"name":"name","description":"The label by which the object is known.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"client_site_name","description":"The name of the site where the domain controller is configured.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dc_site_name","description":"The name of the site where the domain controller is located.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_forest_name","description":"The name of the root of the DNS tree.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_address","description":"The IP Address of the discovered domain controller..","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_name","description":"The name of the discovered domain controller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_name","description":"The name of the domain.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"The current status of the domain object.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_acl_permissions","description":"Retrieve NTFS ACL permission information for files and directories.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the file or directory.","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"type","description":"Type of access mode for the access control entry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"principal","description":"User or group to which the ACE applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"access","description":"Specific permissions that indicate the rights described by the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inherited_from","description":"The inheritance policy of the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_journal_events","description":"Track time/action changes to files specified in configuration data.","platforms":["windows"],"columns":[{"name":"action","description":"Change action (Write, Delete, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category that the event originated from","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"old_path","description":"Old path (renames only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_timestamp","description":"Journal record timestamp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_usn","description":"The update sequence number that identifies the journal record","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"node_ref_number","description":"The ordinal that associates a journal record with a filename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent_ref_number","description":"The ordinal that associates a journal record with a filename's parent directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"The drive letter identifying the source journal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"file_attributes","description":"File attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"Set to 1 if either path or old_path only contains the file or folder name","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"nvram","description":"Apple NVRAM variable listing.","platforms":["darwin"],"columns":[{"name":"name","description":"Variable name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Data type (CFData, CFString, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Raw variable data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"oem_strings","description":"OEM defined strings retrieved from SMBIOS.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the Type 11 structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"The string index of the structure","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The value of the OEM string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"office_mru","description":"View recently opened Office documents.","platforms":["windows"],"columns":[{"name":"application","description":"Associated Office application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Office application version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"Most recent opened time file was opened","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"os_version","description":"A single row containing the operating system name and version.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Distribution or product name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Pretty, suitable for presentation, OS version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major","description":"Major release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor","description":"Minor release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"patch","description":"Optional patch release","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build","description":"Optional build-specific or variant string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"OS Platform or ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_like","description":"Closely related platforms","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"codename","description":"OS version codename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"OS Architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"The install date of the OS.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"osquery_events","description":"Information about the event publishers and subscribers.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Event publisher or subscriber name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the associated publisher","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either publisher or subscriber","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscriptions","description":"Number of subscriptions the publisher received or subscriber used","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"events","description":"Number of events emitted or received since osquery started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refreshes","description":"Publisher only: number of runloop restarts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 if the publisher or subscriber is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_extensions","description":"List of active osquery extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"uuid","description":"The transient ID assigned for communication","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension's version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk_version","description":"osquery SDK version used to build the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the extension's Thrift connection or library path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"SDK extension type: core, extension, or module","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_flags","description":"Configurable flags that modify osquery's behavior.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Flag name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Flag type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Flag description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_value","description":"Flag default value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Flag value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell_only","description":"Is the flag shell only?","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_info","description":"Top level information about the running version of osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread/handle) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_id","description":"Unique, long-lived ID per instance of osquery","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"osquery toolkit version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_hash","description":"Hash of the working configuration state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_valid","description":"1 if the config was loaded and considered valid, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"extensions","description":"osquery extensions status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_platform","description":"osquery toolkit build platform","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_distro","description":"osquery toolkit platform distribution name (os version)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"UNIX time in seconds when the process started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"watcher","description":"Process (or thread/handle) ID of optional watcher process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_mask","description":"The osquery platform bitmask","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_packs","description":"Information about the current query packs that are loaded in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query pack","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"Platforms this query is supported on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Minimum osquery version that this query will run on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shard","description":"Shard restriction limit, 1-100, 0 meaning no restriction","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_cache_hits","description":"The number of times that the discovery query used cached values since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_executions","description":"The number of times that the discovery queries have been executed since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_registry","description":"List the osquery registry plugins.","platforms":["darwin","linux","windows"],"columns":[{"name":"registry","description":"Name of the osquery registry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the plugin item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uuid","description":"Extension route UUID (0 for core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internal","description":"1 If the plugin is internal else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If this plugin is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_schedule","description":"Information about the current queries that are scheduled in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The exact query to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"The interval in seconds to run this query, not an exact interval","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"executions","description":"Number of times the query was executed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_executed","description":"UNIX time stamp in seconds of the last completed execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"denylisted","description":"1 if the query is denylisted else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"output_size","description":"Cumulative total number of bytes generated by the resultant rows of the query","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time","description":"Total wall time in seconds spent executing (deprecated), hidden=True","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time_ms","description":"Total wall time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_wall_time_ms","description":"Wall time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"Total user time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_user_time","description":"User time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"Total system time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_system_time","description":"System time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"average_memory","description":"Average of the bytes of resident memory left allocated after collecting results","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_memory","description":"Resident memory in bytes left allocated after collecting results of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_bom","description":"macOS package bill of materials (BOM) file list.","platforms":["darwin"],"columns":[{"name":"filepath","description":"Package file or directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Expected user of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Expected group of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Expected permissions","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Timestamp the file was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of package bom","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"package_install_history","description":"macOS package install history.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Label packageIdentifiers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Label date as UNIX timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package display version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Install source: usually the installer process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"content_type","description":"Package content_type (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_receipts","description":"macOS package receipt details.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Package domain identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_filename","description":"Filename of original .pkg file","type":"text","notes":"","hidden":true,"required":false,"index":true},{"name":"version","description":"Installed package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Optional relative install path on volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Timestamp of install time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"installer_name","description":"Name of installer process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of receipt plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"password_policy","description":"Password Policies for macOS.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID for the policy, -1 for policies that are global","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"policy_identifier","description":"Policy Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_content","description":"Policy content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_description","description":"Policy description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"patches","description":"Lists all the patches applied. Note: This does not include patches applied via MSI or downloaded from Windows Update (e.g. Service Packs).","platforms":["windows"],"columns":[{"name":"csname","description":"The name of the host the patch is installed on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hotfix_id","description":"The KB ID of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Short description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Fuller description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fix_comments","description":"Additional comments about the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_by","description":"The system context in which the patch as installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_on","description":"The date when the patch was installed.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pci_devices","description":"PCI devices active on the host system.","platforms":["darwin","linux"],"columns":[{"name":"pci_slot","description":"PCI Device used slot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class","description":"PCI Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"PCI Device used driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"PCI Device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded PCI Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"PCI Device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded PCI Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class_id","description":"PCI Device class ID in hex format","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass_id","description":"PCI Device subclass in hex format","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass","description":"PCI Device subclass","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor_id","description":"Vendor ID of PCI device subsystem","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor","description":"Vendor of PCI device subsystem","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model_id","description":"Model ID of PCI device subsystem","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model","description":"Device description of PCI device subsystem","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"physical_disk_performance","description":"Provides provides raw data from performance counters that monitor hard or fixed disk drives on the system.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the physical disk","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_read","description":"Average number of bytes transferred from the disk during read operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_write","description":"Average number of bytes transferred to the disk during write operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_read_queue_length","description":"Average number of read requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_write_queue_length","description":"Average number of write requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_read","description":"Average time, in seconds, of a read operation of data from the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_write","description":"Average time, in seconds, of a write operation of data to the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_disk_queue_length","description":"Number of requests outstanding on the disk at the time the performance data is collected","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_read_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_write_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read or write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_idle_time","description":"Percentage of time during the sample interval that the disk was idle","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pipes","description":"Named and Anonymous pipes.","platforms":["windows"],"columns":[{"name":"pid","description":"Process ID of the process to which the pipe belongs","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the pipe","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instances","description":"Number of instances of the named pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_instances","description":"The maximum number of instances creatable for this pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"The flags indicating whether this pipe connection is a server or client end, and if the pipe for sending messages or bytes","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"platform_info","description":"Information about EFI/UEFI/ROM and platform/boot.","platforms":["darwin","linux","windows"],"columns":[{"name":"vendor","description":"Platform code vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Platform code version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Self-reported platform code update date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"BIOS major and minor revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Platform-specific additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_type","description":"The type of firmware (uefi, bios, iboot, openfirmware, unknown).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Relative address of firmware mapping","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"size","description":"Size in bytes of firmware","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"volume_size","description":"(Optional) size of firmware volume","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"plist","description":"Read and parse a plist file.","platforms":["darwin"],"columns":[{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subkey","description":"Intermediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"(required) read preferences from a plist","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"portage_keywords","description":"A summary about portage configurations like keywords, mask and unmask.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keyword","description":"The keyword applied to the package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"If the package is masked","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"unmask","description":"If the package is unmasked","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_packages","description":"List of currently installed packages.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"The slot used by package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Unix time when package was built","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"repository","description":"From which repository the ebuild was used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eapi","description":"The eapi for the ebuild","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the package","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"world","description":"If package is in the world file","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_use","description":"List of enabled portage USE values for specific package.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version of the installed package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"USE flag which has been enabled for package","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"power_sensors","description":"Machine power (currents, voltages, wattages, etc) sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"category","description":"The sensor category: currents, voltage, wattage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of power source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Power in Watts","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"powershell_events","description":"Powershell script blocks reconstructed to their full script content, this table requires script block logging to be enabled.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received by the osquery event publisher","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the Powershell script event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_id","description":"The unique GUID of the powershell script to which this block belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_count","description":"The total number of script blocks for this script","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"The text content of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_name","description":"The name of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_path","description":"The path for the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cosine_similarity","description":"How similar the Powershell script is to a provided 'normal' character frequency","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"preferences","description":"macOS defaults and managed preferences.","platforms":["darwin"],"columns":[{"name":"domain","description":"Application ID usually in com.name.product format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"subkey","description":"Intemediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"forced","description":"1 if the value is forced/managed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"(optional) read preferences for a specific user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"'current' or 'any' host, where 'current' takes precedence","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prefetch","description":"Prefetch files show metadata related to file execution.","platforms":["windows"],"columns":[{"name":"path","description":"Prefetch file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Executable filename.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash","description":"Prefetch CRC hash.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Most recent time application was run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"other_run_times","description":"Other execution times in prefetch file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_count","description":"Number of times the application has been run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Application file size.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_creation","description":"Volume creation time.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files_count","description":"Number of files accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories_count","description":"Number of directories accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files","description":"Files accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories","description":"Directories accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_envs","description":"A key/value table of environment variables for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_events","description":"Track time/action process executions.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File mode permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_size","description":"Actual size (bytes) of command line arguments","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env_size","description":"Actual size (bytes) of environment list","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"File owner user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_gid","description":"File owner group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"File last access in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"File modification in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"File last metadata change in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"File creation in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"overflows","description":"List of structures that overflowed","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"parent","description":"Process parent's PID, or -1 if cannot be determined.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"status","description":"OpenBSM Attribute: Status of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"fsuid","description":"Filesystem user ID at process start","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"suid","description":"Saved user ID at process start","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"fsgid","description":"Filesystem group ID at process start","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"sgid","description":"Saved group ID at process start","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"syscall","description":"Syscall name: fork, vfork, clone, execve, execveat","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"process_file_events","description":"A File Integrity Monitor implementation using the audit service.","platforms":["linux"],"columns":[{"name":"operation","description":"Operation type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"executable","description":"The executable path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"True if this is a partial event (i.e.: this process existed before we started osquery)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The current working directory of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_path","description":"The canonical path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The uid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"The gid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsgid","description":"Filesystem group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"process_memory_map","description":"Process memory mapped files and pseudo device/regions.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"start","description":"Virtual start address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"Virtual end address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"r=read, w=write, x=execute, p=private (cow)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"Offset into mapped path","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"MA:MI Major/minor device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Mapped path inode, 0 means uninitialized (BSS)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to mapped file or mapped type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pseudo","description":"1 If path is a pseudo path, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_namespaces","description":"Linux namespaces for processes running on the host system.","platforms":["linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"cgroup_namespace","description":"cgroup namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipc_namespace","description":"ipc namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mnt_namespace","description":"mnt namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"net namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_namespace","description":"pid namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_namespace","description":"user namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uts_namespace","description":"uts namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_files","description":"File descriptors for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Process-specific file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Filesystem path of descriptor","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_pipes","description":"Pipes and partner processes for each process.","platforms":["linux"],"columns":[{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"File descriptor","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Pipe open mode (r/w)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Pipe inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Pipe Type: named vs unnamed/anonymous","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_pid","description":"Process ID of partner process sharing a particular pipe","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_fd","description":"File descriptor of shared pipe at partner's end","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_mode","description":"Mode of shared pipe at partner's end","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_sockets","description":"Processes which have open network sockets on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Socket local address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Socket remote address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Socket local port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Socket remote port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"For UNIX sockets (family=AF_UNIX), the domain path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"TCP socket state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"programs","description":"Represents products as they are installed by Windows Installer. A product generally correlates to one installation package on Windows. Some fields may be blank as Windows installation details are left to the discretion of the product author.","platforms":["windows"],"columns":[{"name":"name","description":"Commonly used product name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Product version information.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_location","description":"The installation location directory of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_source","description":"The installation source of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"language","description":"The language of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the product supplier.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uninstall_string","description":"Path and filename of the uninstaller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Date that this product was installed on the system. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifying_number","description":"Product identification such as a serial number on software, or a die number on a hardware chip.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prometheus_metrics","description":"Retrieve metrics from a Prometheus server.","platforms":["darwin","linux"],"columns":[{"name":"target_name","description":"Address of prometheus target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_name","description":"Name of collected Prometheus metric","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_value","description":"Value of collected Prometheus metric","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp_ms","description":"Unix timestamp of collected data in MS","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"python_packages","description":"Python packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where Python modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"quicklook_cache","description":"Files and thumbnails within macOS's Quicklook Cache.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rowid","description":"Quicklook file rowid key","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"fs_id","description":"Quicklook file fs_id key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_id","description":"Parsed volume ID from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Parsed file ID (inode) from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Parsed version date field","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Parsed version size field","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Parsed version 'gen' field","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_hit_date","description":"Apple date format for last thumbnail cache hit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hit_count","description":"Number of cache hits on thumbnail","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icon_mode","description":"Thumbnail icon mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cache_path","description":"Path to cache data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"registry","description":"All of the Windows registry hives.","platforms":["windows"],"columns":[{"name":"key","description":"Name of the key to search for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Full path to the value","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the registry value entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the registry value, or 'subkey' if item is a subkey","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data content of registry value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"timestamp of the most recent registry write","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"routes","description":"The active route table for the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"destination","description":"Destination IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Netmask length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Route gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Route source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags to describe route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Route local interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Maximum Transmission Unit for the route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Cost of route. Lowest is preferred","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of route","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hopcount","description":"Max hops expected","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"rpm_package_files","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"package","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"path","description":"File path within the package","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"username","description":"File default username from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"File default groupname from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File permissions mode from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size in bytes from RPM info DB","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 file digest from RPM info DB","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"rpm_packages","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"name","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"release","description":"Package release","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source RPM package name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the package contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Architecture(s) supported","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"epoch","description":"Package epoch value","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"install_time","description":"When the package was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Package vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_group","description":"Package group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"running_apps","description":"macOS applications currently running on the host system.","platforms":["darwin"],"columns":[{"name":"pid","description":"The pid of the application","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_identifier","description":"The bundle identifier of the application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"is_active","description":"(DEPRECATED)","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"safari_extensions","description":"Safari browser extension details for all users.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension long version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Bundle SDK used to compile extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Optional developer identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional extension description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension XAR bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sandboxes","description":"macOS application sandboxes container details.","platforms":["darwin"],"columns":[{"name":"label","description":"UTI-format bundle or label ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Sandbox owner","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Application sandboxings enabled on container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_id","description":"Sandbox-specific identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"Application bundle used by the sandbox","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to sandbox container directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"scheduled_tasks","description":"Lists all of the tasks in the Windows task scheduler.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Actions executed by the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the executable to be run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether or not the scheduled task is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"Whether or not the task is visible in the UI","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Timestamp the task last ran","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"next_run_time","description":"Timestamp the task is scheduled to run next","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_message","description":"Exit status message of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_code","description":"Exit status code of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"screenlock","description":"macOS screenlock status. Note: only fetches results for osquery's current logged-in user context. The user must also have recently logged in.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 If a password is required after sleep or the screensaver begins; else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grace_period","description":"The amount of time in seconds the screen must be asleep or the screensaver on before a password is required on-wake. 0 = immediately; -1 = no password is required on-wake","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"seccomp_events","description":"A virtual table that tracks seccomp events.","platforms":["linux"],"columns":[{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID (loginuid) of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ses","description":"Session ID of the session from which the analyzed process was invoked","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exe","description":"The path to the executable that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sig","description":"Signal value sent to process by seccomp","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Information about the CPU architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"Type of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compat","description":"Is system call in compatibility mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ip","description":"Instruction pointer value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code","description":"The seccomp action","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"secureboot","description":"Secure Boot UEFI Settings.","platforms":["linux","windows"],"columns":[{"name":"secure_boot","description":"Whether secure boot is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"setup_mode","description":"Whether setup mode is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"security_profile_info","description":"Information on the security profile of a given system by listing the system Account and Audit Policies. This table mimics the exported securitypolicy output from the secedit tool.","platforms":["windows"],"columns":[{"name":"minimum_password_age","description":"Determines the minimum number of days that a password must be used before the user can change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_password_age","description":"Determines the maximum number of days that a password can be used before the client requires the user to change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_password_length","description":"Determines the least number of characters that can make up a password for a user account","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_complexity","description":"Determines whether passwords must meet a series of strong-password guidelines","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_history_size","description":"Number of unique new passwords that must be associated with a user account before an old password can be reused","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lockout_bad_count","description":"Number of failed logon attempts after which a user account MUST be locked out","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_to_change_password","description":"Determines if logon session is required to change the password","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"force_logoff_when_expire","description":"Determines whether SMB client sessions with the SMB server will be forcibly disconnected when the client's logon hours expire","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"new_administrator_name","description":"Determines the name of the Administrator account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"new_guest_name","description":"Determines the name of the Guest account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"clear_text_password","description":"Determines whether passwords MUST be stored by using reversible encryption","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lsa_anonymous_name_lookup","description":"Determines if an anonymous user is allowed to query the local LSA policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_admin_account","description":"Determines whether the Administrator account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_guest_account","description":"Determines whether the Guest account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_system_events","description":"Determines whether the operating system MUST audit System Change, System Startup, System Shutdown, Authentication Component Load, and Loss or Excess of Security events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_logon_events","description":"Determines whether the operating system MUST audit each instance of a user attempt to log on or log off this computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_object_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access a non-Active Directory object that has its own SACL specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_privilege_use","description":"Determines whether the operating system MUST audit each instance of user attempts to exercise a user right","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_policy_change","description":"Determines whether the operating system MUST audit each instance of user attempts to change user rights assignment policy, audit policy, account policy, or trust policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_manage","description":"Determines whether the operating system MUST audit each event of account management on a computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_process_tracking","description":"Determines whether the operating system MUST audit process-related events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_ds_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access an Active Directory object that has its own system access control list (SACL) specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_logon","description":"Determines whether the operating system MUST audit each time this computer validates the credentials of an account","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"selinux_events","description":"Track SELinux events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"selinux_settings","description":"Track active SELinux settings.","platforms":["linux"],"columns":[{"name":"scope","description":"Where the key is located inside the SELinuxFS mount point.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key or class name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Active value.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"services","description":"Lists all installed Windows services and their relevant data.","platforms":["windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_type","description":"Service Type: OWN_PROCESS, SHARE_PROCESS and maybe Interactive (can interact with the desktop)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Service Display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Service Current status: STOPPED, START_PENDING, STOP_PENDING, RUNNING, CONTINUE_PENDING, PAUSE_PENDING, PAUSED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the Process ID of the service","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"start_type","description":"Service start type: BOOT_START, SYSTEM_START, AUTO_START, DEMAND_START, DISABLED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win32_exit_code","description":"The error code that the service uses to report an error that occurs when it is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_exit_code","description":"The service-specific error code that the service returns when an error occurs while the service is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Service Executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_path","description":"Path to ServiceDll","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Service Description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account","description":"The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\\UserName. If the account belongs to the built-in domain, the name can be of the form .\\UserName.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shadow","description":"Local system users encrypted passwords and related information. Please note, that you usually need superuser rights to access `/etc/shadow`.","platforms":["linux"],"columns":[{"name":"password_status","description":"Password status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash_alg","description":"Password hashing algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Date of last password change (starting from UNIX epoch date)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimal number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"warning","description":"Number of days before password expires to warn user about it","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Number of days after password expires until account is blocked","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"expire","description":"Number of days since UNIX epoch date until account is disabled","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flag","description":"Reserved","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"shared_folders","description":"Folders available to others via SMB or AFP.","platforms":["darwin"],"columns":[{"name":"name","description":"The shared name of the folder as it appears to other users","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute path of shared folder on the local system","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_memory","description":"OS shared memory regions.","platforms":["linux"],"columns":[{"name":"shmid","description":"Shared memory segment ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"User ID of owning process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_uid","description":"User ID of creator process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID to last use the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_pid","description":"Process ID that created the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Attached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"dtime","description":"Detached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Changed time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Memory segment permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"attached","description":"Number of attached processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Destination/attach status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"locked","description":"1 if segment is locked else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_resources","description":"Displays shared resources on a computer system running Windows. This may be a disk drive, printer, interprocess communication, or other sharable device.","platforms":["windows"],"columns":[{"name":"description","description":"A textual description of the object","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the object was installed. Lack of a value does not indicate that the object is not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"String that indicates the current status of the object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_maximum","description":"Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_allowed","description":"Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Alias given to a path set up as a share on a computer system running Windows.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local path of the Windows share.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Human readable value for the 'type' column","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sharing_preferences","description":"macOS Sharing preferences.","platforms":["darwin"],"columns":[{"name":"screen_sharing","description":"1 If screen sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"file_sharing","description":"1 If file sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"printer_sharing","description":"1 If printer sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_login","description":"1 If remote login is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_management","description":"1 If remote management is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_apple_events","description":"1 If remote apple events are enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internet_sharing","description":"1 If internet sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bluetooth_sharing","description":"1 If bluetooth sharing is enabled for any user else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disc_sharing","description":"1 If CD or DVD sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content_caching","description":"1 If content caching is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shell_history","description":"A line-delimited (command) table of per-user .*_history data.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"Shell history owner","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp. It could be absent, default value is 0.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Unparsed date/line/command history line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"history_file","description":"Path to the .*_history for this user","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shellbags","description":"Shows directories accessed via Windows Explorer.","platforms":["windows"],"columns":[{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Shellbags source Registry file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Directory name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Directory Modified time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_time","description":"Directory Created time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_time","description":"Directory Accessed time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_entry","description":"Directory master file table entry.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_sequence","description":"Directory master file table sequence.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shimcache","description":"Application Compatibility Cache, contains artifacts of execution.","platforms":["windows"],"columns":[{"name":"entry","description":"Execution order.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the executed file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"File Modified time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"execution_flag","description":"Boolean Execution flag, 1 for execution, 0 for no execution, -1 for missing (this flag does not exist on Windows 10 and higher).","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"signature","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["darwin"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"hash_resources","description":"Set to 1 to also hash resources, or 0 otherwise. Default is 1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"If applicable, the arch of the signed code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"1 If the file is signed else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"The signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Hash of the application Code Directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_identifier","description":"The team signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority","description":"Certificate Common Name","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sip_config","description":"Apple's System Integrity Protection (rootless) status.","platforms":["darwin"],"columns":[{"name":"config_flag","description":"The System Integrity Protection config flag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled_nvram","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smbios_tables","description":"BIOS (DMI) structure common details and content.","platforms":["darwin","linux"],"columns":[{"name":"number","description":"Table entry number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Table entry type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Table entry description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handle","description":"Table entry handle","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"header_size","description":"Header size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Table entry size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smc_keys","description":"Apple's system management controller keys.","platforms":["darwin"],"columns":[{"name":"key","description":"4-character key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"SMC-reported type literal type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Reported size of data in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"A type-encoded representation of the key value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"1 if this key is normally hidden, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"socket_events","description":"Track network socket opens and closes.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"The socket action (bind, listen, close)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Either 'succeeded', 'failed', 'in_progress' (connect() on non-blocking socket) or 'no_client' (null accept() on non-blocking socket)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"The local path (UNIX domain socket only)","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"success","description":"Deprecated. Use the 'status' column instead","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ssh_configs","description":"A table of parsed ssh_configs.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local owner of the ssh_config file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block","description":"The host or match block","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"The option and value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_config_file","description":"Path to the ssh_config file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"startup_items","description":"Applications and binaries set as user/login startup items.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Name of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"args","description":"Arguments provided to startup executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Startup Item or Login Item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Directory or plist containing startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Startup status; either enabled or disabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"The user associated with the startup item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sudoers","description":"Rules for running commands as other users via sudo.","platforms":["darwin","linux"],"columns":[{"name":"source","description":"Source file containing the given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"header","description":"Symbol for given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rule_details","description":"Rule definition","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"suid_bin","description":"suid binaries in common locations.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Binary owner username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Binary owner group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Binary permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"syslog_events","description":"","platforms":["linux"],"columns":[{"name":"time","description":"Current unix epoch time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Time known to syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Hostname configured for syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"severity","description":"Syslog severity","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Syslog facility","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tag","description":"The syslog tag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"The syslog message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"system_controls","description":"sysctl names, values, and settings information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Full sysctl MIB name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"oid","description":"Control MIB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"Subsystem ID, control type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_value","description":"Value of setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_value","description":"The MIB value set in /etc/sysctl.conf","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Data type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"field_name","description":"Specific attribute of opaque type","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"system_extensions","description":"macOS (>= 10.15) system extension table.","platforms":["darwin"],"columns":[{"name":"path","description":"Original path of system extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"UUID","description":"Extension unique id","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"System extension state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Identifier name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"System extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"System extension category","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"System extension bundle path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team","description":"Signing team ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mdm_managed","description":"1 if managed by MDM system extension payload configuration, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"system_info","description":"System information for identification.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Network hostname including domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"CPU type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"CPU subtype","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_brand","description":"CPU brand string, contains vendor and model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_physical_cores","description":"Number of physical CPU cores in to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_logical_cores","description":"Number of logical CPU cores available to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_microcode","description":"Microcode version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_memory","description":"Total physical memory in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_vendor","description":"Hardware vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hardware model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_version","description":"Hardware version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_serial","description":"Device serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_vendor","description":"Board vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_model","description":"Board model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_version","description":"Board version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_serial","description":"Board serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Friendly computer name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Local hostname (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"systemd_units","description":"Track systemd units.","platforms":["linux"],"columns":[{"name":"id","description":"Unique unit identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Unit description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"load_state","description":"Reflects whether the unit definition was properly loaded","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"active_state","description":"The high-level unit activation state, i.e. generalization of SUB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sub_state","description":"The low-level unit activation state, values depend on unit type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"following","description":"The name of another unit that this unit follows in state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_path","description":"The object path for this unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_id","description":"Next queued job id","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"job_type","description":"Job type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_path","description":"The object path for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fragment_path","description":"The unit file path this unit was read from, if there is any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The configured user, if any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_path","description":"Path to the (possibly generated) unit configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"temperature_sensors","description":"Machine's temperature sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of temperature source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"celsius","description":"Temperature in Celsius","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"fahrenheit","description":"Temperature in Fahrenheit","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time","description":"Track current date and time in UTC.","platforms":["darwin","linux","windows"],"columns":[{"name":"weekday","description":"Current weekday in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"year","description":"Current year in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"Current month in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"day","description":"Current day in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"Current hour in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Current minutes in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Current seconds in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timezone","description":"Timezone for reported time (hardcoded to UTC)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_timezone","description":"Current local timezone in of the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unix_time","description":"Current UNIX time in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp","description":"Current timestamp (log format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Current date and time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iso_8601","description":"Current time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win_timestamp","description":"Timestamp value in 100 nanosecond units","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"time_machine_backups","description":"Backups to drives using TimeMachine.","platforms":["darwin"],"columns":[{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"backup_date","description":"Backup Date","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time_machine_destinations","description":"Locations backed up to using Time Machine.","platforms":["darwin"],"columns":[{"name":"alias","description":"Human readable name of drive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"consistency_scan_date","description":"Consistency scan date","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"root_volume_uuid","description":"Root UUID of backup volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_available","description":"Bytes available on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_used","description":"Bytes used on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption","description":"Last known encrypted state","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"tpm_info","description":"A table that lists the TPM related information.","platforms":["windows"],"columns":[{"name":"activated","description":"TPM is activated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"TPM is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owned","description":"TPM is owned","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_version","description":"TPM version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_id","description":"TPM manufacturers ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_name","description":"TPM manufacturers name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"product_name","description":"Product name of the TPM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_presence_version","description":"Version of the Physical Presence Interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"spec_version","description":"Trusted Computing Group specification that the TPM supports","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ulimit_info","description":"System resource usage limits.","platforms":["darwin","linux"],"columns":[{"name":"type","description":"System resource to be limited","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"soft_limit","description":"Current limit value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_limit","description":"Maximum limit value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"unified_log","description":"Queries the OSLog framework for entries in the system log. The maximum number of rows returned is limited for performance issues. This table introduces a new idiom for extracting sequential data in batches using multiple queries, ordered by timestamp. To trigger it, the user should include the condition \"timestamp > -1\", and the table will handle pagination.","platforms":["darwin"],"columns":[{"name":"timestamp","description":"unix timestamp associated with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"storage","description":"the storage category for the entry","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"composed message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"activity","description":"the activity ID associate with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"process","description":"the name of the process that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the pid of the process that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"the name of the binary image that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"the tid of the thread that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"the category of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"the subsystem of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"the severity level of the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_rows","description":"the max number of rows returned (defaults to 100)","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"uptime","description":"Track time passed since last boot. Some systems track this as calendar time, some as runtime.","platforms":["darwin","linux","windows"],"columns":[{"name":"days","description":"Days of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hours","description":"Hours of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Minutes of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Seconds of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"total_seconds","description":"Total uptime seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"usb_devices","description":"USB devices that are actively plugged into the host system.","platforms":["darwin","linux"],"columns":[{"name":"usb_address","description":"USB Device used address","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"usb_port","description":"USB Device used port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"USB Device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded USB Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"USB Device version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"USB Device model string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded USB Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"USB Device serial connection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"USB Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subclass","description":"USB Device subclass","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"USB Device protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"removable","description":"1 If USB device is removable else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_events","description":"Track user events from the audit framework.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The file description for the process socket","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Supplied path from event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"The Internet protocol address or family ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"terminal","description":"The network protocol ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"user_groups","description":"Local system user group relationships.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"user_interaction_events","description":"Track user interaction events from macOS' event tapping framework.","platforms":["darwin"],"columns":[{"name":"time","description":"Time","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_ssh_keys","description":"Returns the private keys in the users ~/.ssh directory and whether or not they are encrypted.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the key file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to key file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"encrypted","description":"1 if key is encrypted, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"key_type","description":"The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"userassist","description":"UserAssist Registry Key tracks when a user executes an application from Windows Explorer.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of times the application has been executed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"video_info","description":"Retrieve video card information of the machine.","platforms":["windows"],"columns":[{"name":"color_depth","description":"The amount of bits per pixel to represent color.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"The driver of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_date","description":"The date listed on the installed driver.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_version","description":"The version of the installed driver.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"series","description":"The series of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"video_mode","description":"The current resolution of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"virtual_memory_info","description":"Darwin Virtual Memory statistics.","platforms":["darwin"],"columns":[{"name":"free","description":"Total number of free pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Total number of active pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Total number of inactive pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"speculative","description":"Total number of speculative pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"throttled","description":"Total number of throttled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired","description":"Total number of wired down pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purgeable","description":"Total number of purgeable pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"faults","description":"Total number of calls to vm_faults.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"copy","description":"Total number of copy-on-write pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"zero_fill","description":"Total number of zero filled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"reactivated","description":"Total number of reactivated pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purged","description":"Total number of purged pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_backed","description":"Total number of file backed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"anonymous","description":"Total number of anonymous pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uncompressed","description":"Total number of uncompressed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressor","description":"The number of pages used to store compressed VM pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"decompressed","description":"The total number of pages that have been decompressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressed","description":"The total number of pages that have been compressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_ins","description":"The total number of requests for pages from a pager.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_outs","description":"Total number of pages paged out.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_ins","description":"The total number of compressed pages that have been swapped out to disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_outs","description":"The total number of compressed pages that have been swapped back in from disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_networks","description":"macOS known/remembered Wi-Fi networks list.","platforms":["darwin"],"columns":[{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_connected","description":"Last time this network was connected to as a unix_time","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"passpoint","description":"1 if Passpoint is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"possibly_hidden","description":"1 if network is possibly a hidden network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"roaming","description":"1 if roaming is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"roaming_profile","description":"Describe the roaming profile, usually one of Single, Dual or Multi","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_login","description":"1 if auto login is enabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"temporarily_disabled","description":"1 if this network is temporarily disabled, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 if this network is disabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"add_reason","description":"Shows why this network was added, via menubar or command line or something else ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"added_at","description":"Time this network was added as a unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_portal","description":"1 if this network has a captive portal, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_login_date","description":"Time this network logged in to a captive portal as unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"was_captive_network","description":"1 if this network was previously a captive network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_join","description":"1 if this network set to join automatically, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"personal_hotspot","description":"1 if this network is a personal hotspot, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_status","description":"macOS current WiFi status.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"transmit_rate","description":"The current transmit rate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"The current operating mode for the Wi-Fi interface","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_survey","description":"Scan for nearby WiFi networks.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"winbaseobj","description":"Lists named Windows objects in the default object directories, across all terminal services sessions. Example Windows ojbect types include Mutexes, Events, Jobs and Semaphors.","platforms":["windows"],"columns":[{"name":"session_id","description":"Terminal Services Session Id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"object_name","description":"Object Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_type","description":"Object Type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_crashes","description":"Extracted information from Windows crash logs (Minidumps).","platforms":["windows"],"columns":[{"name":"datetime","description":"Timestamp (log format) of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module","description":"Path of the crashed module within the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the executable file for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID of the crashed thread","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"File version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_uptime","description":"Uptime of the process in seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Multiple stack frames from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_code","description":"The Windows exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_message","description":"The NTSTATUS error message associated with the exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_address","description":"Address (in hex) where the exception occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The values of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line","description":"Command-line string passed to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_directory","description":"Current working directory of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username of the user who ran the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"machine_name","description":"Name of the machine where the crash happened","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major_version","description":"Windows major version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor_version","description":"Windows minor version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_number","description":"Windows build number of the crashing machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Path of the log file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_eventlog","description":"Table for querying all recorded Windows event logs.","platforms":["windows"],"columns":[{"name":"channel","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_range","description":"System time to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"timestamp","description":"Timestamp to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"xpath","description":"The custom query to filter events","type":"text","notes":"","hidden":true,"required":true,"index":false}]},{"name":"windows_events","description":"Windows Event logs.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"The severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"windows_firewall_rules","description":"Provides the list of Windows firewall rules.","platforms":["windows"],"columns":[{"name":"name","description":"Friendly name of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"app_name","description":"Friendly name of the application to which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Action for the rule or default setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if the rule is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grouping","description":"Group to which an individual rule belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"direction","description":"Direction of traffic for which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"IP protocol of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_addresses","description":"Local addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_addresses","description":"Remote addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ports","description":"Local ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_ports","description":"Remote ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icmp_types_codes","description":"ICMP types and codes for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_domain","description":"1 if the rule profile type is domain","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_private","description":"1 if the rule profile type is private","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_public","description":"1 if the rule profile type is public","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_name","description":"Service name property of the application","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_optional_features","description":"Lists names and installation states of windows features. Maps to Win32_OptionalFeature WMI class.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Caption of feature in settings UI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Installation state value. 1 == Enabled, 2 == Disabled, 3 == Absent","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"statename","description":"Installation state name. 'Enabled','Disabled','Absent'","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_security_center","description":"The health status of Window Security features. Health values can be \"Good\", \"Poor\". \"Snoozed\", \"Not Monitored\", and \"Error\".","platforms":["windows"],"columns":[{"name":"firewall","description":"The health of the monitored Firewall (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"The health of the Windows Autoupdate feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antivirus","description":"The health of the monitored Antivirus solution (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antispyware","description":"Deprecated (always 'Good').","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"internet_settings","description":"The health of the Internet Settings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"windows_security_center_service","description":"The health of the Windows Security Center Service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account_control","description":"The health of the User Account Control (UAC) capability in Windows","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_security_products","description":"Enumeration of registered Windows security products.","platforms":["windows"],"columns":[{"name":"type","description":"Type of security product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of protection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state_timestamp","description":"Timestamp for the product state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remediation_path","description":"Remediation path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signatures_up_to_date","description":"1 if product signatures are up to date, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_update_history","description":"Provides the history of the windows update events.","platforms":["windows"],"columns":[{"name":"client_app_id","description":"Identifier of the client application that processed an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Date and the time an update was applied","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hresult","description":"HRESULT value that is returned from the operation on an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result_code","description":"Result of an operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_selection","description":"Value that indicates which server provided an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_id","description":"Service identifier of an update service that is not a Windows update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"support_url","description":"Hyperlink to the language-specific support information for an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"title","description":"Title of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_id","description":"Revision-independent identifier of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_revision","description":"Revision number of an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_bios_info","description":"Lists important information from the system bios.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_cli_event_consumers","description":"WMI CommandLineEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique name of a consumer.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line_template","description":"Standard string template that specifies the process to be started. This property can be NULL, and the ExecutablePath property is used as the command line.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"executable_path","description":"Module to execute. The string can specify the full path and file name of the module to execute, or it can specify a partial name. If a partial name is specified, the current drive and current directory are assumed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_event_filters","description":"Lists WMI event filters.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier of an event filter.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows Management Instrumentation Query Language (WQL) event query that specifies the set of events for consumer notification, and the specific conditions for notification.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query_language","description":"Query language that the query is written in.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_filter_consumer_binding","description":"Lists the relationship between event consumers and filters.","platforms":["windows"],"columns":[{"name":"consumer","description":"Reference to an instance of __EventConsumer that represents the object path to a logical consumer, the recipient of an event.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filter","description":"Reference to an instance of __EventFilter that represents the object path to an event filter which is a query that specifies the type of event to be received.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_script_event_consumers","description":"WMI ActiveScriptEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier for the event consumer. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"scripting_engine","description":"Name of the scripting engine to use, for example, 'VBScript'. This property cannot be NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_file_name","description":"Name of the file from which the script text is read, intended as an alternative to specifying the text of the script in the ScriptText property.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"Text of the script that is expressed in a language known to the scripting engine. This property must be NULL if the ScriptFileName property is not NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_entries","description":"Database of the machine's XProtect signatures.","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"launch_type","description":"Launch services content type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identity","description":"XProtect identity (SHA1) of content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Use this file name to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filetype","description":"Use this file type to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional","description":"Match any of the identities/patterns for this XProtect name","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uses_pattern","description":"Uses a match pattern instead of identity","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_meta","description":"Database of the machine's XProtect browser-related signatures.","platforms":["darwin"],"columns":[{"name":"identifier","description":"Browser plugin or extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either plugin or extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Developer identity (SHA1) of extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_version","description":"The minimum allowed plugin version.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_reports","description":"Database of XProtect matches (if user generated/sent an XProtect report).","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_action","description":"Action taken by user after prompted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Quarantine alert time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"yara","description":"Triggers one-off YARA query for files at the specified path. Requires one of `sig_group`, `sigfile`, or `sigrule`.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sig_group","description":"Signature group used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigfile","description":"Signature file used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigrule","description":"Signature strings used","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigurl","description":"Signature url","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"yara_events","description":"Track YARA matches for files specified in configuration data.","platforms":["darwin","linux","windows"],"columns":[{"name":"target_path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of the scan","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ycloud_instance_metadata","description":"Yandex.Cloud instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"folder_id","description":"Folder identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostname","description":"Hostname of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_port_enabled","description":"Indicates if serial port is enabled for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metadata_endpoint","description":"Endpoint used to fetch VM metadata","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"yum_sources","description":"Current list of Yum repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"baseurl","description":"Repository base URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mirrorlist","description":"Mirrorlist URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether the repository is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgcheck","description":"Whether packages are GPG checked","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgkey","description":"URL to GPG key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/components/osquery_schema_link.tsx b/x-pack/plugins/osquery/public/components/osquery_schema_link.tsx index 09e1be0923e45c..23d5f4874db519 100644 --- a/x-pack/plugins/osquery/public/components/osquery_schema_link.tsx +++ b/x-pack/plugins/osquery/public/components/osquery_schema_link.tsx @@ -11,7 +11,7 @@ import React from 'react'; export const OsquerySchemaLink = React.memo(() => ( - + diff --git a/x-pack/plugins/osquery/public/editor/osquery_tables.ts b/x-pack/plugins/osquery/public/editor/osquery_tables.ts index 5b2e990fcccca2..18a74cb6ac9b6d 100644 --- a/x-pack/plugins/osquery/public/editor/osquery_tables.ts +++ b/x-pack/plugins/osquery/public/editor/osquery_tables.ts @@ -17,7 +17,7 @@ let osqueryTables: TablesJSON | null = null; export const getOsqueryTables = () => { if (!osqueryTables) { // eslint-disable-next-line @typescript-eslint/no-var-requires - osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.7.0.json')); + osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.10.2.json')); } return osqueryTables; diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx index 9015836a93bcbf..51f046768aface 100644 --- a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx +++ b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx @@ -47,8 +47,8 @@ import { convertECSMappingToArray, convertECSMappingToObject, } from '../../../common/utils/converters'; -import ECSSchema from '../../common/schemas/ecs/v8.7.0.json'; -import osquerySchema from '../../common/schemas/osquery/v5.7.0.json'; +import ECSSchema from '../../common/schemas/ecs/v8.11.0.json'; +import osquerySchema from '../../common/schemas/osquery/v5.10.2.json'; import { FieldIcon } from '../../common/lib/kibana'; import { OsqueryIcon } from '../../components/osquery_icon'; diff --git a/x-pack/plugins/security_solution/common/risk_engine/indices.ts b/x-pack/plugins/security_solution/common/risk_engine/indices.ts index e148985b3139a6..281b4495e0c47b 100644 --- a/x-pack/plugins/security_solution/common/risk_engine/indices.ts +++ b/x-pack/plugins/security_solution/common/risk_engine/indices.ts @@ -13,3 +13,6 @@ export const latestRiskScoreIndexPattern = 'risk-score.risk-score-latest-*'; export const getRiskScoreLatestIndex = (spaceId = 'default') => `${riskScoreBaseIndexName}.risk-score-latest-${spaceId}`; + +export const getRiskScoreTimeSeriesIndex = (spaceId = 'default') => + `${riskScoreBaseIndexName}.risk-score-${spaceId}`; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts index 1214a17c858677..efbf12b3e5e902 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts @@ -103,11 +103,3 @@ export const EMPTY_SEVERITY_COUNT = { [RiskSeverity.moderate]: 0, [RiskSeverity.unknown]: 0, }; - -export const SEVERITY_UI_SORT_ORDER = [ - RiskSeverity.unknown, - RiskSeverity.low, - RiskSeverity.moderate, - RiskSeverity.high, - RiskSeverity.critical, -]; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts index 1bf6ef39097d3b..b5e0c62526a61a 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts @@ -7,7 +7,11 @@ import type { ESQuery } from '../../../../typed_json'; import { RISKY_HOSTS_INDEX_PREFIX, RISKY_USERS_INDEX_PREFIX } from '../../../../constants'; -import { RiskScoreEntity, getRiskScoreLatestIndex } from '../../../../risk_engine'; +import { + RiskScoreEntity, + getRiskScoreLatestIndex, + getRiskScoreTimeSeriesIndex, +} from '../../../../risk_engine'; export { RiskQueries } from '../../../../api/search_strategy'; /** @@ -30,7 +34,9 @@ export const getUserRiskIndex = ( isNewRiskScoreModuleInstalled: boolean ): string => { return isNewRiskScoreModuleInstalled - ? getRiskScoreLatestIndex(spaceId) + ? onlyLatest + ? getRiskScoreLatestIndex(spaceId) + : getRiskScoreTimeSeriesIndex(spaceId) : `${RISKY_USERS_INDEX_PREFIX}${onlyLatest ? 'latest_' : ''}${spaceId}`; }; diff --git a/x-pack/plugins/security_solution/public/actions/constants.ts b/x-pack/plugins/security_solution/public/actions/constants.ts index 95e72e70ccbab7..c477d5c6fc9c13 100644 --- a/x-pack/plugins/security_solution/public/actions/constants.ts +++ b/x-pack/plugins/security_solution/public/actions/constants.ts @@ -4,6 +4,9 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ + +import { FILTER_CELL_ACTION_TYPE, COPY_CELL_ACTION_TYPE } from '@kbn/cell-actions/constants'; + export enum SecurityCellActionsTrigger { DEFAULT = 'security-default-cellActions', DETAILS_FLYOUT = 'security-detailsFlyout-cellActions', @@ -26,3 +29,8 @@ export enum SecurityCellActionType { SHOW_TOP_N = 'security-cellAction-type-showTopN', TOGGLE_COLUMN = 'security-cellAction-type-toggleColumn', } + +export const DefaultCellActionTypes = { + FILTER: FILTER_CELL_ACTION_TYPE, + COPY: COPY_CELL_ACTION_TYPE, +} as const; diff --git a/x-pack/plugins/security_solution/public/actions/filter/index.ts b/x-pack/plugins/security_solution/public/actions/filter/index.ts index 2759d5cc20d36c..b2e492956ecdee 100644 --- a/x-pack/plugins/security_solution/public/actions/filter/index.ts +++ b/x-pack/plugins/security_solution/public/actions/filter/index.ts @@ -9,7 +9,5 @@ export { createFilterInCellActionFactory } from './cell_action/filter_in'; export { createFilterOutCellActionFactory } from './cell_action/filter_out'; export { createFilterInDiscoverCellActionFactory } from './discover/filter_in'; export { createFilterOutDiscoverCellActionFactory } from './discover/filter_out'; -export { createTimelineHistogramFilterInLegendActionFactory } from './lens/filter_in_timeline'; -export { createFilterInHistogramLegendActionFactory } from './lens/filter_in'; -export { createTimelineHistogramFilterOutLegendActionFactory } from './lens/filter_out_timeline'; -export { createFilterOutHistogramLegendActionFactory } from './lens/filter_out'; +export { createFilterInLensAction } from './lens/filter_in'; +export { createFilterOutLensAction } from './lens/filter_out'; diff --git a/x-pack/plugins/security_solution/public/actions/filter/lens/helpers.ts b/x-pack/plugins/security_solution/public/actions/filter/lens/create_action.ts similarity index 72% rename from x-pack/plugins/security_solution/public/actions/filter/lens/helpers.ts rename to x-pack/plugins/security_solution/public/actions/filter/lens/create_action.ts index d138561aab1b63..78a0a9d46ff218 100644 --- a/x-pack/plugins/security_solution/public/actions/filter/lens/helpers.ts +++ b/x-pack/plugins/security_solution/public/actions/filter/lens/create_action.ts @@ -16,15 +16,12 @@ import type { CellValueContext } from '@kbn/embeddable-plugin/public'; import { createAction } from '@kbn/ui-actions-plugin/public'; import { ACTION_INCOMPATIBLE_VALUE_WARNING } from '@kbn/cell-actions/src/actions/translations'; import { i18n } from '@kbn/i18n'; -import { KibanaServices } from '../../../common/lib/kibana'; import { timelineSelectors } from '../../../timelines/store/timeline'; import { fieldHasCellActions, isInSecurityApp, isLensEmbeddable } from '../../utils'; import { TimelineId } from '../../../../common/types'; -import { SecurityCellActionType } from '../../constants'; +import { DefaultCellActionTypes } from '../../constants'; import type { SecurityAppStore } from '../../../common/store'; import type { StartServices } from '../../../types'; -import { HISTOGRAM_LEGEND_ACTION_FILTER_IN } from './filter_in'; -import { HISTOGRAM_LEGEND_ACTION_FILTER_OUT } from './filter_out'; function isDataColumnsValid(data?: CellValueContext['data']): boolean { return ( @@ -34,7 +31,7 @@ function isDataColumnsValid(data?: CellValueContext['data']): boolean { ); } -export const createHistogramFilterLegendActionFactory = ({ +export const createFilterLensAction = ({ id, order, store, @@ -47,14 +44,13 @@ export const createHistogramFilterLegendActionFactory = ({ services: StartServices; negate?: boolean; }) => { - const { application: applicationService } = KibanaServices.get(); + const { application, notifications, data: dataService, topValuesPopover } = services; + let currentAppId: string | undefined; - applicationService.currentAppId$.subscribe((appId) => { + application.currentAppId$.subscribe((appId) => { currentAppId = appId; }); const getTimelineById = timelineSelectors.getTimelineByIdSelector(); - const { notifications } = services; - const { filterManager } = services.data.query; return createAction({ id, @@ -68,7 +64,7 @@ export const createHistogramFilterLegendActionFactory = ({ : i18n.translate('xpack.securitySolution.actions.filterForTimeline', { defaultMessage: `Filter for`, }), - type: SecurityCellActionType.FILTER, + type: DefaultCellActionTypes.FILTER, isCompatible: async ({ embeddable, data }) => !isErrorEmbeddable(embeddable) && isLensEmbeddable(embeddable) && @@ -85,27 +81,19 @@ export const createHistogramFilterLegendActionFactory = ({ }); return; } - if (!field) return; + topValuesPopover.closePopover(); + + const addFilter = negate === true ? addFilterOut : addFilterIn; + const timeline = getTimelineById(store.getState(), TimelineId.active); - services.topValuesPopover.closePopover(); + // timeline is open add the filter to timeline, otherwise add filter to global filters + const filterManager = timeline?.show + ? timeline.filterManager + : dataService.query.filterManager; - if (!negate) { - addFilterIn({ - filterManager: - id === HISTOGRAM_LEGEND_ACTION_FILTER_IN ? filterManager : timeline.filterManager, - fieldName: field, - value, - }); - } else { - addFilterOut({ - filterManager: - id === HISTOGRAM_LEGEND_ACTION_FILTER_OUT ? filterManager : timeline.filterManager, - fieldName: field, - value, - }); - } + addFilter({ filterManager, fieldName: field, value }); }, }); }; diff --git a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in.ts b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in.ts index aee91a849d898b..fae9175879c9f3 100644 --- a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in.ts +++ b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in.ts @@ -8,11 +8,11 @@ import type { SecurityAppStore } from '../../../common/store'; import type { StartServices } from '../../../types'; -import { createHistogramFilterLegendActionFactory } from './helpers'; +import { createFilterLensAction } from './create_action'; -export const HISTOGRAM_LEGEND_ACTION_FILTER_IN = 'histogramLegendActionFilterIn'; +export const ACTION_ID = 'embeddable_filterIn'; -export const createFilterInHistogramLegendActionFactory = ({ +export const createFilterInLensAction = ({ store, order, services, @@ -21,8 +21,8 @@ export const createFilterInHistogramLegendActionFactory = ({ order: number; services: StartServices; }) => - createHistogramFilterLegendActionFactory({ - id: HISTOGRAM_LEGEND_ACTION_FILTER_IN, + createFilterLensAction({ + id: ACTION_ID, order, store, services, diff --git a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in_timeline.ts b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in_timeline.ts deleted file mode 100644 index 6721972f0bcfb8..00000000000000 --- a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in_timeline.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { SecurityAppStore } from '../../../common/store'; - -import type { StartServices } from '../../../types'; -import { createHistogramFilterLegendActionFactory } from './helpers'; - -export const TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_IN = 'timelineHistogramLegendActionFilterIn'; - -export const createTimelineHistogramFilterInLegendActionFactory = ({ - store, - order, - services, -}: { - store: SecurityAppStore; - order: number; - services: StartServices; -}) => - createHistogramFilterLegendActionFactory({ - id: TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_IN, - order, - store, - services, - }); diff --git a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out.ts b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out.ts index 4e32a3bee1b1f1..2b629ac1be8618 100644 --- a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out.ts +++ b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out.ts @@ -8,11 +8,11 @@ import type { SecurityAppStore } from '../../../common/store'; import type { StartServices } from '../../../types'; -import { createHistogramFilterLegendActionFactory } from './helpers'; +import { createFilterLensAction } from './create_action'; -export const HISTOGRAM_LEGEND_ACTION_FILTER_OUT = 'histogramLegendActionFilterOut'; +export const ACTION_ID = 'embeddable_filterOut'; -export const createFilterOutHistogramLegendActionFactory = ({ +export const createFilterOutLensAction = ({ store, order, services, @@ -21,8 +21,8 @@ export const createFilterOutHistogramLegendActionFactory = ({ order: number; services: StartServices; }) => - createHistogramFilterLegendActionFactory({ - id: HISTOGRAM_LEGEND_ACTION_FILTER_OUT, + createFilterLensAction({ + id: ACTION_ID, order, store, services, diff --git a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out_timeline.ts b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out_timeline.ts deleted file mode 100644 index 1712c94c21b791..00000000000000 --- a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out_timeline.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { SecurityAppStore } from '../../../common/store'; - -import type { StartServices } from '../../../types'; -import { createHistogramFilterLegendActionFactory } from './helpers'; - -export const TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_OUT = 'timelineHistogramLegendActionFilterOut'; - -export const createTimelineHistogramFilterOutLegendActionFactory = ({ - store, - order, - services, -}: { - store: SecurityAppStore; - order: number; - services: StartServices; -}) => - createHistogramFilterLegendActionFactory({ - id: TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_OUT, - order, - store, - services, - negate: true, - }); diff --git a/x-pack/plugins/security_solution/public/actions/register.ts b/x-pack/plugins/security_solution/public/actions/register.ts index 5aa0794ae9c49a..46f37f68f48d16 100644 --- a/x-pack/plugins/security_solution/public/actions/register.ts +++ b/x-pack/plugins/security_solution/public/actions/register.ts @@ -13,12 +13,8 @@ import type { StartServices } from '../types'; import { createFilterInCellActionFactory, createFilterInDiscoverCellActionFactory, - createTimelineHistogramFilterInLegendActionFactory, - createFilterInHistogramLegendActionFactory, createFilterOutCellActionFactory, createFilterOutDiscoverCellActionFactory, - createFilterOutHistogramLegendActionFactory, - createTimelineHistogramFilterOutLegendActionFactory, } from './filter'; import { createAddToTimelineLensAction, @@ -41,7 +37,9 @@ import type { SecurityCellActions, } from './types'; import { enhanceActionWithTelemetry } from './telemetry'; -import { registerDiscoverHistogramActions } from './discover_in_timeline/vis_apply_filter'; +import { registerDiscoverHistogramActions } from './register_discover_histogram_actions'; +import { createFilterInLensAction } from './filter/lens/filter_in'; +import { createFilterOutLensAction } from './filter/lens/filter_out'; export const registerUIActions = ( store: SecurityAppStore, @@ -51,45 +49,24 @@ export const registerUIActions = ( registerLensEmbeddableActions(store, services); registerDiscoverCellActions(store, services); registerCellActions(store, history, services); + // TODO: Remove discover histogram actions when timeline esql tab is extracted from discover registerDiscoverHistogramActions(store, history, services); }; const registerLensEmbeddableActions = (store: SecurityAppStore, services: StartServices) => { const { uiActions } = services; + const filterInLegendActions = createFilterInLensAction({ store, order: 2, services }); + uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterInLegendActions); + + const filterOutLegendActions = createFilterOutLensAction({ store, order: 3, services }); + uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterOutLegendActions); + const addToTimelineAction = createAddToTimelineLensAction({ store, order: 4 }); uiActions.addTriggerAction(CELL_VALUE_TRIGGER, addToTimelineAction); const copyToClipboardAction = createCopyToClipboardLensAction({ order: 5 }); uiActions.addTriggerAction(CELL_VALUE_TRIGGER, copyToClipboardAction); - - const filterInTimelineLegendActions = createTimelineHistogramFilterInLegendActionFactory({ - store, - order: 0, - services, - }); - uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterInTimelineLegendActions); - - const filterOutTimelineLegendActions = createTimelineHistogramFilterOutLegendActionFactory({ - store, - order: 1, - services, - }); - uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterOutTimelineLegendActions); - - const filterInLegendActions = createFilterInHistogramLegendActionFactory({ - store, - order: 2, - services, - }); - uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterInLegendActions); - - const filterOutLegendActions = createFilterOutHistogramLegendActionFactory({ - store, - order: 3, - services, - }); - uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterOutLegendActions); }; const registerDiscoverCellActions = (store: SecurityAppStore, services: StartServices) => { diff --git a/x-pack/plugins/security_solution/public/actions/discover_in_timeline/vis_apply_filter.ts b/x-pack/plugins/security_solution/public/actions/register_discover_histogram_actions.ts similarity index 88% rename from x-pack/plugins/security_solution/public/actions/discover_in_timeline/vis_apply_filter.ts rename to x-pack/plugins/security_solution/public/actions/register_discover_histogram_actions.ts index 8c3f9e0214a63a..5235cef932e4fb 100644 --- a/x-pack/plugins/security_solution/public/actions/discover_in_timeline/vis_apply_filter.ts +++ b/x-pack/plugins/security_solution/public/actions/register_discover_histogram_actions.ts @@ -7,9 +7,9 @@ import { createFilterAction } from '@kbn/unified-search-plugin/public'; import type { History } from 'history'; -import type { SecurityAppStore } from '../../common/store'; -import type { StartServices } from '../../types'; -import { EsqlInTimelineTrigger, EsqlInTimelineAction } from '../constants'; +import type { SecurityAppStore } from '../common/store'; +import type { StartServices } from '../types'; +import { EsqlInTimelineTrigger, EsqlInTimelineAction } from './constants'; const createDiscoverHistogramCustomFilterAction = ( store: SecurityAppStore, diff --git a/x-pack/plugins/security_solution/public/cases/pages/index.tsx b/x-pack/plugins/security_solution/public/cases/pages/index.tsx index 041fd9378382e9..dd639862e28126 100644 --- a/x-pack/plugins/security_solution/public/cases/pages/index.tsx +++ b/x-pack/plugins/security_solution/public/cases/pages/index.tsx @@ -11,7 +11,7 @@ import type { CaseViewRefreshPropInterface } from '@kbn/cases-plugin/common'; import { CaseMetricsFeature } from '@kbn/cases-plugin/common'; import { useUiSetting$ } from '@kbn/kibana-react-plugin/public'; import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; -import { RightPanelKey } from '../../flyout/document_details/right'; +import { DocumentDetailsRightPanelKey } from '../../flyout/document_details/right'; import { useTourContext } from '../../common/components/guided_onboarding_tour'; import { AlertsCasesTourSteps, @@ -74,7 +74,7 @@ const CaseContainerComponent: React.FC = () => { if (isSecurityFlyoutEnabled) { openFlyout({ right: { - id: RightPanelKey, + id: DocumentDetailsRightPanelKey, params: { id: alertId, indexName: index, diff --git a/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx b/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx index ca82da005c703d..80e3e0f9f56418 100644 --- a/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx @@ -13,7 +13,7 @@ import { dataTableActions, TableId } from '@kbn/securitysolution-data-table'; import { useUiSetting$ } from '@kbn/kibana-react-plugin/public'; import { timelineActions } from '../../../../timelines/store/timeline'; import { ENABLE_EXPANDABLE_FLYOUT_SETTING } from '../../../../../common/constants'; -import { RightPanelKey } from '../../../../flyout/document_details/right'; +import { DocumentDetailsRightPanelKey } from '../../../../flyout/document_details/right'; import type { SetEventsDeleted, SetEventsLoading, @@ -103,7 +103,7 @@ const RowActionComponent = ({ if (isSecurityFlyoutEnabled && tableId !== TableId.rulePreview) { openFlyout({ right: { - id: RightPanelKey, + id: DocumentDetailsRightPanelKey, params: { id: eventId, indexName, diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/__snapshots__/risk_score_summary.test.ts.snap b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/__snapshots__/risk_score_summary.test.ts.snap new file mode 100644 index 00000000000000..225ff3ef8c7a02 --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/__snapshots__/risk_score_summary.test.ts.snap @@ -0,0 +1,180 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`getRiskScoreSummaryAttributes should render 1`] = ` +Object { + "description": "", + "references": Array [], + "state": Object { + "adHocDataViews": Object { + "2cc5663b-f062-43f8-8688-fc8166c2ca8e": Object { + "allowNoIndex": false, + "fieldAttrs": Object {}, + "fieldFormats": Object {}, + "id": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "name": "risk-score.risk-score-default", + "runtimeFieldMap": Object {}, + "sourceFilters": Array [], + "timeFieldName": "@timestamp", + "title": "risk-score.risk-score-default", + }, + }, + "datasourceStates": Object { + "formBased": Object { + "layers": Object { + "2cc5663b-f062-43f8-8688-fc8166c2ca8e": Object { + "columnOrder": Array [ + "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + ], + "columns": Object { + "2cc5663b-f062-43f8-8688-fc8166c2ca8e": Object { + "customLabel": true, + "dataType": "number", + "filter": Object { + "language": "kuery", + "query": "", + }, + "isBucketed": false, + "label": "Risk value", + "operationType": "last_value", + "params": Object { + "format": Object { + "id": "number", + "params": Object { + "compact": false, + "decimals": 0, + }, + }, + "sortField": "@timestamp", + }, + "reducedTimeRange": "", + "scale": "ratio", + "sourceField": "user.risk.calculated_score_norm", + "timeShift": "", + }, + }, + "ignoreGlobalFilters": false, + "incompleteColumns": Object {}, + "linkToLayers": Array [ + "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + ], + "sampling": 1, + }, + }, + }, + "indexpattern": Object { + "layers": Object {}, + }, + "textBased": Object { + "layers": Object {}, + }, + }, + "filters": Array [ + Object { + "meta": Object { + "alias": null, + "disabled": false, + "key": "host.id", + "negate": false, + "params": Object { + "query": "123", + }, + "type": "phrase", + }, + "query": Object { + "match_phrase": Object { + "host.id": "123", + }, + }, + }, + ], + "internalReferences": Array [ + Object { + "id": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "name": "indexpattern-datasource-layer-2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "type": "index-pattern", + }, + Object { + "id": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "name": "indexpattern-datasource-layer-2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "type": "index-pattern", + }, + ], + "query": Object { + "language": "kql", + "query": "host.name: *", + }, + "visualization": Object { + "layerId": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "layerType": "data", + "metricAccessor": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "palette": Object { + "name": "custom", + "params": Object { + "colorStops": Array [ + Object { + "color": "#98a2b3", + "stop": 0, + }, + Object { + "color": "#54B399", + "stop": 20, + }, + Object { + "color": "#D6BF57", + "stop": 40, + }, + Object { + "color": "#DA8B45", + "stop": 70, + }, + Object { + "color": "#E7664C", + "stop": 90, + }, + ], + "continuity": "above", + "maxSteps": 5, + "name": "custom", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": Array [ + Object { + "color": "#98a2b3", + "stop": 20, + }, + Object { + "color": "#54B399", + "stop": 40, + }, + Object { + "color": "#D6BF57", + "stop": 70, + }, + Object { + "color": "#DA8B45", + "stop": 90, + }, + Object { + "color": "#E7664C", + "stop": 100, + }, + ], + }, + "type": "palette", + }, + "subtitle": "Low", + "trendlineLayerId": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "trendlineLayerType": "metricTrendline", + "trendlineMetricAccessor": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "trendlineTimeAccessor": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + }, + }, + "title": "Risk score summary", + "visualizationType": "lnsMetric", +} +`; diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.test.ts b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.test.ts new file mode 100644 index 00000000000000..4e3aaa69129fcf --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.test.ts @@ -0,0 +1,82 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { RiskScoreEntity } from '../../../../../../../common/risk_engine'; +import { renderHook } from '@testing-library/react-hooks'; +import { wrapper } from '../../../mocks'; +import { useLensAttributes } from '../../../use_lens_attributes'; +import { getRiskScoreSummaryAttributes } from './risk_score_summary'; +import { RiskSeverity } from '../../../../../../../common/search_strategy'; +import type { MetricVisualizationState } from '@kbn/lens-plugin/public'; + +jest.mock('../../../../../containers/sourcerer', () => ({ + useSourcererDataView: jest.fn().mockReturnValue({ + selectedPatterns: ['auditbeat-mytest-*'], + dataViewId: 'security-solution-my-test', + indicesExist: true, + }), +})); + +jest.mock('uuid', () => ({ + v4: jest.fn().mockReturnValue('2cc5663b-f062-43f8-8688-fc8166c2ca8e'), +})); + +describe('getRiskScoreSummaryAttributes', () => { + it('should render', () => { + const { result } = renderHook( + () => + useLensAttributes({ + lensAttributes: getRiskScoreSummaryAttributes({ + severity: RiskSeverity.low, + query: `user.name: test.user`, + spaceId: 'default', + riskEntity: RiskScoreEntity.user, + }), + }), + { wrapper } + ); + + expect(result?.current).toMatchSnapshot(); + }); + + it('renders the subtitle', () => { + const { result } = renderHook( + () => + useLensAttributes({ + lensAttributes: getRiskScoreSummaryAttributes({ + severity: RiskSeverity.low, + query: `user.name: test.user`, + spaceId: 'default', + riskEntity: RiskScoreEntity.user, + }), + }), + { wrapper } + ); + + expect((result?.current?.state.visualization as MetricVisualizationState).subtitle).toBe('Low'); + }); + + it('renders the query when applyGlobalQueriesAndFilters is false', () => { + const query = `test.field: test.user`; + + const { result } = renderHook( + () => + useLensAttributes({ + lensAttributes: getRiskScoreSummaryAttributes({ + severity: RiskSeverity.low, + query, + spaceId: 'default', + riskEntity: RiskScoreEntity.user, + }), + applyGlobalQueriesAndFilters: false, + }), + { wrapper } + ); + + expect(result?.current?.state.query.query).toBe(query); + }); +}); diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.ts b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.ts new file mode 100644 index 00000000000000..728c6e17713734 --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.ts @@ -0,0 +1,193 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { v4 as uuidv4 } from 'uuid'; +import { + SEVERITY_UI_SORT_ORDER, + RISK_SEVERITY_COLOUR, + RISK_SCORE_RANGES, +} from '../../../../../../entity_analytics/common/utils'; +import type { RiskSeverity } from '../../../../../../../common/search_strategy'; +import { RiskScoreEntity, RiskScoreFields } from '../../../../../../../common/search_strategy'; +import type { LensAttributes } from '../../../types'; + +interface GetRiskScoreSummaryAttributesProps { + query?: string; + spaceId?: string; + severity?: RiskSeverity; + riskEntity: RiskScoreEntity; +} + +export const getRiskScoreSummaryAttributes: ( + props: GetRiskScoreSummaryAttributesProps +) => LensAttributes = ({ spaceId, query, severity, riskEntity }) => { + const layerIds = [uuidv4(), uuidv4()]; + const internalReferenceId = uuidv4(); + const columnIds = [uuidv4(), uuidv4(), uuidv4()]; + const sourceField = + riskEntity === RiskScoreEntity.user + ? RiskScoreFields.userRiskScore + : RiskScoreFields.hostRiskScore; + + return { + title: 'Risk score summary', + description: '', + visualizationType: 'lnsMetric', + state: { + visualization: { + layerId: layerIds[0], + layerType: 'data', + metricAccessor: columnIds[0], + trendlineLayerId: layerIds[1], + trendlineLayerType: 'metricTrendline', + trendlineTimeAccessor: columnIds[1], + trendlineMetricAccessor: columnIds[2], + palette: { + type: 'palette', + name: 'custom', + params: { + steps: 3, + name: 'custom', + reverse: false, + rangeType: 'number', + rangeMin: 0, + rangeMax: null, + progression: 'fixed', + colorStops: SEVERITY_UI_SORT_ORDER.map((riskSeverity) => ({ + color: RISK_SEVERITY_COLOUR[riskSeverity], + stop: RISK_SCORE_RANGES[riskSeverity].start, + })), + stops: SEVERITY_UI_SORT_ORDER.map((riskSeverity) => ({ + color: RISK_SEVERITY_COLOUR[riskSeverity], + stop: RISK_SCORE_RANGES[riskSeverity].stop, + })), + continuity: 'above', + maxSteps: 5, + }, + }, + subtitle: severity, + }, + query: { + query: query ?? '', + language: 'kuery', + }, + filters: [], + datasourceStates: { + formBased: { + layers: { + [layerIds[0]]: { + columns: { + [columnIds[0]]: { + label: 'Risk', + dataType: 'number', + operationType: 'max', + isBucketed: false, + scale: 'ratio', + sourceField, + reducedTimeRange: '', + params: { + sortField: '@timestamp', + format: { + id: 'number', + params: { + decimals: 0, + compact: false, + }, + }, + emptyAsNull: true, + }, + customLabel: true, + }, + }, + columnOrder: [columnIds[0]], + incompleteColumns: {}, + }, + [layerIds[1]]: { + linkToLayers: [layerIds[0]], + columns: { + [columnIds[1]]: { + label: '@timestamp', + dataType: 'date', + operationType: 'date_histogram', + sourceField: RiskScoreFields.timestamp, + isBucketed: true, + scale: 'interval', + params: { + interval: 'auto', + includeEmptyRows: true, + dropPartials: false, + }, + }, + [columnIds[2]]: { + label: 'Risk value', + dataType: 'number', + operationType: 'last_value', + isBucketed: false, + scale: 'ratio', + sourceField, + filter: { + query: '', + language: 'kuery', + }, + timeShift: '', + reducedTimeRange: '', + params: { + sortField: '@timestamp', + format: { + id: 'number', + params: { + decimals: 0, + compact: false, + }, + }, + }, + customLabel: true, + }, + }, + columnOrder: [columnIds[1], columnIds[2]], + sampling: 1, + ignoreGlobalFilters: false, + incompleteColumns: {}, + }, + }, + }, + indexpattern: { + layers: {}, + }, + textBased: { + layers: {}, + }, + }, + internalReferences: [ + { + type: 'index-pattern', + id: internalReferenceId, + name: `indexpattern-datasource-layer-${layerIds[0]}`, + }, + { + type: 'index-pattern', + id: internalReferenceId, + name: `indexpattern-datasource-layer-${layerIds[1]}`, + }, + ], + adHocDataViews: { + [internalReferenceId]: { + id: internalReferenceId, + title: `risk-score.risk-score-${spaceId ?? 'default'}`, + timeFieldName: '@timestamp', + sourceFilters: [], + fieldFormats: {}, + runtimeFieldMap: {}, + fieldAttrs: {}, + allowNoIndex: false, + name: `risk-score.risk-score-${spaceId ?? 'default'}`, + }, + }, + }, + references: [], + }; +}; diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx index df564277122cec..fdaa006e15f565 100644 --- a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx @@ -14,7 +14,7 @@ import styled from 'styled-components'; import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem, EuiText } from '@elastic/eui'; import type { RangeFilterParams } from '@kbn/es-query'; import type { ClickTriggerEvent, MultiClickTriggerEvent } from '@kbn/charts-plugin/public'; -import type { XYState } from '@kbn/lens-plugin/public'; +import type { EmbeddableComponentProps, XYState } from '@kbn/lens-plugin/public'; import { setAbsoluteRangeDatePicker } from '../../store/inputs/actions'; import { useKibana } from '../../lib/kibana'; import { useLensAttributes } from './use_lens_attributes'; @@ -24,7 +24,7 @@ import { inputsSelectors } from '../../store'; import { useDeepEqualSelector } from '../../hooks/use_selector'; import { ModalInspectQuery } from '../inspect/modal'; import { InputsModelId } from '../../store/inputs/constants'; -import { getRequestsAndResponses, showLegendActionsByActionId } from './utils'; +import { getRequestsAndResponses } from './utils'; import { SourcererScopeName } from '../../store/sourcerer/model'; import { VisualizationActions } from './actions'; @@ -81,6 +81,7 @@ const LensEmbeddableComponent: React.FC = ({ timerange, width: wrapperWidth, withActions = true, + disableOnClickFilter = false, }) => { const style = useMemo( () => ({ @@ -185,9 +186,10 @@ const LensEmbeddableComponent: React.FC = ({ [onLoad] ); - const onFilterCallback = useCallback( - async (e: ClickTriggerEvent['data'] | MultiClickTriggerEvent['data']) => { - if (!isClickTriggerEvent(e) || preferredSeriesType !== 'area') { + const onFilterCallback = useCallback(() => { + const callback: EmbeddableComponentProps['onFilter'] = async (e) => { + if (!isClickTriggerEvent(e) || preferredSeriesType !== 'area' || disableOnClickFilter) { + e.preventDefault(); return; } // Update timerange when clicking on a dot in an area chart @@ -201,9 +203,14 @@ const LensEmbeddableComponent: React.FC = ({ range: [rangeFilter.gte, rangeFilter.lt], }); } - }, - [createFiltersFromValueClickAction, updateDateRange, preferredSeriesType] - ); + }; + return callback; + }, [ + createFiltersFromValueClickAction, + updateDateRange, + preferredSeriesType, + disableOnClickFilter, + ]); const adHocDataViews = useMemo( () => @@ -218,11 +225,6 @@ const LensEmbeddableComponent: React.FC = ({ [attributes?.state?.adHocDataViews] ); - const shouldShowLegendAction = useCallback( - (actionId: string) => showLegendActionsByActionId({ actionId, scopeId }), - [scopeId] - ); - if (!searchSessionId) { return null; } @@ -286,7 +288,6 @@ const LensEmbeddableComponent: React.FC = ({ showInspector={false} syncTooltips={false} syncCursor={false} - shouldShowLegendAction={shouldShowLegendAction} /> )} diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/types.ts b/x-pack/plugins/security_solution/public/common/components/visualization_actions/types.ts index 854aff1860a2ee..6f513e445660e0 100644 --- a/x-pack/plugins/security_solution/public/common/components/visualization_actions/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/types.ts @@ -79,6 +79,10 @@ export interface LensEmbeddableComponentProps { timerange: { from: string; to: string }; width?: string | number; withActions?: boolean; + /** + * Disable the on click filter for the visualization. + */ + disableOnClickFilter?: boolean; } export enum RequestStatus { diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/utils.ts b/x-pack/plugins/security_solution/public/common/components/visualization_actions/utils.ts index 678cc16c915ef1..ef3aa936d293d8 100644 --- a/x-pack/plugins/security_solution/public/common/components/visualization_actions/utils.ts +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/utils.ts @@ -8,10 +8,6 @@ import type { Filter } from '@kbn/es-query'; import { SecurityPageName } from '../../../../common/constants'; -import { HISTOGRAM_LEGEND_ACTION_FILTER_IN } from '../../../actions/filter/lens/filter_in'; -import { TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_IN } from '../../../actions/filter/lens/filter_in_timeline'; -import { HISTOGRAM_LEGEND_ACTION_FILTER_OUT } from '../../../actions/filter/lens/filter_out'; -import { TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_OUT } from '../../../actions/filter/lens/filter_out_timeline'; import type { Request } from './types'; export const VISUALIZATION_ACTIONS_BUTTON_CLASS = 'histogram-actions-trigger'; @@ -199,28 +195,3 @@ export const parseVisualizationData = (data: string[]): T[] => return acc; } }, [] as T[]); - -export const showLegendActionsByActionId = ({ - actionId, - scopeId, -}: { - actionId: string; - scopeId: string; -}) => { - switch (actionId) { - /** We no longer use Lens' default filter in / out actions - * as extra custom actions needed after filters applied. - * For example: hide the topN panel after filters applied */ - case FILTER_IN_LEGEND_ACTION: - case FILTER_OUT_LEGEND_ACTION: - return false; - case HISTOGRAM_LEGEND_ACTION_FILTER_IN: - case HISTOGRAM_LEGEND_ACTION_FILTER_OUT: - return scopeId !== 'timeline'; - case TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_IN: - case TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_OUT: - return scopeId === 'timeline'; - default: - return true; - } -}; diff --git a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alerts_by_ids.ts b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alerts_by_ids.ts index cb853aa9488c1b..1ac9948818bccd 100644 --- a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alerts_by_ids.ts +++ b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alerts_by_ids.ts @@ -17,6 +17,8 @@ interface UseAlertByIdsOptions { interface Hit { fields: Record; + _index: string; + _id: string; } interface UserAlertByIdsResult { @@ -25,6 +27,9 @@ interface UserAlertByIdsResult { data?: Hit[]; } +// It prevents recreating the array on every hook call +const ALL_FIELD = ['*']; + /** * Fetches the alert documents associated to the ids that are passed. * By default it fetches all fields but they can be limited by passing @@ -32,7 +37,7 @@ interface UserAlertByIdsResult { */ export const useAlertsByIds = ({ alertIds, - fields = ['*'], + fields = ALL_FIELD, }: UseAlertByIdsOptions): UserAlertByIdsResult => { const [initialQuery] = useState(() => generateAlertByIdsQuery(alertIds, fields)); diff --git a/x-pack/plugins/security_solution/public/common/mock/storybook_providers.tsx b/x-pack/plugins/security_solution/public/common/mock/storybook_providers.tsx index 479174a92722fb..6fb3ca1ff0f5b8 100644 --- a/x-pack/plugins/security_solution/public/common/mock/storybook_providers.tsx +++ b/x-pack/plugins/security_solution/public/common/mock/storybook_providers.tsx @@ -14,6 +14,8 @@ import type { CoreStart } from '@kbn/core/public'; import { createKibanaReactContext } from '@kbn/kibana-react-plugin/public'; import { I18nProvider } from '@kbn/i18n-react'; import { CellActionsProvider } from '@kbn/cell-actions'; +import { NavigationProvider } from '@kbn/security-solution-navigation'; +import { CASES_FEATURE_ID } from '../../../common'; import { createStore } from '../store'; import { mockGlobalState } from './global_state'; import { SUB_PLUGINS_REDUCER } from './utils'; @@ -39,11 +41,36 @@ const uiSettings = { const coreMock = { application: { getUrlForApp: () => {}, + capabilities: { [CASES_FEATURE_ID]: {} }, + }, + lens: { + EmbeddableComponent: () => , + }, + cases: { + helpers: { + getUICapabilities: () => ({}), + }, + hooks: { + useCasesAddToExistingCaseModal: () => {}, + useCasesAddToNewCaseFlyout: () => {}, + }, }, data: { query: { filterManager: {}, }, + search: { + session: React.createRef(), + }, + actions: { + createFiltersFromValueClickAction: () => {}, + }, + }, + settings: { + client: { + get: () => {}, + set: () => {}, + }, }, uiSettings, notifications: { @@ -78,13 +105,15 @@ export const StorybookProviders: React.FC = ({ children }) => { return ( - Promise.resolve([])}> - - ({ eui: euiLightVars, darkMode: false })}> - {children} - - - + + Promise.resolve([])}> + + ({ eui: euiLightVars, darkMode: false })}> + {children} + + + + ); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_to_case_actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_to_case_actions.tsx index 50e1e11268e5e6..821a638e893c22 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_to_case_actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_to_case_actions.tsx @@ -29,7 +29,7 @@ export interface UseAddToCaseActions { onSuccess?: () => Promise; isActiveTimelines: boolean; isInDetections: boolean; - refetch: (() => void) | undefined; + refetch?: (() => void) | undefined; } export const useAddToCaseActions = ({ @@ -173,5 +173,6 @@ export const useAddToCaseActions = ({ return { addToCaseActionItems, handleAddToNewCaseClick, + handleAddToExistingCaseClick, }; }; diff --git a/x-pack/plugins/security_solution/public/entity_analytics/common/utils.ts b/x-pack/plugins/security_solution/public/entity_analytics/common/utils.ts new file mode 100644 index 00000000000000..361d6d133a93d5 --- /dev/null +++ b/x-pack/plugins/security_solution/public/entity_analytics/common/utils.ts @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { euiLightVars } from '@kbn/ui-theme'; +import { RiskSeverity } from '../../../common/search_strategy'; +import { SEVERITY_COLOR } from '../../overview/components/detection_response/utils'; + +export const SEVERITY_UI_SORT_ORDER = [ + RiskSeverity.unknown, + RiskSeverity.low, + RiskSeverity.moderate, + RiskSeverity.high, + RiskSeverity.critical, +]; + +export const RISK_SEVERITY_COLOUR: { [k in RiskSeverity]: string } = { + [RiskSeverity.unknown]: euiLightVars.euiColorMediumShade, + [RiskSeverity.low]: SEVERITY_COLOR.low, + [RiskSeverity.moderate]: SEVERITY_COLOR.medium, + [RiskSeverity.high]: SEVERITY_COLOR.high, + [RiskSeverity.critical]: SEVERITY_COLOR.critical, +}; + +export const RISK_SCORE_RANGES = { + [RiskSeverity.unknown]: { start: 0, stop: 20 }, + [RiskSeverity.low]: { start: 20, stop: 40 }, + [RiskSeverity.moderate]: { start: 40, stop: 70 }, + [RiskSeverity.high]: { start: 70, stop: 90 }, + [RiskSeverity.critical]: { start: 90, stop: 100 }, +}; diff --git a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/common/index.tsx b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/common/index.tsx index b28898b384e008..9430690394b49d 100644 --- a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/common/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/common/index.tsx @@ -12,17 +12,9 @@ import { EuiHealth, transparentize } from '@elastic/eui'; import styled, { css } from 'styled-components'; import { euiLightVars } from '@kbn/ui-theme'; +import { RISK_SEVERITY_COLOUR } from '../../../../../entity_analytics/common/utils'; import { WithHoverActions } from '../../../../../common/components/with_hover_actions'; -import { RiskSeverity } from '../../../../../../common/search_strategy'; -import { SEVERITY_COLOR } from '../../../../../overview/components/detection_response/utils'; - -export const RISK_SEVERITY_COLOUR: { [k in RiskSeverity]: string } = { - [RiskSeverity.unknown]: euiLightVars.euiColorMediumShade, - [RiskSeverity.low]: SEVERITY_COLOR.low, - [RiskSeverity.moderate]: SEVERITY_COLOR.medium, - [RiskSeverity.high]: SEVERITY_COLOR.high, - [RiskSeverity.critical]: SEVERITY_COLOR.critical, -}; +import type { RiskSeverity } from '../../../../../../common/search_strategy'; const RiskBadge = styled.div<{ $severity: RiskSeverity; $hideBackgroundColor: boolean }>` ${({ theme, $severity, $hideBackgroundColor }) => css` diff --git a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_badges.tsx b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_badges.tsx index f1ebae08975954..53c7e270f2e314 100644 --- a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_badges.tsx +++ b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_badges.tsx @@ -7,8 +7,9 @@ import { EuiFlexGroup, EuiNotificationBadge, EuiFlexItem } from '@elastic/eui'; import React from 'react'; +import { RISK_SEVERITY_COLOUR } from '../../../../entity_analytics/common/utils'; import type { RiskSeverity } from '../../../../../common/search_strategy'; -import { RiskScoreLevel, RISK_SEVERITY_COLOUR } from './common'; +import { RiskScoreLevel } from './common'; import type { SeverityCount } from './types'; export const SeverityBadges: React.FC<{ diff --git a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_bar.tsx b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_bar.tsx index d53693b6d8e699..847488869bcd3b 100644 --- a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_bar.tsx +++ b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_bar.tsx @@ -9,8 +9,8 @@ import styled from 'styled-components'; import { EuiColorPaletteDisplay } from '@elastic/eui'; import React, { useMemo } from 'react'; +import { RISK_SEVERITY_COLOUR } from '../../../../entity_analytics/common/utils'; import type { RiskSeverity } from '../../../../../common/search_strategy'; -import { RISK_SEVERITY_COLOUR } from './common'; import type { SeverityCount } from './types'; const StyledEuiColorPaletteDisplay = styled(EuiColorPaletteDisplay)` diff --git a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_filter_group.tsx b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_filter_group.tsx index 02ce5e01e88734..1ca7020bc818df 100644 --- a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_filter_group.tsx +++ b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_filter_group.tsx @@ -16,8 +16,8 @@ import { useEuiTheme, } from '@elastic/eui'; +import { SEVERITY_UI_SORT_ORDER } from '../../../../entity_analytics/common/utils'; import type { RiskScoreEntity, RiskSeverity } from '../../../../../common/search_strategy'; -import { SEVERITY_UI_SORT_ORDER } from '../../../../../common/search_strategy'; import type { SeverityCount } from './types'; import { RiskScoreLevel } from './common'; import { ENTITY_RISK_LEVEL } from '../translations'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/content.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/content.tsx index 0684bf05b79246..b4a97832e77ce4 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/content.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/content.tsx @@ -8,7 +8,7 @@ import type { FC } from 'react'; import React, { useCallback } from 'react'; import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; -import { RightPanelKey } from '../right'; +import { DocumentDetailsRightPanelKey } from '../right'; import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers'; import { EndpointIsolateSuccess } from '../../../common/components/endpoint/host_isolation'; import { useHostIsolationTools } from '../../../timelines/components/side_panel/event_details/use_host_isolation_tools'; @@ -32,7 +32,7 @@ export const PanelContent: FC = () => { const showAlertDetails = useCallback( () => openRightPanel({ - id: RightPanelKey, + id: DocumentDetailsRightPanelKey, params: { id: eventId, indexName, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/index.tsx index ff02d7b78a115d..b56282a5426463 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/index.tsx @@ -11,7 +11,8 @@ import type { FlyoutPanelProps } from '@kbn/expandable-flyout'; import { PanelContent } from './content'; import { PanelHeader } from './header'; -export const IsolateHostPanelKey: IsolateHostPanelProps['key'] = 'document-details-isolate-host'; +export const DocumentDetailsIsolateHostPanelKey: IsolateHostPanelProps['key'] = + 'document-details-isolate-host'; export interface IsolateHostPanelProps extends FlyoutPanelProps { key: 'document-details-isolate-host'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts index b36f674892f58d..1ac4fb1c5f2633 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts @@ -11,7 +11,6 @@ import { PREFIX } from '../../../shared/test_ids'; export const ANALYZER_GRAPH_TEST_ID = `${PREFIX}AnalyzerGraph` as const; export const SESSION_VIEW_TEST_ID = `${PREFIX}SessionView` as const; -export const SESSION_VIEW_ERROR_TEST_ID = `${PREFIX}SessionViewError` as const; /* Insights tab */ diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx index a6e4e865adfa8f..049210326c0165 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx @@ -16,7 +16,7 @@ import { tabs } from './tabs'; import { useLeftPanelContext } from './context'; export type LeftPanelPaths = 'visualize' | 'insights' | 'investigation' | 'response'; -export const LeftPanelKey: LeftPanelProps['key'] = 'document-details-left'; +export const DocumentDetailsLeftPanelKey: LeftPanelProps['key'] = 'document-details-left'; export const LeftPanelVisualizeTab: LeftPanelPaths = 'visualize'; export const LeftPanelInsightsTab: LeftPanelPaths = 'insights'; export const LeftPanelInvestigationTab: LeftPanelPaths = 'investigation'; @@ -45,7 +45,7 @@ export const LeftPanel: FC> = memo(({ path }) => { const setSelectedTabId = (tabId: LeftPanelTabsType[number]['id']) => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: tabId, }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx index 3e8c1f22de6221..f3297b57183f3f 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx @@ -20,7 +20,7 @@ import { INSIGHTS_TAB_CORRELATIONS_BUTTON_TEST_ID, } from './test_ids'; import { useLeftPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelInsightsTab } from '..'; +import { DocumentDetailsLeftPanelKey, LeftPanelInsightsTab } from '..'; import { ENTITIES_TAB_ID, EntitiesDetails } from '../components/entities_details'; import { THREAT_INTELLIGENCE_TAB_ID, @@ -86,7 +86,7 @@ export const InsightsTab: React.FC = memo(() => { (optionId: string) => { setActiveInsightsId(optionId); openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: optionId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx index b23d61f19e0539..2ff079feeeb98b 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx @@ -13,7 +13,7 @@ import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import { useLeftPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelVisualizeTab } from '..'; +import { DocumentDetailsLeftPanelKey, LeftPanelVisualizeTab } from '..'; import { VISUALIZE_TAB_BUTTON_GROUP_TEST_ID, VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON_TEST_ID, @@ -64,7 +64,7 @@ export const VisualizeTab: FC = memo(() => { startTransaction({ name: ALERTS_ACTIONS.OPEN_ANALYZER }); } openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelVisualizeTab, subTab: optionId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx index db9f7bb5ba58a6..5bc4ebf31ab40b 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx @@ -13,7 +13,7 @@ import { panels } from './panels'; export type PreviewPanelPaths = 'rule-preview' | 'alert-reason-preview'; export const RulePreviewPanel: PreviewPanelPaths = 'rule-preview'; export const AlertReasonPreviewPanel: PreviewPanelPaths = 'alert-reason-preview'; -export const PreviewPanelKey: PreviewPanelProps['key'] = 'document-details-preview'; +export const DocumentDetailsPreviewPanelKey: PreviewPanelProps['key'] = 'document-details-preview'; export interface PreviewPanelProps extends FlyoutPanelProps { key: 'document-details-preview'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx index 38a80490ea22f8..c97db50a0798b5 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx @@ -12,7 +12,7 @@ import { RightPanelContext } from '../context'; import { TestProviders } from '../../../../common/mock'; import { CorrelationsOverview } from './correlations_overview'; import { CORRELATIONS_TAB_ID } from '../../left/components/correlations_details'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { CORRELATIONS_RELATED_ALERTS_BY_ANCESTRY_TEST_ID, CORRELATIONS_RELATED_ALERTS_BY_SAME_SOURCE_EVENT_TEST_ID, @@ -196,7 +196,7 @@ describe('', () => { getByTestId(TITLE_LINK_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: CORRELATIONS_TAB_ID }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx index a273257ba0fc77..52e66fed55b5df 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx @@ -22,7 +22,7 @@ import { RelatedCases } from './related_cases'; import { useShowRelatedCases } from '../../shared/hooks/use_show_related_cases'; import { CORRELATIONS_TEST_ID } from './test_ids'; import { useRightPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelInsightsTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelInsightsTab } from '../../left'; import { CORRELATIONS_TAB_ID } from '../../left/components/correlations_details'; /** @@ -43,7 +43,7 @@ export const CorrelationsOverview: React.FC = () => { const goToCorrelationsTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: CORRELATIONS_TAB_ID, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.test.tsx index 2cf9276a1853ee..7b99e426c8abce 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.test.tsx @@ -18,7 +18,7 @@ import { RightPanelContext } from '../context'; import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import type { TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common'; -import { PreviewPanelKey } from '../../preview'; +import { DocumentDetailsPreviewPanelKey } from '../../preview'; const ruleUuid = { category: 'kibana', @@ -119,7 +119,7 @@ describe('', () => { getByTestId(RULE_SUMMARY_BUTTON_TEST_ID).click(); expect(flyoutContextValue.openPreviewPanel).toHaveBeenCalledWith({ - id: PreviewPanelKey, + id: DocumentDetailsPreviewPanelKey, path: { tab: 'rule-preview' }, params: { id: panelContext.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.tsx index 0003a5cd2c1230..5c65d9231eef08 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.tsx @@ -20,7 +20,11 @@ import { DESCRIPTION_TITLE_TEST_ID, RULE_SUMMARY_BUTTON_TEST_ID, } from './test_ids'; -import { PreviewPanelKey, type PreviewPanelProps, RulePreviewPanel } from '../../preview'; +import { + DocumentDetailsPreviewPanelKey, + type PreviewPanelProps, + RulePreviewPanel, +} from '../../preview'; /** * Displays the description of a document. @@ -35,7 +39,7 @@ export const Description: FC = () => { const openRulePreview = useCallback(() => { const PreviewPanelRulePreview: PreviewPanelProps['path'] = { tab: RulePreviewPanel }; openPreviewPanel({ - id: PreviewPanelKey, + id: DocumentDetailsPreviewPanelKey, path: PreviewPanelRulePreview, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx index 94345531560635..e52728b880d7b0 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx @@ -15,7 +15,7 @@ import { useRightPanelContext } from '../context'; import { getField } from '../../shared/utils'; import { HostEntityOverview } from './host_entity_overview'; import { UserEntityOverview } from './user_entity_overview'; -import { LeftPanelKey, LeftPanelInsightsTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelInsightsTab } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; /** @@ -29,7 +29,7 @@ export const EntitiesOverview: React.FC = () => { const goToEntitiesTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_title.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_title.tsx index 1573f5ef33bcff..ac52136e3afae1 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_title.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_title.tsx @@ -56,7 +56,7 @@ export const HeaderTitle: FC = memo(() => { const eventTitle = ( -

+

{ {timestamp && } - {isAlert && !isEmpty(ruleName) ? ruleTitle : eventTitle} +
+ {isAlert && !isEmpty(ruleName) ? ruleTitle : eventTitle} +
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx index 6f4711651ffc24..c56fef68a8bfa4 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx @@ -15,7 +15,7 @@ import { import { HighlightedFieldsCell } from './highlighted_fields_cell'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import { RightPanelContext } from '../context'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { TestProviders } from '../../../../common/mock'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; import { useGetEndpointDetails } from '../../../../management/hooks'; @@ -64,7 +64,7 @@ describe('', () => { getByTestId(HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx index 60c561116c38af..6d7c5652eadead 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx @@ -16,7 +16,7 @@ import { HOST_NAME_FIELD_NAME, USER_NAME_FIELD_NAME, } from '../../../../timelines/components/timeline/body/renderers/constants'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; import { HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID, @@ -42,7 +42,7 @@ const LinkFieldCell: VFC = ({ value }) => { const goToInsightsEntities = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx index 25c25b87aa38d4..31a86495d05619 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx @@ -22,7 +22,7 @@ import { RightPanelContext } from '../context'; import { mockContextValue } from '../mocks/mock_context'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; const hostName = 'host'; @@ -160,7 +160,7 @@ describe('', () => { getByTestId(ENTITIES_HOST_OVERVIEW_LINK_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx index 58d9bf9d8a4188..a1d42871a42e4f 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx @@ -49,7 +49,7 @@ import { ENTITIES_HOST_OVERVIEW_LINK_TEST_ID, ENTITIES_HOST_OVERVIEW_LOADING_TEST_ID, } from './test_ids'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { RiskScoreDocTooltip } from '../../../../overview/components/common'; const HOST_ICON = 'storage'; @@ -70,7 +70,7 @@ export const HostEntityOverview: React.FC = ({ hostName const { openLeftPanel } = useExpandableFlyoutContext(); const goToEntitiesTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx index 1dd3af16ff4159..f774fe67e179ba 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx @@ -19,7 +19,7 @@ import { mockContextValue } from '../mocks/mock_context'; import { mockFlyoutContextValue } from '../../shared/mocks/mock_flyout_context'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide'; -import { LeftPanelInvestigationTab, LeftPanelKey } from '../../left'; +import { LeftPanelInvestigationTab, DocumentDetailsLeftPanelKey } from '../../left'; jest.mock('../../shared/hooks/use_investigation_guide'); @@ -109,7 +109,7 @@ describe('', () => { getByTestId(INVESTIGATION_GUIDE_BUTTON_TEST_ID).click(); expect(mockFlyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInvestigationTab, }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx index d00310b360c261..04c73baad9d787 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx @@ -11,7 +11,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide'; import { useRightPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelInvestigationTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelInvestigationTab } from '../../left'; import { INVESTIGATION_GUIDE_BUTTON_TEST_ID, INVESTIGATION_GUIDE_LOADING_TEST_ID, @@ -32,7 +32,7 @@ export const InvestigationGuide: React.FC = () => { const goToInvestigationsTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInvestigationTab, }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx index 79fcf89977291b..fe711387dbf174 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx @@ -10,7 +10,7 @@ import { render } from '@testing-library/react'; import { TestProviders } from '../../../../common/mock'; import { RightPanelContext } from '../context'; import { PREVALENCE_TEST_ID } from './test_ids'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import React from 'react'; import { PrevalenceOverview } from './prevalence_overview'; import { PREVALENCE_TAB_ID } from '../../left/components/prevalence_details'; @@ -167,7 +167,7 @@ describe('', () => { getByTestId(TITLE_LINK_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: PREVALENCE_TAB_ID }, params: { id: 'eventId', diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx index 674b9d662f4609..c7249f66065df9 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx @@ -14,7 +14,7 @@ import { ExpandablePanel } from '../../../shared/components/expandable_panel'; import { usePrevalence } from '../../shared/hooks/use_prevalence'; import { PREVALENCE_TEST_ID } from './test_ids'; import { useRightPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelInsightsTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelInsightsTab } from '../../left'; import { PREVALENCE_TAB_ID } from '../../left/components/prevalence_details'; import { InsightsSummaryRow } from './insights_summary_row'; @@ -33,7 +33,7 @@ export const PrevalenceOverview: FC = () => { const goPrevalenceTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: PREVALENCE_TAB_ID, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx index f407c33a1e2106..65a241a00e6bbf 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx @@ -14,7 +14,7 @@ import { RightPanelContext } from '../context'; import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; -import { PreviewPanelKey } from '../../preview'; +import { DocumentDetailsPreviewPanelKey } from '../../preview'; const flyoutContextValue = { openPreviewPanel: jest.fn(), @@ -82,7 +82,7 @@ describe('', () => { getByTestId(REASON_DETAILS_PREVIEW_BUTTON_TEST_ID).click(); expect(flyoutContextValue.openPreviewPanel).toHaveBeenCalledWith({ - id: PreviewPanelKey, + id: DocumentDetailsPreviewPanelKey, path: { tab: 'alert-reason-preview' }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx index 37629cd0678ca8..392e7532137146 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx @@ -13,7 +13,7 @@ import { ALERT_REASON } from '@kbn/rule-data-utils'; import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; import { getField } from '../../shared/utils'; -import { AlertReasonPreviewPanel, PreviewPanelKey } from '../../preview'; +import { AlertReasonPreviewPanel, DocumentDetailsPreviewPanelKey } from '../../preview'; import { REASON_DETAILS_PREVIEW_BUTTON_TEST_ID, REASON_DETAILS_TEST_ID, @@ -34,7 +34,7 @@ export const Reason: FC = () => { const { openPreviewPanel } = useExpandableFlyoutContext(); const openRulePreview = useCallback(() => { openPreviewPanel({ - id: PreviewPanelKey, + id: DocumentDetailsPreviewPanelKey, path: { tab: AlertReasonPreviewPanel }, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx index 0d1b6fac8df4be..c114530f4b6640 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx @@ -9,7 +9,7 @@ import { EuiButton } from '@elastic/eui'; import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; import { FormattedMessage } from '@kbn/i18n-react'; import { useRightPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelResponseTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelResponseTab } from '../../left'; import { RESPONSE_BUTTON_TEST_ID } from './test_ids'; /** @@ -21,7 +21,7 @@ export const ResponseButton: React.FC = () => { const goToResponseTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelResponseTab }, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts index 28d76c040ebbbf..0cbde8fa94e1a6 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts @@ -97,8 +97,6 @@ export const ENTITIES_HOST_OVERVIEW_LAST_SEEN_TEST_ID = `${ENTITIES_HOST_OVERVIEW_TEST_ID}LastSeen` as const; export const ENTITIES_HOST_OVERVIEW_RISK_LEVEL_TEST_ID = `${ENTITIES_HOST_OVERVIEW_TEST_ID}RiskLevel` as const; -export const TECHNICAL_PREVIEW_ICON_TEST_ID = - `${INSIGHTS_ENTITIES_TEST_ID}TechnicalPreviewIcon` as const; /* Threat intelligence */ diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx index 1b8a646f1d356f..f5ae35db72f16d 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx @@ -11,7 +11,7 @@ import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import { RightPanelContext } from '../context'; import { TestProviders } from '../../../../common/mock'; import { ThreatIntelligenceOverview } from './threat_intelligence_overview'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { useFetchThreatIntelligence } from '../hooks/use_fetch_threat_intelligence'; import { THREAT_INTELLIGENCE_TAB_ID } from '../../left/components/threat_intelligence_details'; import { INSIGHTS_THREAT_INTELLIGENCE_TEST_ID } from './test_ids'; @@ -161,7 +161,7 @@ describe('', () => { getByTestId(TITLE_LINK_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: THREAT_INTELLIGENCE_TAB_ID }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx index ebaea597219ac6..d57fb1d6c0aab9 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx @@ -15,7 +15,7 @@ import { useFetchThreatIntelligence } from '../hooks/use_fetch_threat_intelligen import { InsightsSummaryRow } from './insights_summary_row'; import { useRightPanelContext } from '../context'; import { INSIGHTS_THREAT_INTELLIGENCE_TEST_ID } from './test_ids'; -import { LeftPanelKey, LeftPanelInsightsTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelInsightsTab } from '../../left'; import { THREAT_INTELLIGENCE_TAB_ID } from '../../left/components/threat_intelligence_details'; /** @@ -29,7 +29,7 @@ export const ThreatIntelligenceOverview: FC = () => { const goToThreatIntelligenceTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: THREAT_INTELLIGENCE_TAB_ID, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx index 37b4666611efed..155f2c127fc3c4 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx @@ -22,7 +22,7 @@ import { mockContextValue } from '../mocks/mock_context'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import { RightPanelContext } from '../context'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; const userName = 'user'; @@ -169,7 +169,7 @@ describe('', () => { getByTestId(ENTITIES_USER_OVERVIEW_LINK_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx index 81b1b75df57e9f..313719ec1c0bac 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx @@ -19,7 +19,7 @@ import { css } from '@emotion/css'; import { getOr } from 'lodash/fp'; import { i18n } from '@kbn/i18n'; import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; import { useRightPanelContext } from '../context'; import type { DescriptionList } from '../../../../../common/utility_types'; @@ -70,7 +70,7 @@ export const UserEntityOverview: React.FC = ({ userName const { openLeftPanel } = useExpandableFlyoutContext(); const goToEntitiesTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx index 35470f21f8085f..39abe1f818a967 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx @@ -20,7 +20,7 @@ import { tabs } from './tabs'; import { PanelFooter } from './footer'; export type RightPanelPaths = 'overview' | 'table' | 'json'; -export const RightPanelKey: RightPanelProps['key'] = 'document-details-right'; +export const DocumentDetailsRightPanelKey: RightPanelProps['key'] = 'document-details-right'; export interface RightPanelProps extends FlyoutPanelProps { key: 'document-details-right'; @@ -51,7 +51,7 @@ export const RightPanel: FC> = memo(({ path }) => { const setSelectedTabId = (tabId: RightPanelTabsType[number]['id']) => { openRightPanel({ - id: RightPanelKey, + id: DocumentDetailsRightPanelKey, path: { tab: tabId, }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx index 12e36ea29e5a09..d78784f1649854 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx @@ -10,7 +10,7 @@ import React, { memo, useCallback } from 'react'; import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; import { HeaderActions } from './components/header_actions'; import { FlyoutNavigation } from '../../shared/components/flyout_navigation'; -import { LeftPanelKey } from '../left'; +import { DocumentDetailsLeftPanelKey } from '../left'; import { useRightPanelContext } from './context'; interface PanelNavigationProps { @@ -26,7 +26,7 @@ export const PanelNavigation: FC = memo(({ flyoutIsExpanda const expandDetails = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, params: { id: eventId, indexName, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/url/expandable_flyout_state_from_event_meta.ts b/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/url/expandable_flyout_state_from_event_meta.ts index 95e5c509f96d6b..e25824ed8b68a1 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/url/expandable_flyout_state_from_event_meta.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/url/expandable_flyout_state_from_event_meta.ts @@ -6,7 +6,7 @@ */ import type { ExpandableFlyoutContext } from '@kbn/expandable-flyout'; -import { RightPanelKey } from '../../../right'; +import { DocumentDetailsRightPanelKey } from '../../../right'; interface RedirectParams { index: string; @@ -26,7 +26,7 @@ export const expandableFlyoutStateFromEventMeta = ({ }: RedirectParams): ExpandableFlyoutContext['panels'] => { return { right: { - id: RightPanelKey, + id: DocumentDetailsRightPanelKey, params: { id: eventId, indexName: index, diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.test.tsx new file mode 100644 index 00000000000000..9df74c2d608460 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.test.tsx @@ -0,0 +1,36 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { fireEvent, render } from '@testing-library/react'; +import React from 'react'; +import { TestProviders } from '../../../../common/mock'; +import { ActionColumn } from './action_column'; +import { alertDataMock } from '../mocks'; + +describe('ActionColumn', () => { + it('renders', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-inputs-actions')).toBeInTheDocument(); + }); + + it('toggles the popover when button is clicked', () => { + const { getByRole } = render( + + + + ); + + fireEvent.click(getByRole('button')); + + expect(getByRole('dialog')).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.tsx new file mode 100644 index 00000000000000..35b25d69fffce0 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.tsx @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiButtonIcon, EuiContextMenu, EuiPopover } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import React, { useCallback, useMemo, useState } from 'react'; +import type { AlertRawData } from '../content'; +import { useRiskInputActionsPanels } from '../hooks/use_risk_input_actions_panels'; + +interface ActionColumnProps { + alert: AlertRawData; +} + +export const ActionColumn: React.FC = ({ alert }) => { + const [isPopoverOpen, setIsPopoverOpen] = useState(false); + const closePopover = useCallback(() => setIsPopoverOpen(false), []); + const togglePopover = useCallback(() => setIsPopoverOpen((isOpen) => !isOpen), []); + const alerts = useMemo(() => [alert], [alert]); + const panels = useRiskInputActionsPanels(alerts, closePopover); + + return ( + + } + isOpen={isPopoverOpen} + closePopover={closePopover} + panelPaddingSize="none" + anchorPosition="downLeft" + > + + + ); +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.test.tsx new file mode 100644 index 00000000000000..aeb244e537bda2 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.test.tsx @@ -0,0 +1,116 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { fireEvent, render } from '@testing-library/react'; +import React from 'react'; +import { TestProviders } from '../../../../common/mock'; +import { alertDataMock } from '../mocks'; +import { RiskInputsUtilityBar } from './utility_bar'; + +describe('RiskInputsPanel', () => { + it('renders', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-input-utility-bar')).toBeInTheDocument(); + }); + + it('renders current page message when totalItemCount is 1', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-input-utility-bar')).toHaveTextContent('Showing 1 Risk input'); + }); + + it('renders current page message when totalItemCount is 20', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-input-utility-bar')).toHaveTextContent( + 'Showing 1-10 of 20 Risk input' + ); + }); + + it('renders current page message when totalItemCount is 20 and on the second page', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-input-utility-bar')).toHaveTextContent( + 'Showing 11-20 of 20 Risk inputs' + ); + }); + + it('renders selected risk input message', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-input-utility-bar')).toHaveTextContent('3 selected risk input'); + }); + + it('toggles the popover when button is clicked', () => { + const { getByRole } = render( + + + + ); + + fireEvent.click(getByRole('button')); + + expect(getByRole('dialog')).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.tsx new file mode 100644 index 00000000000000..40e3497a049454 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.tsx @@ -0,0 +1,127 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FunctionComponent } from 'react'; +import React, { useCallback, useState } from 'react'; +import type { Pagination } from '@elastic/eui'; +import { + EuiButtonEmpty, + EuiContextMenu, + EuiFlexGroup, + EuiFlexItem, + EuiPopover, + EuiText, + useEuiTheme, +} from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { css } from '@emotion/react'; +import { useRiskInputActionsPanels } from '../hooks/use_risk_input_actions_panels'; +import type { AlertRawData } from '../content'; + +interface Props { + selectedAlerts: AlertRawData[]; + pagination: Pagination; +} + +export const RiskInputsUtilityBar: FunctionComponent = React.memo( + ({ selectedAlerts, pagination }) => { + const { euiTheme } = useEuiTheme(); + const [isPopoverOpen, setIsPopoverOpen] = useState(false); + const togglePopover = useCallback(() => setIsPopoverOpen(!isPopoverOpen), [isPopoverOpen]); + const closePopover = useCallback(() => setIsPopoverOpen(false), []); + const panels = useRiskInputActionsPanels(selectedAlerts, closePopover); + const displayedCurrentPage = pagination.pageIndex + 1; + const pageSize = pagination.pageSize ?? 10; + const fromItem: number = pagination.pageIndex * pageSize + 1; + const toItem: number = Math.min(pagination.totalItemCount, pageSize * displayedCurrentPage); + + return ( + <> + + + + {pagination.totalItemCount <= 1 ? ( + + + + ), + }} + /> + ) : ( + {`${fromItem}-${toItem}`}, + totalInputs: pagination.totalItemCount, + riskInputs: ( + + + + ), + }} + /> + )} + + + + {selectedAlerts.length > 0 && ( + + + + } + > + + + )} + + + + ); + } +); + +RiskInputsUtilityBar.displayName = 'RiskInputsUtilityBar'; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.test.tsx new file mode 100644 index 00000000000000..93396e7dea03a5 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.test.tsx @@ -0,0 +1,74 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SimpleRiskInput } from '../../../../common/risk_engine'; +import { RiskCategories } from '../../../../common/risk_engine'; +import { fireEvent, render } from '@testing-library/react'; +import React from 'react'; +import { RiskInputsPanel } from '.'; +import { TestProviders } from '../../../common/mock'; +import { times } from 'lodash/fp'; +import { alertDataMock } from './mocks'; + +const mockUseAlertsByIds = jest.fn().mockReturnValue({ loading: false, data: [] }); + +jest.mock('../../../common/containers/alerts/use_alerts_by_ids', () => ({ + useAlertsByIds: () => mockUseAlertsByIds(), +})); + +const TEST_RISK_INPUT: SimpleRiskInput = { + id: '123', + index: '_test_index', + category: RiskCategories.category_1, + description: 'test description', + risk_score: 70, + timestamp: '2023-05-15T16:12:14.967Z', +}; + +describe('RiskInputsPanel', () => { + it('renders', () => { + mockUseAlertsByIds.mockReturnValue({ + loading: false, + error: false, + data: [alertDataMock], + }); + + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-inputs-panel')).toBeInTheDocument(); + expect(getByTestId('risk-input-table-description-cell')).toHaveTextContent( + 'Risk inputRule Name' + ); + }); + + it('paginates', () => { + const riskInputs = times((index) => ({ ...TEST_RISK_INPUT, id: index.toString() }), 11); + const alerts = times((index) => ({ ...alertDataMock, _id: index.toString() }), 11); + + mockUseAlertsByIds.mockReturnValue({ + loading: false, + error: false, + data: alerts, + }); + + const { getAllByTestId, getByLabelText } = render( + + + + ); + + expect(getAllByTestId('risk-input-table-description-cell')).toHaveLength(10); + + fireEvent.click(getByLabelText('Next page')); + + expect(getAllByTestId('risk-input-table-description-cell')).toHaveLength(1); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.tsx new file mode 100644 index 00000000000000..544dca9df62a89 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.tsx @@ -0,0 +1,158 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { EuiBasicTableColumn, Pagination } from '@elastic/eui'; +import { useEuiBackgroundColor, EuiSpacer, EuiInMemoryTable, EuiTitle } from '@elastic/eui'; +import React, { useCallback, useMemo, useState } from 'react'; +import { css } from '@emotion/react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { get } from 'lodash/fp'; +import { ALERT_RULE_NAME } from '@kbn/rule-data-utils'; +import type { RiskInputs } from '../../../../common/risk_engine'; +import { ActionColumn } from './components/action_column'; +import { PreferenceFormattedDate } from '../../../common/components/formatted_date'; +import { RiskInputsUtilityBar } from './components/utility_bar'; +import { useAlertsByIds } from '../../../common/containers/alerts/use_alerts_by_ids'; +import { FlyoutBody } from '../../shared/components/flyout_body'; + +export interface RiskInputsPanelContentProps extends Record { + riskInputs: RiskInputs; +} + +export interface AlertRawData { + fields: Record; + _index: string; + _id: string; +} + +export const RiskInputsPanelContent = ({ riskInputs }: RiskInputsPanelContentProps) => { + const [selectedItems, setSelectedItems] = useState([]); + const alertIds = useMemo(() => riskInputs.map(({ id }) => id), [riskInputs]); + const { loading, data: alertsData } = useAlertsByIds({ alertIds }); + + const euiTableSelectionProps = useMemo( + () => ({ + onSelectionChange: (selected: AlertRawData[]) => { + setSelectedItems(selected); + }, + initialSelected: [], + selectable: () => true, + }), + [] + ); + + const columns: Array> = useMemo( + () => [ + { + name: ( + + ), + width: '80px', + render: (alert: AlertRawData) => { + return ; + }, + }, + { + field: 'fields.@timestamp', + name: ( + + ), + truncateText: false, + mobileOptions: { show: true }, + sortable: true, + width: '30%', + render: (timestamp: string) => , + }, + { + field: 'fields', + 'data-test-subj': 'risk-input-table-description-cell', + name: ( + + ), + truncateText: true, + mobileOptions: { show: true }, + sortable: true, + render: (fields: AlertRawData['fields']) => get(ALERT_RULE_NAME, fields), + }, + ], + [] + ); + + const [currentPage, setCurrentPage] = useState<{ + index: number; + size: number; + }>({ index: 0, size: 10 }); + + const onTableChange = useCallback(({ page }) => { + setCurrentPage(page); + }, []); + + const pagination: Pagination = useMemo( + () => ({ + totalItemCount: riskInputs.length, + pageIndex: currentPage.index, + pageSize: currentPage.size, + }), + [currentPage.index, currentPage.size, riskInputs.length] + ); + + return ( + <> + + +

+ +

+ + + {/* Temporary label. It will be replaced by a filter */} + +

+ +

+ + + + + + + + ); +}; + +RiskInputsPanelContent.displayName = 'RiskInputsPanelContent'; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions.ts b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions.ts new file mode 100644 index 00000000000000..6a8643c7fd9f33 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions.ts @@ -0,0 +1,84 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { TableId } from '@kbn/securitysolution-data-table'; +import { useMemo } from 'react'; +import { get, noop } from 'lodash/fp'; +import { AttachmentType } from '@kbn/cases-plugin/common'; +import type { CaseAttachmentsWithoutOwner } from '@kbn/cases-plugin/public'; +import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils'; +import { useGlobalTime } from '../../../../common/containers/use_global_time'; +import { SourcererScopeName } from '../../../../common/store/sourcerer/model'; +import { useAddBulkToTimelineAction } from '../../../../detections/components/alerts_table/timeline_actions/use_add_bulk_to_timeline'; +import { useKibana } from '../../../../common/lib/kibana/kibana_react'; +import type { AlertRawData } from '../content'; + +/** + * The returned actions only support alerts risk inputs. + */ +export const useRiskInputActions = (alerts: AlertRawData[], closePopover: () => void) => { + const { from, to } = useGlobalTime(); + const timelineAction = useAddBulkToTimelineAction({ + localFilters: [], + from, + to, + scopeId: SourcererScopeName.detections, + tableId: TableId.riskInputs, + }); + + const { cases: casesService } = useKibana().services; + const createCaseFlyout = casesService?.hooks.useCasesAddToNewCaseFlyout({ onSuccess: noop }); + const selectCaseModal = casesService?.hooks.useCasesAddToExistingCaseModal(); + + const caseAttachments: CaseAttachmentsWithoutOwner = useMemo( + () => + alerts.map((alert: AlertRawData) => ({ + alertId: alert._id, + index: alert._index, + type: AttachmentType.alert, + rule: { + id: get(ALERT_RULE_UUID, alert.fields)[0], + name: get(ALERT_RULE_NAME, alert.fields)[0], + }, + })), + [alerts] + ); + + return useMemo( + () => ({ + addToExistingCase: () => { + closePopover(); + selectCaseModal.open({ getAttachments: () => caseAttachments }); + }, + addToNewCaseClick: () => { + closePopover(); + createCaseFlyout.open({ attachments: caseAttachments }); + }, + addToNewTimeline: () => { + closePopover(); + timelineAction.onClick( + alerts.map((alert: AlertRawData) => { + return { + _id: alert._id, + _index: alert._index, + data: [], + ecs: { + _id: alert._id, + _index: alert._index, + }, + }; + }), + false, + noop, + noop, + noop + ); + }, + }), + [alerts, caseAttachments, closePopover, createCaseFlyout, selectCaseModal, timelineAction] + ); +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.test.tsx new file mode 100644 index 00000000000000..49bad231f2767f --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.test.tsx @@ -0,0 +1,93 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { EuiContextMenuPanelDescriptor } from '@elastic/eui'; +import { EuiContextMenu } from '@elastic/eui'; +import { casesPluginMock } from '@kbn/cases-plugin/public/mocks'; +import { render } from '@testing-library/react'; +import { renderHook } from '@testing-library/react-hooks'; +import React from 'react'; +import { TestProviders } from '../../../../common/mock'; +import { alertDataMock } from '../mocks'; +import { useRiskInputActionsPanels } from './use_risk_input_actions_panels'; + +const casesServiceMock = casesPluginMock.createStartContract(); +const mockCanUseCases = jest.fn().mockReturnValue({ + create: true, + read: true, +}); + +const mockedCasesServices = { + ...casesServiceMock, + helpers: { + ...casesServiceMock.helpers, + canUseCases: mockCanUseCases, + }, +}; + +jest.mock('@kbn/kibana-react-plugin/public', () => { + const original = jest.requireActual('@kbn/kibana-react-plugin/public'); + return { + ...original, + useKibana: () => ({ + ...original.useKibana(), + services: { + ...original.useKibana().services, + cases: mockedCasesServices, + }, + }), + }; +}); + +const TestMenu = ({ panels }: { panels: EuiContextMenuPanelDescriptor[] }) => ( + +); + +const customRender = (alerts = [alertDataMock]) => { + const { result } = renderHook(() => useRiskInputActionsPanels(alerts, () => {}), { + wrapper: TestProviders, + }); + + return render( + + + + ); +}; + +describe('useRiskInputActionsPanels', () => { + it('displays the rule name when only one alert is selected', () => { + const { getByTestId } = customRender(); + + expect(getByTestId('contextMenuPanelTitle')).toHaveTextContent('Risk input: Rule Name'); + }); + + it('displays number of selected alerts when more than one alert is selected', () => { + const { getByTestId } = customRender([alertDataMock, alertDataMock]); + + expect(getByTestId('contextMenuPanelTitle')).toHaveTextContent('2 selected'); + }); + + it('displays cases actions when user has cases permissions', () => { + const { container } = customRender(); + + expect(container).toHaveTextContent('Add to existing case'); + expect(container).toHaveTextContent('Add to new case'); + }); + + it('does NOT display cases actions when user has NO cases permissions', () => { + mockCanUseCases.mockReturnValue({ + create: false, + read: false, + }); + + const { container } = customRender(); + + expect(container).not.toHaveTextContent('Add to existing case'); + expect(container).not.toHaveTextContent('Add to new case'); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.tsx new file mode 100644 index 00000000000000..176b2a13db72d6 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.tsx @@ -0,0 +1,100 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiTextTruncate } from '@elastic/eui'; +import React, { useMemo } from 'react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { useKibana } from '@kbn/kibana-react-plugin/public'; +import { SECURITY_SOLUTION_OWNER } from '@kbn/cases-plugin/common'; +import type { CasesService } from '@kbn/triggers-actions-ui-plugin/public/application/sections/alerts_table/types'; +import { i18n } from '@kbn/i18n'; +import { get } from 'lodash/fp'; +import { ALERT_RULE_NAME } from '@kbn/rule-data-utils'; +import { useRiskInputActions } from './use_risk_input_actions'; +import type { AlertRawData } from '../content'; + +export const useRiskInputActionsPanels = (alerts: AlertRawData[], closePopover: () => void) => { + const { cases: casesService } = useKibana<{ cases?: CasesService }>().services; + const { addToExistingCase, addToNewCaseClick, addToNewTimeline } = useRiskInputActions( + alerts, + closePopover + ); + const userCasesPermissions = casesService?.helpers.canUseCases([SECURITY_SOLUTION_OWNER]); + const hasCasesPermissions = userCasesPermissions?.create && userCasesPermissions?.read; + + return useMemo(() => { + const timelinePanel = { + name: ( + + ), + + onClick: addToNewTimeline, + }; + const ruleName = get(['fields', ALERT_RULE_NAME], alerts[0]) ?? ['']; + const title = i18n.translate( + 'xpack.securitySolution.flyout.entityDetails.riskInputs.actions.title', + { + defaultMessage: 'Risk input: {description}', + values: { + description: + alerts.length === 1 + ? ruleName[0] + : i18n.translate( + 'xpack.securitySolution.flyout.entityDetails.riskInputs.actions.titleDescription', + { + defaultMessage: '{quantity} selected', + values: { + quantity: alerts.length, + }, + } + ), + }, + } + ); + + return [ + { + title: ( + + ), + id: 0, + items: hasCasesPermissions + ? [ + timelinePanel, + { + name: ( + + ), + + onClick: addToNewCaseClick, + }, + + { + name: ( + + ), + + onClick: addToExistingCase, + }, + ] + : [timelinePanel], + }, + ]; + }, [addToExistingCase, addToNewCaseClick, addToNewTimeline, alerts, hasCasesPermissions]); +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/index.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/index.tsx new file mode 100644 index 00000000000000..386ec25bfeaf8e --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/index.tsx @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import type { FlyoutPanelProps } from '@kbn/expandable-flyout'; +import type { RiskInputs } from '../../../../common/risk_engine'; +import { RiskInputsPanelContent } from './content'; + +export interface RiskInputsPanelProps extends Record { + riskInputs: RiskInputs; +} + +export interface RiskInputsExpandableFlyoutProps extends FlyoutPanelProps { + key: 'all-risk-inputs'; + params: RiskInputsPanelProps; +} + +export const RiskInputsPanelKey: RiskInputsExpandableFlyoutProps['key'] = 'all-risk-inputs'; + +export const RiskInputsPanel = ({ riskInputs }: RiskInputsPanelProps) => { + return ; +}; + +RiskInputsPanel.displayName = 'RiskInputsPanel'; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/mocks/index.ts b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/mocks/index.ts new file mode 100644 index 00000000000000..9e6f5db17034cf --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/mocks/index.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils'; +import type { AlertRawData } from '../content'; + +export const alertDataMock: AlertRawData = { + _id: 'test-id', + _index: 'test-index', + fields: { + [ALERT_RULE_UUID]: ['2e051244-b3c6-4779-a241-e1b4f0beceb9'], + '@timestamp': ['2023-07-20T20:31:24.896Z'], + [ALERT_RULE_NAME]: ['Rule Name'], + }, +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.stories.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.stories.tsx new file mode 100644 index 00000000000000..e45869115c50f9 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.stories.tsx @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import type { Story } from '@storybook/react'; +import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; +import { StorybookProviders } from '../../../../common/mock/storybook_providers'; +import { mockRiskScoreState } from '../../../../timelines/components/side_panel/new_user_detail/__mocks__'; +import { RiskSummary } from './risk_summary'; + +export default { + component: RiskSummary, + title: 'Components/RiskSummary', +}; + +const flyoutContextValue = { + openLeftPanel: () => window.alert('openLeftPanel called'), + panels: {}, +} as unknown as ExpandableFlyoutContext; + +export const Default: Story = () => { + return ( + + +
+ +
+ + + ); +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.test.tsx new file mode 100644 index 00000000000000..774a7c8a8458e1 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.test.tsx @@ -0,0 +1,60 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render } from '@testing-library/react'; +import React from 'react'; +import { TestProviders } from '../../../../common/mock'; +import { mockRiskScoreState } from '../../user_right/mocks'; +import { RiskSummary } from './risk_summary'; + +jest.mock('../../../../common/components/visualization_actions/visualization_embeddable'); + +describe('RiskSummary', () => { + it('renders risk summary table', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-summary-table')).toBeInTheDocument(); + expect(getByTestId('risk-summary-table')).toHaveTextContent('Inputs1'); + expect(getByTestId('risk-summary-table')).toHaveTextContent('CategoryAlerts'); + }); + + it('renders risk summary table when riskScoreData is empty', () => { + const { getByTestId } = render( + + + + ); + expect(getByTestId('risk-summary-table')).toBeInTheDocument(); + }); + + it('renders visualization embeddable', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('visualization-embeddable')).toBeInTheDocument(); + }); + + it('renders updated at', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-summary-updatedAt')).toHaveTextContent('Updated Nov 8, 1989'); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.tsx new file mode 100644 index 00000000000000..763a6377a9d678 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.tsx @@ -0,0 +1,254 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { useCallback, useMemo } from 'react'; +import type { EuiBasicTableColumn } from '@elastic/eui'; +import { + useEuiTheme, + EuiAccordion, + EuiTitle, + EuiSpacer, + EuiBasicTable, + EuiFlexGroup, + EuiFlexItem, + useEuiFontSize, +} from '@elastic/eui'; +import { css } from '@emotion/react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { euiThemeVars } from '@kbn/ui-theme'; +import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; +import { i18n } from '@kbn/i18n'; +import { InspectButton, InspectButtonContainer } from '../../../../common/components/inspect'; +import { ONE_WEEK_IN_HOURS } from '../../../../timelines/components/side_panel/new_user_detail/constants'; +import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date'; +import { RiskScoreEntity } from '../../../../../common/risk_engine'; +import type { RiskScoreState } from '../../../../explore/containers/risk_score'; +import { VisualizationEmbeddable } from '../../../../common/components/visualization_actions/visualization_embeddable'; +import { getRiskScoreSummaryAttributes } from '../../../../common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary'; +import { ExpandablePanel } from '../../../shared/components/expandable_panel'; +import { RiskInputsPanelKey } from '../../risk_inputs_left'; + +export interface RiskSummaryProps { + riskScoreData: RiskScoreState; + queryId: string; +} + +interface TableItem { + category: string; + count: number; +} +const LENS_VISUALIZATION_HEIGHT = 126; // Static height in pixels specified by design +const LAST_30_DAYS = { from: 'now-30d', to: 'now' }; + +export const RiskSummary = React.memo(({ riskScoreData, queryId }: RiskSummaryProps) => { + const { data: userRisk } = riskScoreData; + const userRiskData = userRisk && userRisk.length > 0 ? userRisk[0] : undefined; + const { euiTheme } = useEuiTheme(); + + const { openLeftPanel } = useExpandableFlyoutContext(); + const openPanel = useCallback(() => { + openLeftPanel({ + id: RiskInputsPanelKey, + params: { + riskInputs: userRiskData?.user.risk.inputs, + }, + }); + }, [openLeftPanel, userRiskData?.user.risk.inputs]); + + const lensAttributes = useMemo(() => { + return getRiskScoreSummaryAttributes({ + severity: userRiskData?.user?.risk?.calculated_level, + query: `user.name: ${userRiskData?.user?.name}`, + spaceId: 'default', + riskEntity: RiskScoreEntity.user, + }); + }, [userRiskData]); + + const columns: Array> = useMemo( + () => [ + { + field: 'category', + name: ( + + ), + truncateText: false, + mobileOptions: { show: true }, + sortable: true, + }, + { + field: 'count', + name: ( + + ), + truncateText: false, + mobileOptions: { show: true }, + sortable: true, + dataType: 'number', + }, + ], + [] + ); + + const xsFontSize = useEuiFontSize('xxs').fontSize; + + const items: TableItem[] = useMemo( + () => [ + { + category: i18n.translate('xpack.securitySolution.flyout.entityDetails.alertsGroupLabel', { + defaultMessage: 'Alerts', + }), + count: userRiskData?.user.risk.inputs?.length ?? 0, + }, + ], + [userRiskData?.user.risk.inputs?.length] + ); + + return ( + +

+ +

+ + } + extraAction={ + + {userRiskData && ( + + ), + }} + /> + )} + + } + > + + + + ), + link: { + callback: openPanel, + tooltip: ( + + ), + }, + iconType: 'arrowStart', + }} + expand={{ + expandable: false, + }} + > + + +
+ {userRiskData && ( + + } + /> + )} +
+ + + +
+
+ + } + /> +
+ +
+ + + + + + + ); +}); +RiskSummary.displayName = 'RiskSummary'; diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.stories.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/content.stories.tsx similarity index 79% rename from x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.stories.tsx rename to x-pack/plugins/security_solution/public/flyout/entity_details/user_right/content.stories.tsx index 1f82d21c653213..746aa8b25e0f1f 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.stories.tsx +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/content.stories.tsx @@ -7,22 +7,33 @@ import React from 'react'; import { storiesOf } from '@storybook/react'; -import { EuiFlyout, EuiFlyoutBody } from '@elastic/eui'; -import { UserDetailsContentComponent } from './user_details_content'; -import { StorybookProviders } from '../../../../common/mock/storybook_providers'; -import { mockManagedUser, mockObservedUser, mockRiskScoreState } from './__mocks__'; +import { EuiFlyout } from '@elastic/eui'; +import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; +import { StorybookProviders } from '../../../common/mock/storybook_providers'; +import { + mockManagedUser, + mockObservedUser, + mockRiskScoreState, +} from '../../../timelines/components/side_panel/new_user_detail/__mocks__'; +import { UserPanelContent } from './content'; -storiesOf('UserDetailsContent', module) +const flyoutContextValue = { + openLeftPanel: () => window.alert('openLeftPanel called'), + panels: {}, +} as unknown as ExpandableFlyoutContext; + +storiesOf('Components/UserPanelContent', module) .addDecorator((storyFn) => ( - {}}> - {storyFn()} - + + {}}> + {storyFn()} + + )) .add('default', () => ( - )) .add('integration disabled', () => ( - )) .add('no managed data', () => ( - )) .add('no observed data', () => ( - )) .add('loading', () => ( - ; + contextID: string; + scopeId: string; + isDraggable: boolean; +} + +export const UserPanelContent = ({ + observedUser, + managedUser, + riskScoreState, + contextID, + scopeId, + isDraggable, +}: UserPanelContentProps) => { + return ( + + {riskScoreState.isModuleEnabled && riskScoreState.data?.length !== 0 && ( + <> + + + + )} + + + + + ); +}; diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.test.tsx similarity index 67% rename from x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.test.tsx rename to x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.test.tsx index 2d984cc926e4ff..e4e4186919b6d8 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.test.tsx @@ -7,36 +7,37 @@ import { render } from '@testing-library/react'; import React from 'react'; -import { TestProviders } from '../../../../common/mock'; -import { mockManagedUser, mockObservedUser, mockRiskScoreState } from './__mocks__'; -import { UserDetailsContentComponent } from './user_details_content'; +import { TestProviders } from '../../../common/mock'; +import { + mockManagedUser, + mockObservedUser, +} from '../../../timelines/components/side_panel/new_user_detail/__mocks__'; +import { UserPanelHeader } from './header'; const mockProps = { userName: 'test', managedUser: mockManagedUser, observedUser: mockObservedUser, - riskScoreState: mockRiskScoreState, - contextID: 'test-user-details', - scopeId: 'test-scope-id', - isDraggable: false, }; -describe('UserDetailsContentComponent', () => { +jest.mock('../../../common/components/visualization_actions/visualization_embeddable'); + +describe('UserDetailsContent', () => { it('renders', () => { const { getByTestId } = render( - + ); - expect(getByTestId('user-details-content-header')).toBeInTheDocument(); + expect(getByTestId('user-panel-header')).toBeInTheDocument(); }); it('renders observed user date when it is bigger than managed user date', () => { const futureDay = '2989-03-07T20:00:00.000Z'; const { getByTestId } = render( - { ); - expect(getByTestId('user-details-content-lastSeen').textContent).toContain('Mar 7, 2989'); + expect(getByTestId('user-panel-header-lastSeen').textContent).toContain('Mar 7, 2989'); }); it('renders managed user date when it is bigger than observed user date', () => { const futureDay = '2989-03-07T20:00:00.000Z'; const { getByTestId } = render( - { ); - expect(getByTestId('user-details-content-lastSeen').textContent).toContain('Mar 7, 2989'); + expect(getByTestId('user-panel-header-lastSeen').textContent).toContain('Mar 7, 2989'); }); it('renders observed and managed badges when lastSeen is defined', () => { const { getByTestId } = render( - + ); - expect(getByTestId('user-details-content-observed-badge')).toBeInTheDocument(); - expect(getByTestId('user-details-content-managed-badge')).toBeInTheDocument(); + expect(getByTestId('user-panel-header-observed-badge')).toBeInTheDocument(); + expect(getByTestId('user-panel-header-managed-badge')).toBeInTheDocument(); }); it('does not render observed badge when lastSeen date is undefined', () => { const { queryByTestId } = render( - { ); - expect(queryByTestId('user-details-content-observed-badge')).not.toBeInTheDocument(); + expect(queryByTestId('user-panel-header-observed-badge')).not.toBeInTheDocument(); }); it('does not render managed badge when lastSeen date is undefined', () => { const { queryByTestId } = render( - { ); - expect(queryByTestId('user-details-content-managed-badge')).not.toBeInTheDocument(); + expect(queryByTestId('user-panel-header-managed-badge')).not.toBeInTheDocument(); }); }); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.tsx new file mode 100644 index 00000000000000..12acfd0d2815d5 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.tsx @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiSpacer, EuiBadge, EuiText, EuiFlexItem, EuiFlexGroup } from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; +import React, { useMemo } from 'react'; +import { max } from 'lodash/fp'; +import { SecurityPageName } from '@kbn/security-solution-navigation'; +import { getUsersDetailsUrl } from '../../../common/components/link_to/redirect_to_users'; +import type { + ManagedUserData, + ObservedUserData, +} from '../../../timelines/components/side_panel/new_user_detail/types'; + +import { SecuritySolutionLinkAnchor } from '../../../common/components/links'; +import { PreferenceFormattedDate } from '../../../common/components/formatted_date'; +import { FlyoutHeader } from '../../shared/components/flyout_header'; +import { FlyoutTitle } from '../../shared/components/flyout_title'; + +interface UserPanelHeaderProps { + userName: string; + observedUser: ObservedUserData; + managedUser: ManagedUserData; +} + +export const UserPanelHeader = ({ userName, observedUser, managedUser }: UserPanelHeaderProps) => { + const lastSeenDate = useMemo( + () => + max([observedUser.lastSeen, managedUser.lastSeen].map((el) => el.date && new Date(el.date))), + [managedUser.lastSeen, observedUser.lastSeen] + ); + + return ( + + + + + {lastSeenDate && } + + + + + + + + + + + + {observedUser.lastSeen.date && ( + + + + )} + + + {managedUser.lastSeen.date && ( + + + + )} + + + + + + ); +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.test.tsx new file mode 100644 index 00000000000000..e06399305fe05d --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.test.tsx @@ -0,0 +1,112 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render } from '@testing-library/react'; +import React from 'react'; +import { TestProviders } from '../../../common/mock'; +import type { UserPanelProps } from '.'; +import { UserPanel } from '.'; +import { mockRiskScoreState } from './mocks'; + +import { + mockManagedUser, + mockObservedUser, +} from '../../../timelines/components/side_panel/new_user_detail/__mocks__'; + +const mockProps: UserPanelProps = { + userName: 'test', + contextID: 'test-user-panel', + scopeId: 'test-scope-id', + isDraggable: false, +}; + +jest.mock('../../../common/components/visualization_actions/visualization_embeddable'); + +const mockedUseRiskScore = jest.fn().mockReturnValue(mockRiskScoreState); +jest.mock('../../../explore/containers/risk_score', () => ({ + useRiskScore: () => mockedUseRiskScore(), +})); + +const mockedUseManagedUser = jest.fn().mockReturnValue(mockManagedUser); +const mockedUseObservedUser = jest.fn().mockReturnValue(mockObservedUser); + +jest.mock('../../../timelines/components/side_panel/new_user_detail/hooks', () => { + const originalModule = jest.requireActual( + '../../../timelines/components/side_panel/new_user_detail/hooks' + ); + return { + ...originalModule, + useManagedUser: () => mockedUseManagedUser(), + useObservedUser: () => mockedUseObservedUser(), + }; +}); + +describe('UserPanel', () => { + beforeEach(() => { + mockedUseRiskScore.mockReturnValue(mockRiskScoreState); + mockedUseManagedUser.mockReturnValue(mockManagedUser); + mockedUseObservedUser.mockReturnValue(mockObservedUser); + }); + + it('renders', () => { + const { getByTestId, queryByTestId } = render( + + + + ); + + expect(getByTestId('user-panel-header')).toBeInTheDocument(); + expect(queryByTestId('securitySolutionFlyoutLoading')).not.toBeInTheDocument(); + expect(getByTestId('securitySolutionFlyoutNavigationExpandDetailButton')).toBeInTheDocument(); + }); + + it('renders loading state when risk score is loading', () => { + mockedUseRiskScore.mockReturnValue({ + ...mockRiskScoreState, + data: undefined, + loading: true, + }); + + const { getByTestId } = render( + + + + ); + + expect(getByTestId('securitySolutionFlyoutLoading')).toBeInTheDocument(); + }); + + it('renders loading state when observed user is loading', () => { + mockedUseObservedUser.mockReturnValue({ + ...mockObservedUser, + isLoading: true, + }); + + const { getByTestId } = render( + + + + ); + + expect(getByTestId('securitySolutionFlyoutLoading')).toBeInTheDocument(); + }); + + it('renders loading state when managed user is loading', () => { + mockedUseManagedUser.mockReturnValue({ + ...mockManagedUser, + isLoading: true, + }); + + const { getByTestId } = render( + + + + ); + + expect(getByTestId('securitySolutionFlyoutLoading')).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx new file mode 100644 index 00000000000000..8f22560730bf0f --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx @@ -0,0 +1,135 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { useCallback, useMemo } from 'react'; +import type { FlyoutPanelProps } from '@kbn/expandable-flyout'; +import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; +import { useQueryInspector } from '../../../common/components/page/manage_query'; +import { UsersType } from '../../../explore/users/store/model'; +import { getCriteriaFromUsersType } from '../../../common/components/ml/criteria/get_criteria_from_users_type'; +import { useGlobalTime } from '../../../common/containers/use_global_time'; +import { + useManagedUser, + useObservedUser, +} from '../../../timelines/components/side_panel/new_user_detail/hooks'; +import { AnomalyTableProvider } from '../../../common/components/ml/anomaly/anomaly_table_provider'; +import { buildUserNamesFilter } from '../../../../common/search_strategy'; +import { useRiskScore } from '../../../explore/containers/risk_score'; +import { RiskScoreEntity } from '../../../../common/risk_engine'; +import { FlyoutLoading } from '../../shared/components/flyout_loading'; +import { RiskInputsPanelKey } from '../risk_inputs_left'; +import { FlyoutNavigation } from '../../shared/components/flyout_navigation'; +import { UserPanelContent } from './content'; +import { UserPanelHeader } from './header'; + +export interface UserPanelProps extends Record { + contextID: string; + scopeId: string; + userName: string; + isDraggable?: boolean; +} + +export interface UserPanelExpandableFlyoutProps extends FlyoutPanelProps { + key: 'user-panel'; + params: UserPanelProps; +} + +export const UserPanelKey: UserPanelExpandableFlyoutProps['key'] = 'user-panel'; +export const USER_PANEL_RISK_SCORE_QUERY_ID = 'userPanelRiskScoreQuery'; +const FIRST_RECORD_PAGINATION = { + cursorStart: 0, + querySize: 1, +}; + +export const UserPanel = ({ contextID, scopeId, userName, isDraggable }: UserPanelProps) => { + const userNameFilterQuery = useMemo( + () => (userName ? buildUserNamesFilter([userName]) : undefined), + [userName] + ); + + const riskScoreState = useRiskScore({ + riskEntity: RiskScoreEntity.user, + filterQuery: userNameFilterQuery, + onlyLatest: false, + pagination: FIRST_RECORD_PAGINATION, + }); + + const { inspect, refetch, loading } = riskScoreState; + const { to, from, isInitializing, setQuery, deleteQuery } = useGlobalTime(); + + const observedUser = useObservedUser(userName); + const managedUser = useManagedUser(userName); + + const { data: userRisk } = riskScoreState; + const userRiskData = userRisk && userRisk.length > 0 ? userRisk[0] : undefined; + + useQueryInspector({ + deleteQuery, + inspect, + loading, + queryId: USER_PANEL_RISK_SCORE_QUERY_ID, + refetch, + setQuery, + }); + + const { openLeftPanel } = useExpandableFlyoutContext(); + const openPanel = useCallback(() => { + openLeftPanel({ + id: RiskInputsPanelKey, + params: { + riskInputs: userRiskData?.user.risk.inputs, + }, + }); + }, [openLeftPanel, userRiskData?.user.risk.inputs]); + + if (riskScoreState.loading || observedUser.isLoading || managedUser.isLoading) { + return ; + } + + return ( + + {({ isLoadingAnomaliesData, anomaliesData, jobNameById }) => { + const observedUserWithAnomalies = { + ...observedUser, + anomalies: { + isLoading: isLoadingAnomaliesData, + anomalies: anomaliesData, + jobNameById, + }, + }; + return ( + <> + + + + + ); + }} + + ); +}; + +UserPanel.displayName = 'UserPanel'; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/mocks/index.ts b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/mocks/index.ts new file mode 100644 index 00000000000000..bfd1a9a8021990 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/mocks/index.ts @@ -0,0 +1,51 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { RiskScoreState } from '../../../../explore/containers/risk_score'; +import type { RiskScoreEntity, UserRiskScore } from '../../../../../common/search_strategy'; +import { RiskSeverity } from '../../../../../common/search_strategy'; +import { RiskCategories } from '../../../../../common/risk_engine'; + +const userRiskScore: UserRiskScore = { + '@timestamp': '626569200000', + user: { + name: 'test', + risk: { + rule_risks: [], + calculated_score_norm: 70, + multipliers: [], + calculated_level: RiskSeverity.high, + inputs: [ + { + id: '_id', + index: '_index', + category: RiskCategories.category_1, + description: 'Alert from Rule: My rule', + risk_score: 30, + timestamp: '2021-08-19T18:55:59.000Z', + }, + ], + }, + }, + alertsCount: 0, + oldestAlertTimestamp: '626569200000', +}; + +export const mockRiskScoreState: RiskScoreState = { + data: [userRiskScore], + inspect: { + dsl: [], + response: [], + }, + isInspected: false, + refetch: () => {}, + totalCount: 0, + isModuleEnabled: true, + isAuthorized: true, + isDeprecated: false, + loading: false, +}; diff --git a/x-pack/plugins/security_solution/public/flyout/index.tsx b/x-pack/plugins/security_solution/public/flyout/index.tsx index a29654659c74c5..1c8ac6c4cc2c90 100644 --- a/x-pack/plugins/security_solution/public/flyout/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/index.tsx @@ -12,21 +12,28 @@ import { ExpandableFlyoutProvider, } from '@kbn/expandable-flyout'; import type { IsolateHostPanelProps } from './document_details/isolate_host'; -import { IsolateHostPanel, IsolateHostPanelKey } from './document_details/isolate_host'; +import { + IsolateHostPanel, + DocumentDetailsIsolateHostPanelKey, +} from './document_details/isolate_host'; import { IsolateHostPanelProvider } from './document_details/isolate_host/context'; import type { RightPanelProps } from './document_details/right'; -import { RightPanel, RightPanelKey } from './document_details/right'; +import { RightPanel, DocumentDetailsRightPanelKey } from './document_details/right'; import { RightPanelProvider } from './document_details/right/context'; import type { LeftPanelProps } from './document_details/left'; -import { LeftPanel, LeftPanelKey } from './document_details/left'; +import { LeftPanel, DocumentDetailsLeftPanelKey } from './document_details/left'; import { LeftPanelProvider } from './document_details/left/context'; import { SecuritySolutionFlyoutUrlSyncProvider, useSecurityFlyoutUrlSync, } from './document_details/shared/context/url_sync'; import type { PreviewPanelProps } from './document_details/preview'; -import { PreviewPanel, PreviewPanelKey } from './document_details/preview'; +import { PreviewPanel, DocumentDetailsPreviewPanelKey } from './document_details/preview'; import { PreviewPanelProvider } from './document_details/preview/context'; +import type { UserPanelExpandableFlyoutProps } from './entity_details/user_right'; +import { UserPanel, UserPanelKey } from './entity_details/user_right'; +import type { RiskInputsExpandableFlyoutProps } from './entity_details/risk_inputs_left'; +import { RiskInputsPanel, RiskInputsPanelKey } from './entity_details/risk_inputs_left'; /** * List of all panels that will be used within the document details expandable flyout. @@ -34,7 +41,7 @@ import { PreviewPanelProvider } from './document_details/preview/context'; */ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels'] = [ { - key: RightPanelKey, + key: DocumentDetailsRightPanelKey, component: (props) => ( @@ -42,7 +49,7 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels'] ), }, { - key: LeftPanelKey, + key: DocumentDetailsLeftPanelKey, component: (props) => ( @@ -50,7 +57,7 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels'] ), }, { - key: PreviewPanelKey, + key: DocumentDetailsPreviewPanelKey, component: (props) => ( @@ -58,13 +65,23 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels'] ), }, { - key: IsolateHostPanelKey, + key: DocumentDetailsIsolateHostPanelKey, component: (props) => ( ), }, + { + key: UserPanelKey, + component: (props) => , + }, + { + key: RiskInputsPanelKey, + component: (props) => ( + + ), + }, ]; const OuterProviders: FC = ({ children }) => { diff --git a/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.test.tsx b/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.test.tsx index 8668f727201de6..1f2d0c128f4116 100644 --- a/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.test.tsx @@ -9,46 +9,40 @@ import React from 'react'; import { render } from '@testing-library/react'; import { FlyoutTitle } from './flyout_title'; import { - FLYOUT_TITLE_TEST_ID, TITLE_HEADER_ICON_TEST_ID, + TITLE_HEADER_TEXT_TEST_ID, TITLE_LINK_ICON_TEST_ID, } from './test_ids'; const title = 'test title'; +const TEST_ID = 'test'; describe('', () => { it('should render title and icon', () => { const { getByTestId, queryByTestId } = render( - + ); - expect(getByTestId(FLYOUT_TITLE_TEST_ID)).toHaveTextContent(title); - expect( - getByTestId(FLYOUT_TITLE_TEST_ID).querySelector('[data-euiicon-type="warning"]') - ).toBeInTheDocument(); - expect(queryByTestId(TITLE_LINK_ICON_TEST_ID)).not.toBeInTheDocument(); + expect(getByTestId(TITLE_HEADER_TEXT_TEST_ID(TEST_ID))).toHaveTextContent(title); + expect(getByTestId(TITLE_HEADER_ICON_TEST_ID(TEST_ID))).toBeInTheDocument(); + expect(queryByTestId(TITLE_LINK_ICON_TEST_ID(TEST_ID))).not.toBeInTheDocument(); }); it('should not render icon if iconType is not passed', () => { - const { getByTestId, queryByTestId } = render(); + const { getByTestId, queryByTestId } = render( + + ); - expect(getByTestId(FLYOUT_TITLE_TEST_ID)).toBeInTheDocument(); - expect(queryByTestId(TITLE_HEADER_ICON_TEST_ID)).not.toBeInTheDocument(); - expect(queryByTestId(TITLE_LINK_ICON_TEST_ID)).not.toBeInTheDocument(); + expect(getByTestId(TITLE_HEADER_TEXT_TEST_ID(TEST_ID))).toBeInTheDocument(); + expect(queryByTestId(TITLE_HEADER_ICON_TEST_ID(TEST_ID))).not.toBeInTheDocument(); + expect(queryByTestId(TITLE_LINK_ICON_TEST_ID(TEST_ID))).not.toBeInTheDocument(); }); it('should render popout icon if title is a link', () => { - const { getByTestId } = render(); - - expect(getByTestId(FLYOUT_TITLE_TEST_ID)).toHaveTextContent(title); - expect(getByTestId(TITLE_LINK_ICON_TEST_ID)).toBeInTheDocument(); - expect( - getByTestId(FLYOUT_TITLE_TEST_ID).querySelector('[data-euiicon-type="popout"]') - ).toBeInTheDocument(); - }); + const { getByTestId } = render(); - it('should render title with custom data test subject', () => { - const { getByTestId } = render(); - expect(getByTestId('test-title')).toHaveTextContent(title); + expect(getByTestId(TITLE_HEADER_TEXT_TEST_ID(TEST_ID))).toHaveTextContent(title); + expect(getByTestId(TITLE_LINK_ICON_TEST_ID(TEST_ID))).toBeInTheDocument(); + expect(getByTestId(TITLE_LINK_ICON_TEST_ID(TEST_ID))).toBeInTheDocument(); }); }); diff --git a/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.tsx b/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.tsx index d9e9d280d38cce..8c2c12ab80e947 100644 --- a/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.tsx +++ b/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.tsx @@ -18,11 +18,6 @@ import { EuiTextColor, } from '@elastic/eui'; import { css } from '@emotion/react'; -import { - FLYOUT_TITLE_TEST_ID, - TITLE_HEADER_ICON_TEST_ID, - TITLE_LINK_ICON_TEST_ID, -} from './test_ids'; export interface FlyoutTitleProps { /** @@ -48,7 +43,7 @@ export interface FlyoutTitleProps { * Title component with optional icon to indicate the type of document, can be used for text or a link */ export const FlyoutTitle: FC = memo( - ({ title, iconType, isLink = false, 'data-test-subj': dataTestSubj = FLYOUT_TITLE_TEST_ID }) => { + ({ title, iconType, isLink = false, 'data-test-subj': dataTestSubj }) => { const { euiTheme } = useEuiTheme(); const titleIcon = useMemo(() => { @@ -57,23 +52,23 @@ export const FlyoutTitle: FC = memo( type={iconType} size="m" className="eui-alignBaseline" - data-test-subj={TITLE_HEADER_ICON_TEST_ID} + data-test-subj={`${dataTestSubj}Icon`} css={css` margin-right: ${euiTheme.size.xs}; `} /> ) : null; - }, [iconType, euiTheme.size.xs]); + }, [dataTestSubj, iconType, euiTheme.size.xs]); const titleComponent = useMemo(() => { return ( - + {title} ); - }, [title, isLink, euiTheme.colors.primaryText]); + }, [dataTestSubj, title, isLink, euiTheme.colors.primaryText]); const linkIcon = useMemo(() => { return ( @@ -83,19 +78,14 @@ export const FlyoutTitle: FC = memo( css={css` margin-bottom: ${euiTheme.size.xs}; `} - data-test-subj={TITLE_LINK_ICON_TEST_ID} + data-test-subj={`${dataTestSubj}LinkIcon`} /> ); - }, [euiTheme.size.xs]); + }, [dataTestSubj, euiTheme.size.xs]); return ( - +
`${dataTestSubj}Icon`; +export const TITLE_HEADER_TEXT_TEST_ID = (dataTestSubj: string) => `${dataTestSubj}Text`; +export const TITLE_LINK_ICON_TEST_ID = (dataTestSubj: string) => `${dataTestSubj}LinkIcon`; diff --git a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/risk_score_donut_chart.tsx b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/risk_score_donut_chart.tsx index 2ee81c42949be6..2bb850e0c312c7 100644 --- a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/risk_score_donut_chart.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/risk_score_donut_chart.tsx @@ -8,11 +8,11 @@ import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import React from 'react'; import styled from 'styled-components'; +import { RISK_SEVERITY_COLOUR } from '../../../../entity_analytics/common/utils'; import type { SeverityCount } from '../../../../explore/components/risk_score/severity/types'; import { useRiskDonutChartData } from './use_risk_donut_chart_data'; import type { FillColor } from '../../../../common/components/charts/donutchart'; import { emptyDonutColor } from '../../../../common/components/charts/donutchart_empty'; -import { RISK_SEVERITY_COLOUR } from '../../../../explore/components/risk_score/severity/common'; import { DonutChart } from '../../../../common/components/charts/donutchart'; import { Legend } from '../../../../common/components/charts/legend'; import { ChartLabel } from '../../detection_response/alerts_by_status/chart_label'; diff --git a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/use_risk_donut_chart_data.ts b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/use_risk_donut_chart_data.ts index 6ba4ad7c03d1b0..4b31142aef3c92 100644 --- a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/use_risk_donut_chart_data.ts +++ b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/use_risk_donut_chart_data.ts @@ -6,10 +6,10 @@ */ import { sum } from 'lodash/fp'; import { useMemo } from 'react'; +import { RISK_SEVERITY_COLOUR } from '../../../../entity_analytics/common/utils'; import type { LegendItem } from '../../../../common/components/charts/legend_item'; import type { SeverityCount } from '../../../../explore/components/risk_score/severity/types'; import type { DonutChartProps } from '../../../../common/components/charts/donutchart'; -import { RISK_SEVERITY_COLOUR } from '../../../../explore/components/risk_score/severity/common'; import type { RiskSeverity } from '../../../../../common/search_strategy'; const legendField = 'kibana.alert.severity'; diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx index bf590a5d55cdf4..ad33fdfe1b73ed 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx @@ -23,7 +23,6 @@ import { EventDetailsPanel } from './event_details'; import { HostDetailsPanel } from './host_details'; import { NetworkDetailsPanel } from './network_details'; import { UserDetailsPanel } from './user_details'; -import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features'; interface DetailsPanelProps { browserFields: BrowserFields; @@ -53,7 +52,6 @@ export const DetailsPanel = React.memo( isReadOnly, }: DetailsPanelProps) => { const dispatch = useDispatch(); - const isNewUserDetailsFlyoutEnable = useIsExperimentalFeatureEnabled('newUserDetailsFlyout'); const getScope = useMemo(() => { if (isTimelineScope(scopeId)) { return timelineSelectors.getTimelineByIdSelector(); @@ -142,9 +140,6 @@ export const DetailsPanel = React.memo( if (currentTabDetail?.panelView === 'userDetail' && currentTabDetail?.params?.userName) { flyoutUniqueKey = currentTabDetail.params.userName; - if (isNewUserDetailsFlyoutEnable) { - panelSize = 'm'; - } visiblePanel = ( ); diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.test.tsx index 9e0e60caf80de8..a8e1744c0c04ec 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.test.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { fireEvent, render } from '@testing-library/react'; +import { render } from '@testing-library/react'; import React from 'react'; import { TestProviders } from '../../../../common/mock'; import { ManagedUser } from './managed_user'; @@ -29,19 +29,6 @@ describe('ManagedUser', () => { expect(getByTestId('managedUser-data')).toBeInTheDocument(); }); - it('updates the accordion button title when visibility toggles', () => { - const { getByTestId } = render( - - - - ); - const accordionButton = getByTestId('managedUser-accordion-button'); - - expect(accordionButton).toHaveTextContent('Show Azure AD data'); - fireEvent.click(accordionButton); - expect(accordionButton).toHaveTextContent('Hide Azure AD data'); - }); - it('renders the formatted date', () => { const { getByTestId } = render( diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx index a802b49e85cae6..5cb8f2138e3635 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx @@ -14,9 +14,10 @@ import { useEuiTheme, EuiEmptyPrompt, EuiCallOut, + useEuiFontSize, } from '@elastic/eui'; -import React, { useCallback, useMemo, useState } from 'react'; +import React, { useMemo } from 'react'; import { css } from '@emotion/react'; import { FormattedMessage } from '@kbn/i18n-react'; import * as i18n from './translations'; @@ -44,10 +45,6 @@ export const ManagedUser = ({ }) => { const { euiTheme } = useEuiTheme(); const managedItems = useManagedUserItems(managedUser.details); - const [isManagedDataToggleOpen, setManagedDataToggleOpen] = useState(false); - const onToggleManagedData = useCallback(() => { - setManagedDataToggleOpen((isOpen) => !isOpen); - }, [setManagedDataToggleOpen]); const managedUserTableColumns = useMemo( () => getManagedUserTableColumns(contextID, scopeId, isDraggable), [isDraggable, contextID, scopeId] @@ -59,40 +56,16 @@ export const ManagedUser = ({ [getAppUrl] ); - if (!managedUser.isLoading && !managedUser.isIntegrationEnabled) { - return ( - <> - -
{i18n.MANAGED_DATA_TITLE}
- - - - {i18n.NO_ACTIVE_INTEGRATION_TITLE}

} - body={

{i18n.NO_ACTIVE_INTEGRATION_TEXT}

} - actions={ - - {i18n.ADD_EXTERNAL_INTEGRATION_BUTTON} - - } - /> - - - ); - } + const xsFontSize = useEuiFontSize('xxs').fontSize; return ( <> - -
{i18n.MANAGED_DATA_TITLE}
- - +
{i18n.MANAGED_DATA_TITLE}
+ } - onToggle={onToggleManagedData} extraAction={ <> {managedUser.lastSeen.date && ( - - ), - }} - /> + + + ), + }} + /> + )} } @@ -138,16 +118,34 @@ export const ManagedUser = ({ } `} > - - {managedItems || managedUser.isLoading ? ( - + {!managedUser.isLoading && !managedUser.isIntegrationEnabled ? ( + + {i18n.NO_ACTIVE_INTEGRATION_TITLE}} + titleSize="s" + body={

{i18n.NO_ACTIVE_INTEGRATION_TEXT}

} + actions={ + + {i18n.ADD_EXTERNAL_INTEGRATION_BUTTON} + + } /> - ) : ( - <> + + ) : ( + <> + {managedItems || managedUser.isLoading ? ( + + ) : (

{i18n.NO_AZURE_DATA_TEXT}

 - - )} - + )} + + )} diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.test.tsx index f57eda9b1fb263..90934c533a2c46 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.test.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { fireEvent, render } from '@testing-library/react'; +import { render } from '@testing-library/react'; import React from 'react'; import { TestProviders } from '../../../../common/mock'; import { mockObservedUser } from './__mocks__'; @@ -29,19 +29,6 @@ describe('ObservedUser', () => { expect(getByTestId('observedUser-data')).toBeInTheDocument(); }); - it('updates the accordion button title when visibility toggles', () => { - const { getByTestId } = render( - - - - ); - const accordionButton = getByTestId('observedUser-accordion-button'); - - expect(accordionButton).toHaveTextContent('Show observed data'); - fireEvent.click(accordionButton); - expect(accordionButton).toHaveTextContent('Hide observed data'); - }); - it('renders the formatted date', () => { const { getByTestId } = render( diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.tsx index 01335997813a02..9a0891c24a925f 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.tsx @@ -5,9 +5,9 @@ * 2.0. */ -import { EuiAccordion, EuiSpacer, EuiTitle, useEuiTheme, EuiPanel } from '@elastic/eui'; +import { EuiAccordion, EuiSpacer, EuiTitle, useEuiTheme, useEuiFontSize } from '@elastic/eui'; -import React, { useCallback, useMemo, useState } from 'react'; +import React, { useMemo } from 'react'; import { css } from '@emotion/react'; import { FormattedMessage } from '@kbn/i18n-react'; import * as i18n from './translations'; @@ -33,27 +33,21 @@ export const ObservedUser = ({ }) => { const { euiTheme } = useEuiTheme(); const observedItems = useObservedUserItems(observedUser); - const [isObservedDataToggleOpen, setObservedDataToggleOpen] = useState(false); - const onToggleObservedData = useCallback(() => { - setObservedDataToggleOpen((isOpen) => !isOpen); - }, [setObservedDataToggleOpen]); + const observedUserTableColumns = useMemo( () => getObservedUserTableColumns(contextID, scopeId, isDraggable), [contextID, scopeId, isDraggable] ); + const xsFontSize = useEuiFontSize('xxs').fontSize; return ( <> - -
{i18n.OBSERVED_DATA_TITLE}
- - +

{i18n.OBSERVED_DATA_TITLE}

+ } - onToggle={onToggleObservedData} extraAction={ <> {observedUser.lastSeen.date && ( - - ), - }} - /> + + + ), + }} + /> + )} } @@ -101,19 +100,19 @@ export const ObservedUser = ({ } `} > - - - + + + diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/translations.ts index 01563fcb947813..4671cf815162dd 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/translations.ts @@ -46,20 +46,6 @@ export const OBSERVED_DATA_TITLE = i18n.translate( } ); -export const HIDE_OBSERVED_DATA_BUTTON = i18n.translate( - 'xpack.securitySolution.timeline.userDetails.hideObservedDataButton', - { - defaultMessage: 'Hide observed data', - } -); - -export const SHOW_OBSERVED_DATA_BUTTON = i18n.translate( - 'xpack.securitySolution.timeline.userDetails.showObservedDataButton', - { - defaultMessage: 'Show observed data', - } -); - export const HIDE_AZURE_DATA_BUTTON = i18n.translate( 'xpack.securitySolution.timeline.userDetails.hideManagedDataButton', { @@ -166,7 +152,7 @@ export const PHONE = i18n.translate('xpack.securitySolution.timeline.userDetails export const NO_ACTIVE_INTEGRATION_TITLE = i18n.translate( 'xpack.securitySolution.timeline.userDetails.noActiveIntegrationTitle', { - defaultMessage: 'You don’t have any active integrations', + defaultMessage: 'You don’t have any active asset repository integrations', } ); @@ -174,14 +160,14 @@ export const NO_ACTIVE_INTEGRATION_TEXT = i18n.translate( 'xpack.securitySolution.timeline.userDetails.noActiveIntegrationText', { defaultMessage: - 'External integrations can provide additional metadata and help you manage users.', + 'Additional metadata from integrations may help you to manage and identify risky entities.', } ); export const ADD_EXTERNAL_INTEGRATION_BUTTON = i18n.translate( 'xpack.securitySolution.timeline.userDetails.addExternalIntegrationButton', { - defaultMessage: 'Add external integrations', + defaultMessage: 'Add asset repository integrations', } ); diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.tsx deleted file mode 100644 index 95ffb05a168897..00000000000000 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.tsx +++ /dev/null @@ -1,197 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - EuiSpacer, - EuiHorizontalRule, - EuiIcon, - EuiBadge, - EuiText, - EuiFlexItem, - EuiFlexGroup, - useEuiFontSize, - useEuiTheme, - euiTextBreakWord, - EuiProgress, -} from '@elastic/eui'; - -import React, { useMemo } from 'react'; -import { css } from '@emotion/react'; -import { max } from 'lodash'; -import * as i18n from './translations'; - -import { RiskScoreEntity } from '../../../../../common/search_strategy'; -import { UserDetailsLink } from '../../../../common/components/links'; -import { useGlobalTime } from '../../../../common/containers/use_global_time'; -import type { RiskScoreState } from '../../../../explore/containers/risk_score'; -import { useRiskScore } from '../../../../explore/containers/risk_score'; - -import { useManagedUser, useObservedUser } from './hooks'; -import { AnomalyTableProvider } from '../../../../common/components/ml/anomaly/anomaly_table_provider'; -import { getCriteriaFromUsersType } from '../../../../common/components/ml/criteria/get_criteria_from_users_type'; -import { UsersType } from '../../../../explore/users/store/model'; -import { PreferenceFormattedDate } from '../../../../common/components/formatted_date'; -import type { ManagedUserData, ObservedUserData } from './types'; -import { RiskScoreField } from './risk_score_field'; -import { ObservedUser } from './observed_user'; -import { ManagedUser } from './managed_user'; - -export const QUERY_ID = 'usersDetailsQuery'; - -interface UserDetailsContentComponentProps { - userName: string; - observedUser: ObservedUserData; - managedUser: ManagedUserData; - riskScoreState: RiskScoreState; - contextID: string; - scopeId: string; - isDraggable: boolean; -} - -/** - * This is a visual component. It doesn't access any external Context or API. - * It designed for unit testing the UI and previewing changes on storybook. - */ -export const UserDetailsContentComponent = ({ - userName, - observedUser, - managedUser, - riskScoreState, - contextID, - scopeId, - isDraggable, -}: UserDetailsContentComponentProps) => { - const { euiTheme } = useEuiTheme(); - const { fontSize: xlFontSize } = useEuiFontSize('xl'); - - const lastSeenDate = useMemo( - () => - max([observedUser.lastSeen, managedUser.lastSeen].map((el) => el.date && new Date(el.date))), - [managedUser.lastSeen, observedUser.lastSeen] - ); - - return ( - <> - - - - - {i18n.USER} - - - {observedUser.lastSeen.date && ( - - {i18n.OBSERVED_BADGE} - - )} - - - {managedUser.lastSeen.date && ( - - {i18n.MANAGED_BADGE} - - )} - - - - - {observedUser.lastSeen.isLoading || managedUser.lastSeen.isLoading ? ( - - ) : ( - - )} - - - - - {userName} - - - - - {i18n.LAST_SEEN} - {': '} - {lastSeenDate && } - - - - - - - - - - ); -}; - -export const UserDetailsContent = ({ - userName, - contextID, - scopeId, - isDraggable = false, -}: { - userName: string; - contextID: string; - scopeId: string; - isDraggable?: boolean; -}) => { - const { to, from, isInitializing } = useGlobalTime(); - const riskScoreState = useRiskScore({ - riskEntity: RiskScoreEntity.user, - }); - const observedUser = useObservedUser(userName); - const managedUser = useManagedUser(userName); - - return ( - - {({ isLoadingAnomaliesData, anomaliesData, jobNameById }) => ( - - )} - - ); -}; diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/index.tsx index 17a1e21ceebd0b..4eefc6aa44f8a0 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/index.tsx @@ -6,13 +6,9 @@ */ import React from 'react'; -import { EuiFlyoutBody, EuiSpacer, EuiButtonIcon } from '@elastic/eui'; -import { css } from '@emotion/react'; import { UserDetailsFlyout } from './user_details_flyout'; import { UserDetailsSidePanel } from './user_details_side_panel'; import type { UserDetailsProps } from './types'; -import { UserDetailsContent } from '../new_user_detail/user_details_content'; -import * as i18n from './translations'; const UserDetailsPanelComponent = ({ contextID, @@ -21,40 +17,7 @@ const UserDetailsPanelComponent = ({ handleOnClose, isFlyoutView, isDraggable, - isNewUserDetailsFlyoutEnable, }: UserDetailsProps) => { - if (isNewUserDetailsFlyoutEnable) { - return isFlyoutView ? ( - - - - ) : ( -
- - - - -
- ); - } - return isFlyoutView ? ( ) : ( diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/types.ts b/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/types.ts index 96d17c57c08f4a..9e1fd0a6b1498f 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/types.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/types.ts @@ -12,5 +12,4 @@ export interface UserDetailsProps { handleOnClose: () => void; isFlyoutView?: boolean; isDraggable?: boolean; - isNewUserDetailsFlyoutEnable?: boolean; } diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/user_name.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/user_name.tsx index 58b2a8fbbbb971..083d0651fbab43 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/user_name.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/user_name.tsx @@ -9,9 +9,13 @@ import React, { useCallback, useContext, useMemo } from 'react'; import type { EuiButtonEmpty, EuiButtonIcon } from '@elastic/eui'; import { useDispatch } from 'react-redux'; import { isString } from 'lodash/fp'; +import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; +import { TableId } from '@kbn/securitysolution-data-table'; +import { UserPanelKey } from '../../../../../flyout/entity_details/user_right'; +import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features'; import { StatefulEventContext } from '../../../../../common/components/events_viewer/stateful_event_context'; import type { ExpandedDetailType } from '../../../../../../common/types'; -import { getScopedActions } from '../../../../../helpers'; +import { getScopedActions, isTimelineScope } from '../../../../../helpers'; import { TimelineId, TimelineTabs } from '../../../../../../common/types/timeline'; import { DefaultDraggable } from '../../../../../common/components/draggables'; import { getEmptyTagValue } from '../../../../../common/components/empty_value'; @@ -48,9 +52,11 @@ const UserNameComponent: React.FC = ({ }) => { const dispatch = useDispatch(); const eventContext = useContext(StatefulEventContext); + const isNewUserDetailsFlyoutEnable = useIsExperimentalFeatureEnabled('newUserDetailsFlyout'); const userName = `${value}`; - const isInTimelineContext = userName && eventContext?.timelineID; + const { openRightPanel } = useExpandableFlyoutContext(); + const openUserDetailsSidePanel = useCallback( (e) => { e.preventDefault(); @@ -58,31 +64,55 @@ const UserNameComponent: React.FC = ({ if (onClick) { onClick(); } + if (eventContext && isInTimelineContext) { const { timelineID, tabType } = eventContext; - const updatedExpandedDetail: ExpandedDetailType = { - panelView: 'userDetail', - params: { - userName, - }, - }; - const scopedActions = getScopedActions(timelineID); - if (scopedActions) { - dispatch( - scopedActions.toggleDetailPanel({ - ...updatedExpandedDetail, - id: timelineID, - tabType: tabType as TimelineTabs, - }) - ); - } - if (timelineID === TimelineId.active && tabType === TimelineTabs.query) { - activeTimeline.toggleExpandedDetail({ ...updatedExpandedDetail }); + if (isNewUserDetailsFlyoutEnable && !isTimelineScope(timelineID)) { + openRightPanel({ + id: UserPanelKey, + params: { + userName, + contextID: contextId, + scopeId: TableId.alertsOnAlertsPage, + isDraggable, + }, + }); + } else { + const updatedExpandedDetail: ExpandedDetailType = { + panelView: 'userDetail', + params: { + userName, + }, + }; + const scopedActions = getScopedActions(timelineID); + if (scopedActions) { + dispatch( + scopedActions.toggleDetailPanel({ + ...updatedExpandedDetail, + id: timelineID, + tabType: tabType as TimelineTabs, + }) + ); + } + + if (timelineID === TimelineId.active && tabType === TimelineTabs.query) { + activeTimeline.toggleExpandedDetail({ ...updatedExpandedDetail }); + } } } }, - [onClick, eventContext, isInTimelineContext, userName, dispatch] + [ + onClick, + eventContext, + isNewUserDetailsFlyoutEnable, + isInTimelineContext, + openRightPanel, + userName, + contextId, + isDraggable, + dispatch, + ] ); // The below is explicitly defined this way as the onClick takes precedence when it and the href are both defined diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index c656e54ee8f5f7..360be51913f25d 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -8684,7 +8684,6 @@ "xpack.apm.dashboard.addDashboard.useContextFilterLabel.tooltip": "L'activation de cette option applique des filtres au tableau de bord en fonction du service et de l'environnement choisis.", "xpack.apm.data_view.creation_failed": "Une erreur s'est produite lors de la création de la vue de données", "xpack.apm.dataView.alreadyExistsInActiveSpace": "La vue de données existe déjà dans l'espace actif", - "xpack.apm.dataView.alreadyExistsInAnotherSpace": "La vue de données existe déjà dans un autre espace mais elle n'est pas disponible dans cet espace", "xpack.apm.dataView.autoCreateDisabled": "La création automatique des vues de données a été désactivée via l'option de configuration \"autoCreateApmDataView\"", "xpack.apm.dataView.noApmData": "Aucune donnée APM", "xpack.apm.dependecyOperationDetailView.header.backLinkLabel": "Toutes les opérations", @@ -17101,7 +17100,6 @@ "xpack.fleet.agentActivityFlyout.inProgressTitle": "En cours", "xpack.fleet.agentActivityFlyout.noActivityDescription": "Le fil d'activités s'affichera ici au fur et à mesure que les agents seront réaffectés, mis à niveau ou désenregistrés.", "xpack.fleet.agentActivityFlyout.noActivityText": "Aucune activité à afficher", - "xpack.fleet.agentActivityFlyout.reviewErrorLogs": "Vérifier les logs d'erreur", "xpack.fleet.agentActivityFlyout.scheduledDescription": "Planifié pour ", "xpack.fleet.agentActivityFlyout.title": "Activité des agents", "xpack.fleet.agentActivityFlyout.todayTitle": "Aujourd'hui", @@ -36768,7 +36766,6 @@ "xpack.securitySolution.timeline.userDetails.firstSeenLabel": "Vu en premier", "xpack.securitySolution.timeline.userDetails.fullNameLabel": "Nom complet", "xpack.securitySolution.timeline.userDetails.hideManagedDataButton": "Masquer les données Azure AD", - "xpack.securitySolution.timeline.userDetails.hideObservedDataButton": "Masquer les données observées", "xpack.securitySolution.timeline.userDetails.hostOsNameLabel": "Système d'exploitation", "xpack.securitySolution.timeline.userDetails.ipAddressesLabel": "Adresses IP", "xpack.securitySolution.timeline.userDetails.lastNameLabel": "Nom", @@ -36787,7 +36784,6 @@ "xpack.securitySolution.timeline.userDetails.phoneLabel": "Téléphone", "xpack.securitySolution.timeline.userDetails.riskScoreLabel": "Score de risque", "xpack.securitySolution.timeline.userDetails.showManagedDataButton": "Afficher les données Azure AD", - "xpack.securitySolution.timeline.userDetails.showObservedDataButton": "Afficher les données observées", "xpack.securitySolution.timeline.userDetails.userIdLabel": "ID utilisateur", "xpack.securitySolution.timeline.userDetails.userLabel": "Utilisateur", "xpack.securitySolution.timeline.userDetails.valuesColumnTitle": "Valeurs", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 157391ad9a6ff8..a8e3d4b417f541 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -8699,7 +8699,6 @@ "xpack.apm.dashboard.addDashboard.useContextFilterLabel.tooltip": "このオプションを有効にすると、選択したサービスと環境に基づいてダッシュボードにフィルターが適用されます。", "xpack.apm.data_view.creation_failed": "データビューの作成中にエラーが発生しました", "xpack.apm.dataView.alreadyExistsInActiveSpace": "アクティブなスペースにはすでにデータビューが存在します", - "xpack.apm.dataView.alreadyExistsInAnotherSpace": "データビューはすでに別のスペースに存在しますが、このスペースでは使用できません", "xpack.apm.dataView.autoCreateDisabled": "データビューの自動作成は、「autoCreateApmDataView」構成オプションによって無効化されています", "xpack.apm.dataView.noApmData": "APMデータがありません", "xpack.apm.dependecyOperationDetailView.header.backLinkLabel": "すべての演算", @@ -17114,7 +17113,6 @@ "xpack.fleet.agentActivityFlyout.inProgressTitle": "進行中", "xpack.fleet.agentActivityFlyout.noActivityDescription": "エージェントが再割り当て、アップグレード、または登録解除されたときに、アクティビティフィードがここに表示されます。", "xpack.fleet.agentActivityFlyout.noActivityText": "表示するアクティビティがありません", - "xpack.fleet.agentActivityFlyout.reviewErrorLogs": "エラーログを確認", "xpack.fleet.agentActivityFlyout.scheduledDescription": "スケジュール済み ", "xpack.fleet.agentActivityFlyout.title": "エージェントアクティビティ", "xpack.fleet.agentActivityFlyout.todayTitle": "今日", @@ -36766,7 +36764,6 @@ "xpack.securitySolution.timeline.userDetails.firstSeenLabel": "初回の認識", "xpack.securitySolution.timeline.userDetails.fullNameLabel": "フルネーム", "xpack.securitySolution.timeline.userDetails.hideManagedDataButton": "Azure ADデータを非表示", - "xpack.securitySolution.timeline.userDetails.hideObservedDataButton": "観測されたデータを非表示", "xpack.securitySolution.timeline.userDetails.hostOsNameLabel": "オペレーティングシステム", "xpack.securitySolution.timeline.userDetails.ipAddressesLabel": "IP アドレス", "xpack.securitySolution.timeline.userDetails.lastNameLabel": "姓", @@ -36785,7 +36782,6 @@ "xpack.securitySolution.timeline.userDetails.phoneLabel": "電話", "xpack.securitySolution.timeline.userDetails.riskScoreLabel": "リスクスコア", "xpack.securitySolution.timeline.userDetails.showManagedDataButton": "Azure ADデータを表示", - "xpack.securitySolution.timeline.userDetails.showObservedDataButton": "観測されたデータを表示", "xpack.securitySolution.timeline.userDetails.userIdLabel": "ユーザーID", "xpack.securitySolution.timeline.userDetails.userLabel": "ユーザー", "xpack.securitySolution.timeline.userDetails.valuesColumnTitle": "値", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 192297f53e6ec6..879ccde09a001c 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -8698,7 +8698,6 @@ "xpack.apm.dashboard.addDashboard.useContextFilterLabel.tooltip": "启用此选项会根据您选择的服务和环境,将筛选应用于仪表板。", "xpack.apm.data_view.creation_failed": "创建数据视图时出错", "xpack.apm.dataView.alreadyExistsInActiveSpace": "活动工作区中已存在数据视图", - "xpack.apm.dataView.alreadyExistsInAnotherSpace": "数据视图已在另一工作区中存在,但在此工作区中不可用", "xpack.apm.dataView.autoCreateDisabled": "已通过“autoCreateApmDataView”配置选项禁止自动创建数据视图", "xpack.apm.dataView.noApmData": "无 APM 数据", "xpack.apm.dependecyOperationDetailView.header.backLinkLabel": "所有操作", @@ -17114,7 +17113,6 @@ "xpack.fleet.agentActivityFlyout.inProgressTitle": "进行中", "xpack.fleet.agentActivityFlyout.noActivityDescription": "重新分配、升级或取消注册代理时,活动源将在此处显示。", "xpack.fleet.agentActivityFlyout.noActivityText": "没有可显示的活动", - "xpack.fleet.agentActivityFlyout.reviewErrorLogs": "查看错误日志", "xpack.fleet.agentActivityFlyout.scheduledDescription": "计划进行 ", "xpack.fleet.agentActivityFlyout.title": "代理活动", "xpack.fleet.agentActivityFlyout.todayTitle": "今日", @@ -36762,7 +36760,6 @@ "xpack.securitySolution.timeline.userDetails.firstSeenLabel": "首次看到时间", "xpack.securitySolution.timeline.userDetails.fullNameLabel": "全名", "xpack.securitySolution.timeline.userDetails.hideManagedDataButton": "隐藏 Azure AD 数据", - "xpack.securitySolution.timeline.userDetails.hideObservedDataButton": "隐藏观察数据", "xpack.securitySolution.timeline.userDetails.hostOsNameLabel": "操作系统", "xpack.securitySolution.timeline.userDetails.ipAddressesLabel": "IP 地址", "xpack.securitySolution.timeline.userDetails.lastNameLabel": "姓氏", @@ -36781,7 +36778,6 @@ "xpack.securitySolution.timeline.userDetails.phoneLabel": "电话", "xpack.securitySolution.timeline.userDetails.riskScoreLabel": "风险分数", "xpack.securitySolution.timeline.userDetails.showManagedDataButton": "显示 Azure AD 数据", - "xpack.securitySolution.timeline.userDetails.showObservedDataButton": "显示观察数据", "xpack.securitySolution.timeline.userDetails.userIdLabel": "用户 ID", "xpack.securitySolution.timeline.userDetails.userLabel": "用户", "xpack.securitySolution.timeline.userDetails.valuesColumnTitle": "值", diff --git a/x-pack/plugins/ux/public/components/app/rum_dashboard/ux_overview_fetchers.ts b/x-pack/plugins/ux/public/components/app/rum_dashboard/ux_overview_fetchers.ts index 4df3c8c1e84703..46ab3ddff25296 100644 --- a/x-pack/plugins/ux/public/components/app/rum_dashboard/ux_overview_fetchers.ts +++ b/x-pack/plugins/ux/public/components/app/rum_dashboard/ux_overview_fetchers.ts @@ -39,7 +39,7 @@ async function getCoreWebVitalsResponse({ dataStartPlugin, }: WithDataPlugin) { const dataViewResponse = await callApmApi( - 'GET /internal/apm/data_view/title', + 'GET /internal/apm/data_view/index_pattern', { signal: null, } @@ -47,7 +47,7 @@ async function getCoreWebVitalsResponse({ return await esQuery>(dataStartPlugin, { params: { - index: dataViewResponse.apmDataViewTitle, + index: dataViewResponse.apmDataViewIndexPattern, ...coreWebVitalsQuery(absoluteTime.start, absoluteTime.end, undefined, { serviceName: serviceName ? [serviceName] : undefined, }), @@ -83,7 +83,7 @@ export async function hasRumData( params: WithDataPlugin ): Promise { const dataViewResponse = await callApmApi( - 'GET /internal/apm/data_view/title', + 'GET /internal/apm/data_view/index_pattern', { signal: null, } @@ -93,7 +93,7 @@ export async function hasRumData( params.dataStartPlugin, { params: { - index: dataViewResponse.apmDataViewTitle, + index: dataViewResponse.apmDataViewIndexPattern, ...hasRumDataQuery({ start: params?.absoluteTime?.start, end: params?.absoluteTime?.end, @@ -102,7 +102,10 @@ export async function hasRumData( } ); - return formatHasRumResult(esQueryResponse, dataViewResponse.apmDataViewTitle); + return formatHasRumResult( + esQueryResponse, + dataViewResponse.apmDataViewIndexPattern + ); } async function esQuery( diff --git a/x-pack/plugins/ux/public/hooks/use_dynamic_data_view.ts b/x-pack/plugins/ux/public/hooks/use_dynamic_data_view.ts index 81fb2f966966bf..d051e07d0057d8 100644 --- a/x-pack/plugins/ux/public/hooks/use_dynamic_data_view.ts +++ b/x-pack/plugins/ux/public/hooks/use_dynamic_data_view.ts @@ -9,13 +9,13 @@ import { useFetcher } from './use_fetcher'; export function useDynamicDataViewTitle() { const { data, status } = useFetcher((callApmApi) => { - return callApmApi('GET /internal/apm/data_view/title', { + return callApmApi('GET /internal/apm/data_view/index_pattern', { isCachable: true, }); }, []); return { - dataViewTitle: data?.apmDataViewTitle, + dataViewTitle: data?.apmDataViewIndexPattern, status, }; } diff --git a/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts b/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts index b38b4b0ee672c0..e3ed2144876ad2 100644 --- a/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts +++ b/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts @@ -16,7 +16,6 @@ import { FIRED_ACTIONS_ID } from '@kbn/observability-plugin/server/lib/rules/cus import expect from '@kbn/expect'; import { OBSERVABILITY_THRESHOLD_RULE_TYPE_ID } from '@kbn/rule-data-utils'; import { createIndexConnector, createRule } from '../helpers/alerting_api_helper'; -import { createDataView, deleteDataView } from '../helpers/data_view'; import { waitForAlertInIndex, waitForDocumentInIndex, @@ -38,8 +37,19 @@ export default function ({ getService }: FtrProviderContext) { // DATE_VIEW should match the index template: // x-pack/packages/kbn-infra-forge/src/data_sources/composable/template.json const DATE_VIEW = 'kbn-data-forge-fake_hosts'; - const DATE_VIEW_NAME = 'data-view-name'; + const DATE_VIEW_NAME = 'ad-hoc-data-view-name'; const DATA_VIEW_ID = 'data-view-id'; + const MOCKED_AD_HOC_DATA_VIEW = { + id: DATA_VIEW_ID, + title: DATE_VIEW, + timeFieldName: '@timestamp', + sourceFilters: [], + fieldFormats: {}, + runtimeFieldMap: {}, + allowNoIndex: false, + name: DATE_VIEW_NAME, + allowHidden: false, + }; let infraDataIndex: string; let actionId: string; let ruleId: string; @@ -48,12 +58,6 @@ export default function ({ getService }: FtrProviderContext) { before(async () => { infraDataIndex = await generate({ esClient, lookback: 'now-15m', logger }); - await createDataView({ - supertest, - name: DATE_VIEW_NAME, - id: DATA_VIEW_ID, - title: DATE_VIEW, - }); }); after(async () => { @@ -67,10 +71,6 @@ export default function ({ getService }: FtrProviderContext) { index: '.kibana-event-log-*', query: { term: { 'kibana.alert.rule.consumer': 'logs' } }, }); - await deleteDataView({ - supertest, - id: DATA_VIEW_ID, - }); await esDeleteAllIndices([ALERT_ACTION_INDEX, infraDataIndex]); await cleanup({ esClient, logger }); }); @@ -109,7 +109,7 @@ export default function ({ getService }: FtrProviderContext) { query: '', language: 'kuery', }, - index: DATA_VIEW_ID, + index: MOCKED_AD_HOC_DATA_VIEW, }, }, actions: [ @@ -199,7 +199,10 @@ export default function ({ getService }: FtrProviderContext) { ], alertOnNoData: true, alertOnGroupDisappear: true, - searchConfiguration: { index: 'data-view-id', query: { query: '', language: 'kuery' } }, + searchConfiguration: { + index: MOCKED_AD_HOC_DATA_VIEW, + query: { query: '', language: 'kuery' }, + }, }); }); diff --git a/x-pack/test/alerting_api_integration/observability/helpers/alerting_api_helper.ts b/x-pack/test/alerting_api_integration/observability/helpers/alerting_api_helper.ts index d56b91dda55151..57b5721701a400 100644 --- a/x-pack/test/alerting_api_integration/observability/helpers/alerting_api_helper.ts +++ b/x-pack/test/alerting_api_integration/observability/helpers/alerting_api_helper.ts @@ -5,8 +5,9 @@ * 2.0. */ -import { ThresholdParams } from '@kbn/observability-plugin/common/custom_threshold_rule/types'; import type { SuperTest, Test } from 'supertest'; +import expect from '@kbn/expect'; +import { ThresholdParams } from '@kbn/observability-plugin/common/custom_threshold_rule/types'; export async function createIndexConnector({ supertest, @@ -64,5 +65,8 @@ export async function createRule({ rule_type_id: ruleTypeId, actions, }); + if (body.statusCode) { + expect(body.statusCode).eql(200, body.message); + } return body; } diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts b/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts index 4ebfacb4d10c94..b4daf5172b164a 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts @@ -24,6 +24,10 @@ export const findingsMockData = [ type: 'process', }, cluster_id: 'Upper case cluster id', + event: { + ingested: '2023-08-19T18:20:41Z', + created: '2023-08-19T18:17:15.609124281Z', + }, }, { resource: { id: chance.guid(), name: `Pod`, sub_type: 'Upper case sub type' }, @@ -40,6 +44,10 @@ export const findingsMockData = [ type: 'process', }, cluster_id: 'Another Upper case cluster id', + event: { + ingested: '2023-08-19T18:20:41Z', + created: '2023-08-19T18:17:15.609124281Z', + }, }, ]; diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts index 6a3f8fbbfeda50..06f80adf460341 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts @@ -247,8 +247,8 @@ export default function (providerContext: FtrProviderContext) { `expected unprivileged but got ${res.cspm.status} instead` ); expect(res.vuln_mgmt.status).to.eql( - 'not-installed', - `expected not-installed but got ${res.vuln_mgmt.status} instead` + 'unprivileged', + `expected unprivileged but got ${res.vuln_mgmt.status} instead` ); assertIndexStatus(res.indicesDetails, LATEST_FINDINGS_INDEX_DEFAULT_NS, 'unprivileged'); diff --git a/x-pack/test/api_integration/apis/maps/migrations.js b/x-pack/test/api_integration/apis/maps/migrations.js index 1295dac5bbb49b..30301a80577b35 100644 --- a/x-pack/test/api_integration/apis/maps/migrations.js +++ b/x-pack/test/api_integration/apis/maps/migrations.js @@ -75,7 +75,7 @@ export default function ({ getService }) { try { panels = JSON.parse(resp.body.attributes.panelsJSON); } catch (error) { - throw 'Unable to parse panelsJSON from dashboard saved object'; + throw new Error('Unable to parse panelsJSON from dashboard saved object'); } expect(panels.length).to.be(1); expect(panels[0].type).to.be('map'); diff --git a/x-pack/test/apm_api_integration/common/apm_api_supertest.ts b/x-pack/test/apm_api_integration/common/apm_api_supertest.ts index ac16abff4098b8..4fe7ae4a62e71c 100644 --- a/x-pack/test/apm_api_integration/common/apm_api_supertest.ts +++ b/x-pack/test/apm_api_integration/common/apm_api_supertest.ts @@ -20,6 +20,7 @@ export function createApmApiClient(st: supertest.SuperTest) { options: { type?: 'form-data'; endpoint: TEndpoint; + spaceId?: string; } & APIClientRequestParamsOf & { params?: { query?: { _inspect?: boolean } } } ): Promise> => { const { endpoint, type } = options; @@ -27,7 +28,8 @@ export function createApmApiClient(st: supertest.SuperTest) { const params = 'params' in options ? (options.params as Record) : {}; const { method, pathname, version } = formatRequest(endpoint, params.path); - const url = format({ pathname, query: params?.query }); + const pathnameWithSpaceId = options.spaceId ? `/s/${options.spaceId}${pathname}` : pathname; + const url = format({ pathname: pathnameWithSpaceId, query: params?.query }); const headers: Record = { 'kbn-xsrf': 'foo', diff --git a/x-pack/test/apm_api_integration/tests/data_view/static.spec.ts b/x-pack/test/apm_api_integration/tests/data_view/static.spec.ts index a49e698c86c652..dcc8fc76044cf4 100644 --- a/x-pack/test/apm_api_integration/tests/data_view/static.spec.ts +++ b/x-pack/test/apm_api_integration/tests/data_view/static.spec.ts @@ -8,7 +8,7 @@ import { apm, timerange } from '@kbn/apm-synthtrace-client'; import type { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace'; import expect from '@kbn/expect'; -import { APM_STATIC_DATA_VIEW_ID } from '@kbn/apm-plugin/common/data_view_constants'; +import { getDataViewId } from '@kbn/apm-plugin/common/data_view_constants'; import { DataView } from '@kbn/data-views-plugin/common'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import request from 'superagent'; @@ -20,28 +20,33 @@ export default function ApiTest({ getService }: FtrProviderContext) { const apmApiClient = getService('apmApiClient'); const supertest = getService('supertest'); const synthtrace = getService('synthtraceEsClient'); + const logger = getService('log'); const dataViewPattern = 'traces-apm*,apm-*,logs-apm*,apm-*,metrics-apm*,apm-*'; - function createDataViewWithWriteUser() { + function createDataViewWithWriteUser({ spaceId }: { spaceId: string }) { return apmApiClient.writeUser({ endpoint: 'POST /internal/apm/data_view/static', + spaceId, }); } - function createDataViewWithReadUser() { - return apmApiClient.readUser({ endpoint: 'POST /internal/apm/data_view/static' }); + function createDataViewWithReadUser({ spaceId }: { spaceId: string }) { + return apmApiClient.readUser({ + endpoint: 'POST /internal/apm/data_view/static', + spaceId, + }); } - function deleteDataView() { + function deleteDataView(spaceId: string) { return supertest - .delete(`/api/saved_objects/index-pattern/${APM_STATIC_DATA_VIEW_ID}?force=true`) + .delete(`/s/${spaceId}/api/saved_objects/index-pattern/${getDataViewId(spaceId)}?force=true`) .set('kbn-xsrf', 'foo'); } - function getDataView({ space }: { space: string }) { - const spacePrefix = space !== 'default' ? `/s/${space}` : ''; + function getDataView({ spaceId }: { spaceId: string }) { + const spacePrefix = spaceId !== 'default' ? `/s/${spaceId}` : ''; return supertest.get( - `${spacePrefix}/api/saved_objects/index-pattern/${APM_STATIC_DATA_VIEW_ID}` + `${spacePrefix}/api/saved_objects/index-pattern/${getDataViewId(spaceId)}` ); } @@ -56,7 +61,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { registry.when('no mappings exist', { config: 'basic', archives: [] }, () => { let response: SupertestReturnType<'POST /internal/apm/data_view/static'>; before(async () => { - response = await createDataViewWithWriteUser(); + response = await createDataViewWithWriteUser({ spaceId: 'default' }); }); it('does not create data view', async () => { @@ -68,10 +73,10 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); it('cannot fetch data view', async () => { - const res = await getDataView({ space: 'default' }); + const res = await getDataView({ spaceId: 'default' }); expect(res.status).to.be(404); expect(res.body.message).to.eql( - 'Saved object [index-pattern/apm_static_index_pattern_id] not found' + 'Saved object [index-pattern/apm_static_data_view_id_default] not found' ); }); }); @@ -86,14 +91,18 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); afterEach(async () => { - await deleteDataView(); + try { + await Promise.all([deleteDataView('default'), deleteDataView('foo')]); + } catch (e) { + logger.error(`Could not delete data views ${e.message}`); + } }); describe('when creating data view with write user', () => { let response: SupertestReturnType<'POST /internal/apm/data_view/static'>; before(async () => { - response = await createDataViewWithWriteUser(); + response = await createDataViewWithWriteUser({ spaceId: 'default' }); }); it('successfully creates the apm data view', async () => { @@ -102,7 +111,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { // @ts-expect-error const dataView = response.body.dataView as DataView; - expect(dataView.id).to.be('apm_static_index_pattern_id'); + expect(dataView.id).to.be('apm_static_data_view_id_default'); expect(dataView.name).to.be('APM'); expect(dataView.title).to.be('traces-apm*,apm-*,logs-apm*,apm-*,metrics-apm*,apm-*'); }); @@ -112,8 +121,8 @@ export default function ApiTest({ getService }: FtrProviderContext) { let dataViewResponse: request.Response; before(async () => { - await createDataViewWithWriteUser(); - dataViewResponse = await getDataView({ space: 'default' }); + await createDataViewWithWriteUser({ spaceId: 'default' }); + dataViewResponse = await getDataView({ spaceId: 'default' }); }); it('return 200', () => { @@ -121,7 +130,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); it('has correct id', () => { - expect(dataViewResponse.body.id).to.be('apm_static_index_pattern_id'); + expect(dataViewResponse.body.id).to.be('apm_static_data_view_id_default'); }); it('has correct title', () => { @@ -170,7 +179,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('when creating data view via read user', () => { it('throws an error', async () => { try { - await createDataViewWithReadUser(); + await createDataViewWithReadUser({ spaceId: 'default' }); } catch (e) { const err = e as ApmApiError; const responseBody = err.res.body; @@ -184,30 +193,44 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('when creating data view twice', () => { it('returns 200 response with reason, if data view already exists', async () => { - await createDataViewWithWriteUser(); - const res = await createDataViewWithWriteUser(); + await createDataViewWithWriteUser({ spaceId: 'default' }); + const res = await createDataViewWithWriteUser({ spaceId: 'default' }); expect(res.status).to.be(200); expect(res.body).to.eql({ created: false, - reason: 'Dataview already exists in the active space', + reason: 'Dataview already exists in the active space and does not need to be updated', }); }); }); describe('when creating data view in "default" space', async () => { - it('can be retrieved from the "default space"', async () => { - await createDataViewWithWriteUser(); - const res = await getDataView({ space: 'default' }); - expect(res.body.id).to.eql('apm_static_index_pattern_id'); - expect(res.body.namespaces).to.eql(['*', 'default']); + it('can be retrieved from the "default" space', async () => { + await createDataViewWithWriteUser({ spaceId: 'default' }); + const res = await getDataView({ spaceId: 'default' }); + expect(res.body.id).to.eql('apm_static_data_view_id_default'); + expect(res.body.namespaces).to.eql(['default']); }); + it('cannot be retrieved from the "foo" space', async () => { + await createDataViewWithWriteUser({ spaceId: 'default' }); + const res = await getDataView({ spaceId: 'foo' }); + expect(res.body.statusCode).to.be(404); + }); + }); + + describe('when creating data view in "foo" space', async () => { it('can be retrieved from the "foo" space', async () => { - await createDataViewWithWriteUser(); - const res = await getDataView({ space: 'foo' }); - expect(res.body.id).to.eql('apm_static_index_pattern_id'); - expect(res.body.namespaces).to.eql(['*', 'default']); + await createDataViewWithWriteUser({ spaceId: 'foo' }); + const res = await getDataView({ spaceId: 'foo' }); + expect(res.body.id).to.eql('apm_static_data_view_id_foo'); + expect(res.body.namespaces).to.eql(['foo']); + }); + + it('cannot be retrieved from the "default" space', async () => { + await createDataViewWithWriteUser({ spaceId: 'foo' }); + const res = await getDataView({ spaceId: 'default' }); + expect(res.body.statusCode).to.be(404); }); }); }); diff --git a/x-pack/test/cloud_security_posture_functional/mocks/vulnerabilities_latest_mock.ts b/x-pack/test/cloud_security_posture_functional/mocks/vulnerabilities_latest_mock.ts index 813c72743e7fc8..f0ffd4aebb3889 100644 --- a/x-pack/test/cloud_security_posture_functional/mocks/vulnerabilities_latest_mock.ts +++ b/x-pack/test/cloud_security_posture_functional/mocks/vulnerabilities_latest_mock.ts @@ -83,7 +83,7 @@ export const vulnerabilitiesLatestMock = [ id: '704479110758', }, }, - '@timestamp': '2023-06-29T02:08:44.993Z', + '@timestamp': (Date.now() - 249200000).toString(), cloudbeat: { commit_sha: '4d990caa0c9c1594441da6bf24a685599aeb2bd5', commit_time: '2023-05-15T14:48:10Z', @@ -189,7 +189,7 @@ export const vulnerabilitiesLatestMock = [ id: '704479110758', }, }, - '@timestamp': '2023-06-29T02:08:16.535Z', + '@timestamp': (Date.now() - 249200000).toString(), ecs: { version: '8.6.0', }, diff --git a/x-pack/test/cloud_security_posture_functional/page_objects/findings_page.ts b/x-pack/test/cloud_security_posture_functional/page_objects/findings_page.ts index 49f4ab0a6d12fd..0fd0e463e7087a 100644 --- a/x-pack/test/cloud_security_posture_functional/page_objects/findings_page.ts +++ b/x-pack/test/cloud_security_posture_functional/page_objects/findings_page.ts @@ -410,6 +410,12 @@ export function FindingsPageProvider({ getService, getPageObjects }: FtrProvider }, }); + const isLatestFindingsTableThere = async () => { + const table = await testSubjects.findAll('docTable'); + const trueOrFalse = table.length > 0 ? true : false; + return trueOrFalse; + }; + return { navigateToLatestFindingsPage, navigateToVulnerabilities, @@ -426,5 +432,6 @@ export function FindingsPageProvider({ getService, getPageObjects }: FtrProvider misconfigurationsFlyout, toastMessage, detectionRuleApi, + isLatestFindingsTableThere, }; } diff --git a/x-pack/test/cloud_security_posture_functional/pages/findings.ts b/x-pack/test/cloud_security_posture_functional/pages/findings.ts index 69c1fd6949f51e..4ec0240f735c90 100644 --- a/x-pack/test/cloud_security_posture_functional/pages/findings.ts +++ b/x-pack/test/cloud_security_posture_functional/pages/findings.ts @@ -17,12 +17,13 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { const retry = getService('retry'); const pageObjects = getPageObjects(['common', 'findings', 'header']); const chance = new Chance(); + const timeFiveHoursAgo = (Date.now() - 18000000).toString(); // We need to use a dataset for the tests to run // We intentionally make some fields start with a capital letter to test that the query bar is case-insensitive/case-sensitive const data = [ { - '@timestamp': '1695819664234', + '@timestamp': timeFiveHoursAgo, resource: { id: chance.guid(), name: `kubelet`, sub_type: 'lower case sub type' }, result: { evaluation: chance.integer() % 2 === 0 ? 'passed' : 'failed' }, rule: { @@ -39,7 +40,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { cluster_id: 'Upper case cluster id', }, { - '@timestamp': '1695819673242', + '@timestamp': timeFiveHoursAgo, resource: { id: chance.guid(), name: `Pod`, sub_type: 'Upper case sub type' }, result: { evaluation: chance.integer() % 2 === 0 ? 'passed' : 'failed' }, rule: { @@ -56,7 +57,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { cluster_id: 'Another Upper case cluster id', }, { - '@timestamp': '1695819676242', + '@timestamp': timeFiveHoursAgo, resource: { id: chance.guid(), name: `process`, sub_type: 'another lower case type' }, result: { evaluation: 'passed' }, rule: { @@ -73,7 +74,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { cluster_id: 'lower case cluster id', }, { - '@timestamp': '1695819680202', + '@timestamp': timeFiveHoursAgo, resource: { id: chance.guid(), name: `process`, sub_type: 'Upper case type again' }, result: { evaluation: 'failed' }, rule: { @@ -122,7 +123,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await findings.index.add(data); await findings.navigateToLatestFindingsPage(); - await retry.waitFor( 'Findings table to be loaded', async () => (await latestFindingsTable.getRowsCount()) === data.length diff --git a/x-pack/test/cloud_security_posture_functional/pages/findings_old_data.ts b/x-pack/test/cloud_security_posture_functional/pages/findings_old_data.ts new file mode 100644 index 00000000000000..fc12d593333b26 --- /dev/null +++ b/x-pack/test/cloud_security_posture_functional/pages/findings_old_data.ts @@ -0,0 +1,94 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; +import Chance from 'chance'; +import type { FtrProviderContext } from '../ftr_provider_context'; + +// eslint-disable-next-line import/no-default-export +export default function ({ getPageObjects, getService }: FtrProviderContext) { + const pageObjects = getPageObjects(['common', 'findings', 'header']); + const chance = new Chance(); + const hoursToMillisecond = (hours: number) => hours * 60 * 60 * 1000; + + const dataOldKspm = [ + { + '@timestamp': (Date.now() - hoursToMillisecond(27)).toString(), + resource: { id: chance.guid(), name: `kubelet`, sub_type: 'lower case sub type' }, + result: { evaluation: chance.integer() % 2 === 0 ? 'passed' : 'failed' }, + rule: { + name: 'Upper case rule name', + section: 'Upper case section', + benchmark: { + id: 'cis_k8s', + posture_type: 'kspm', + name: 'CIS Kubernetes V1.23', + version: 'v1.0.0', + }, + type: 'process', + }, + cluster_id: 'Upper case cluster id', + }, + ]; + + const dataOldCspm = [ + { + '@timestamp': (Date.now() - hoursToMillisecond(27)).toString(), + resource: { id: chance.guid(), name: `kubelet`, sub_type: 'lower case sub type' }, + result: { evaluation: chance.integer() % 2 === 0 ? 'passed' : 'failed' }, + rule: { + name: 'Upper case rule name', + section: 'Upper case section', + benchmark: { + id: 'cis_aws', + posture_type: 'cspm', + name: 'CIS AWS V1.23', + version: 'v1.0.0', + }, + type: 'process', + }, + cluster_id: 'Upper case cluster id', + }, + ]; + + describe('Old Data', function () { + this.tags(['cloud_security_posture_findings']); + let findings: typeof pageObjects.findings; + + before(async () => { + findings = pageObjects.findings; + + // Before we start any test we must wait for cloud_security_posture plugin to complete its initialization + await findings.waitForPluginInitialized(); + }); + + after(async () => { + await findings.index.remove(); + }); + + describe('Findings page with old data', () => { + it('returns no Findings KSPM', async () => { + // Prepare mocked findings + await findings.index.remove(); + await findings.index.add(dataOldKspm); + + await findings.navigateToLatestFindingsPage(); + pageObjects.header.waitUntilLoadingHasFinished(); + expect(await findings.isLatestFindingsTableThere()).to.be(false); + }); + it('returns no Findings CSPM', async () => { + // Prepare mocked findings + await findings.index.remove(); + await findings.index.add(dataOldCspm); + + await findings.navigateToLatestFindingsPage(); + pageObjects.header.waitUntilLoadingHasFinished(); + expect(await findings.isLatestFindingsTableThere()).to.be(false); + }); + }); + }); +} diff --git a/x-pack/test/cloud_security_posture_functional/pages/index.ts b/x-pack/test/cloud_security_posture_functional/pages/index.ts index 9d4e17ec0c88c9..f1bb7f8fb78753 100644 --- a/x-pack/test/cloud_security_posture_functional/pages/index.ts +++ b/x-pack/test/cloud_security_posture_functional/pages/index.ts @@ -16,5 +16,6 @@ export default function ({ loadTestFile }: FtrProviderContext) { loadTestFile(require.resolve('./compliance_dashboard')); loadTestFile(require.resolve('./vulnerability_dashboard')); loadTestFile(require.resolve('./cis_integration')); + loadTestFile(require.resolve('./findings_old_data')); }); } diff --git a/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/tests.ts b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/tests.ts index 4e0e12a386dc99..ec16fe567f4ead 100644 --- a/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/tests.ts +++ b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/tests.ts @@ -205,7 +205,8 @@ export default ({ getService, getPageObjects }: FtrProviderContext) => { }); }); - describe('creation and recreation', () => { + // FLAKY: https://github.com/elastic/kibana/issues/171493 + describe.skip('creation and recreation', () => { it('create first ML job', async () => { await logsUi.logEntryRatePage.navigateTo(); await requestTracker.install(); diff --git a/x-pack/test/observability_onboarding_api_integration/common/config.ts b/x-pack/test/observability_onboarding_api_integration/common/config.ts index 32d51a6388b092..55b98b2eaa2333 100644 --- a/x-pack/test/observability_onboarding_api_integration/common/config.ts +++ b/x-pack/test/observability_onboarding_api_integration/common/config.ts @@ -13,6 +13,7 @@ import { createObservabilityOnboardingUsers } from '@kbn/observability-onboardin import { FtrConfigProviderContext } from '@kbn/test'; import supertest from 'supertest'; import { format, UrlObject } from 'url'; +import { createLogger, LogLevel, LogsSynthtraceEsClient } from '@kbn/apm-synthtrace'; import { ObservabilityOnboardingFtrConfigName } from '../configs'; import { FtrProviderContext, @@ -64,6 +65,9 @@ export interface CreateTest { services: InheritedServices & { observabilityOnboardingFtrConfig: () => ObservabilityOnboardingFtrConfig; registry: ({ getService }: FtrProviderContext) => ReturnType; + logSynthtraceEsClient: ( + context: InheritedFtrProviderContext + ) => Promise; observabilityOnboardingApiClient: ( context: InheritedFtrProviderContext ) => ObservabilityOnboardingApiClient; @@ -97,6 +101,12 @@ export function createTestConfig( ...services, observabilityOnboardingFtrConfig: () => config, registry: RegistryProvider, + logSynthtraceEsClient: (context: InheritedFtrProviderContext) => + new LogsSynthtraceEsClient({ + client: context.getService('es'), + logger: createLogger(LogLevel.info), + refreshAfterIndex: true, + }), observabilityOnboardingApiClient: async (_: InheritedFtrProviderContext) => { const { username, password } = servers.kibana; const esUrl = format(esServer); diff --git a/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/es_utils.ts b/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/es_utils.ts deleted file mode 100644 index 33207ed6cdd8cc..00000000000000 --- a/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/es_utils.ts +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export function createLogDoc({ - time, - logFilepath, - serviceName, - namespace, - datasetName, - message, - agentId, -}: { - time: number; - logFilepath: string; - serviceName?: string; - namespace: string; - datasetName: string; - message: string; - agentId?: string; -}) { - return { - input: { - type: 'log', - }, - '@timestamp': new Date(time).toISOString(), - log: { - file: { - path: logFilepath, - }, - }, - ...(serviceName - ? { - service: { - name: serviceName, - }, - } - : {}), - data_stream: { - namespace, - type: 'logs', - dataset: datasetName, - }, - message, - event: { - dataset: datasetName, - }, - ...(agentId - ? { - agent: { - id: agentId, - }, - } - : {}), - }; -} diff --git a/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts b/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts index 7311f116736a3b..0a7802e9682c60 100644 --- a/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts +++ b/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts @@ -5,17 +5,17 @@ * 2.0. */ +import { log, timerange } from '@kbn/apm-synthtrace-client'; import expect from '@kbn/expect'; import { ObservabilityOnboardingApiClientKey } from '../../../common/config'; import { FtrProviderContext } from '../../../common/ftr_provider_context'; import { ObservabilityOnboardingApiError } from '../../../common/observability_onboarding_api_supertest'; import { expectToReject } from '../../../common/utils/expect_to_reject'; -import { createLogDoc } from './es_utils'; export default function ApiTest({ getService }: FtrProviderContext) { const registry = getService('registry'); const observabilityOnboardingApiClient = getService('observabilityOnboardingApiClient'); - const es = getService('es'); + const synthtrace = getService('logSynthtraceEsClient'); async function callApi({ onboardingId, @@ -141,24 +141,24 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('with a different agentId', () => { describe('and onboarding type is logFiles', () => { before(async () => { - await es.indices.createDataStream({ - name: `logs-${datasetName}-${namespace}`, - }); - - const doc = createLogDoc({ - time: new Date('06/28/2023').getTime(), - logFilepath: '/my-service.log', - serviceName: 'my-service', - namespace, - datasetName, - message: 'This is a log message', - agentId: 'another-agent-id', - }); - - await es.bulk({ - body: [{ create: { _index: `logs-${datasetName}-${namespace}` } }, doc], - refresh: 'wait_for', - }); + await synthtrace.index([ + timerange('2023-11-20T10:00:00.000Z', '2023-11-20T10:01:00.000Z') + .interval('1m') + .rate(1) + .generator((timestamp) => + log + .create() + .message('This is a log message') + .timestamp(timestamp) + .dataset(datasetName) + .namespace(namespace) + .service('my-service') + .defaults({ + 'agent.id': 'another-agent-id', + 'log.file.path': '/my-service.log', + }) + ), + ]); }); it('should return log-ingest as incomplete', async () => { @@ -173,9 +173,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); after(async () => { - await es.indices.deleteDataStream({ - name: `logs-${datasetName}-${namespace}`, - }); + await synthtrace.clean(); }); }); @@ -211,23 +209,23 @@ export default function ApiTest({ getService }: FtrProviderContext) { }, }); - await es.indices.createDataStream({ - name: `logs-system.syslog-${namespace}`, - }); - - const doc = createLogDoc({ - time: new Date('06/28/2023').getTime(), - logFilepath: '/var/log/system.log', - namespace, - datasetName: 'system.syslog', - message: 'This is a system log message', - agentId: 'another-agent-id', - }); - - await es.bulk({ - body: [{ create: { _index: `logs-system.syslog-${namespace}` } }, doc], - refresh: 'wait_for', - }); + await synthtrace.index([ + timerange('2023-11-20T10:00:00.000Z', '2023-11-20T10:01:00.000Z') + .interval('1m') + .rate(1) + .generator((timestamp) => + log + .create() + .message('This is a system log message') + .timestamp(timestamp) + .dataset('system.syslog') + .namespace(namespace) + .defaults({ + 'agent.id': 'another-agent-id', + 'log.file.path': '/var/log/system.log', + }) + ), + ]); }); it('should return log-ingest as incomplete', async () => { @@ -242,9 +240,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); after(async () => { - await es.indices.deleteDataStream({ - name: `logs-system.syslog-${namespace}`, - }); + await synthtrace.clean(); }); }); }); @@ -252,24 +248,24 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('with the expected agentId', () => { describe('and onboarding type is logFiles', () => { before(async () => { - await es.indices.createDataStream({ - name: `logs-${datasetName}-${namespace}`, - }); - - const doc = createLogDoc({ - time: new Date('06/28/2023').getTime(), - logFilepath: '/my-service.log', - serviceName: 'my-service', - namespace, - datasetName, - message: 'This is a log message', - agentId, - }); - - await es.bulk({ - body: [{ create: { _index: `logs-${datasetName}-${namespace}` } }, doc], - refresh: 'wait_for', - }); + await synthtrace.index([ + timerange('2023-11-20T10:00:00.000Z', '2023-11-20T10:01:00.000Z') + .interval('1m') + .rate(1) + .generator((timestamp) => + log + .create() + .message('This is a log message') + .timestamp(timestamp) + .dataset(datasetName) + .namespace(namespace) + .service('my-service') + .defaults({ + 'agent.id': agentId, + 'log.file.path': '/my-service.log', + }) + ), + ]); }); it('should return log-ingest as complete', async () => { @@ -284,9 +280,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); after(async () => { - await es.indices.deleteDataStream({ - name: `logs-${datasetName}-${namespace}`, - }); + await synthtrace.clean(); }); }); @@ -322,23 +316,23 @@ export default function ApiTest({ getService }: FtrProviderContext) { }, }); - await es.indices.createDataStream({ - name: `logs-system.syslog-${namespace}`, - }); - - const doc = createLogDoc({ - time: new Date('06/28/2023').getTime(), - logFilepath: '/var/log/system.log', - namespace, - datasetName: 'system.syslog', - message: 'This is a system log message', - agentId, - }); - - await es.bulk({ - body: [{ create: { _index: `logs-system.syslog-${namespace}` } }, doc], - refresh: 'wait_for', - }); + await synthtrace.index([ + timerange('2023-11-20T10:00:00.000Z', '2023-11-20T10:01:00.000Z') + .interval('1m') + .rate(1) + .generator((timestamp) => + log + .create() + .message('This is a system log message') + .timestamp(timestamp) + .dataset('system.syslog') + .namespace(namespace) + .defaults({ + 'agent.id': agentId, + 'log.file.path': '/var/log/system.log', + }) + ), + ]); }); it('should return log-ingest as complete', async () => { @@ -353,9 +347,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); after(async () => { - await es.indices.deleteDataStream({ - name: `logs-system.syslog-${namespace}`, - }); + await synthtrace.clean(); }); }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts index 7bb492d51d25c9..7210bacd1aa775 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts @@ -169,8 +169,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@serverless'] }, () => cy.get(HOSTS_TABLE_ALERT_CELL).should('have.length', 5); }); - // FLAKY: https://github.com/elastic/kibana/issues/168490 - it.skip('filters by risk level', () => { + it('filters by risk level', () => { openRiskTableFilterAndSelectTheLowOption(); cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total'); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.cy.ts index 9e1ace19972a86..3868625e9b339b 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.cy.ts @@ -9,10 +9,7 @@ import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON, DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT, } from '../../../../screens/expandable_flyout/alert_details_left_panel_analyzer_graph_tab'; -import { - DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB, - DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { openGraphAnalyzerTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_analyzer_graph_tab'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; @@ -41,17 +38,15 @@ describe.skip( it('should display analyzer graph and node list under visualize', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB) - .should('be.visible') - .and('have.text', 'Visualize'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP).should('be.visible'); + .should('have.text', 'Visualize') + .and('have.class', 'euiTab-isSelected'); cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON) - .should('be.visible') - .and('have.text', 'Analyzer Graph'); + .should('have.text', 'Analyzer Graph') + .and('have.class', 'euiButtonGroupButton-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT).should('be.visible'); - cy.get(ANALYZER_NODE).first().should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT).should('exist'); + cy.get(ANALYZER_NODE).first().should('exist'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_correlations_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_correlations_tab.cy.ts index a0e080e71ce122..fe89d50dd520d5 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_correlations_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_correlations_tab.cy.ts @@ -20,10 +20,7 @@ import { CORRELATIONS_SOURCE_SECTION_TITLE, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON, } from '../../../../screens/expandable_flyout/alert_details_left_panel_correlations_tab'; -import { - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB, - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { openCorrelationsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_correlations_tab'; import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; @@ -50,24 +47,15 @@ describe('Expandable flyout left panel correlations', { tags: ['@ess', '@serverl }); it('should render correlations details correctly', () => { - cy.log('link the alert to a new case'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB).scrollIntoView(); - - cy.log('should render the Insights header'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB).should('be.visible').and('have.text', 'Insights'); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB) + .should('have.text', 'Insights') + .and('have.class', 'euiTab-isSelected'); - cy.log('should render the inner tab switch'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible'); - - cy.log('should render correlations tab activator / button'); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON) - .should('be.visible') - .and('have.text', 'Correlations'); - - cy.log('should render all the correlations sections'); + .should('have.text', 'Correlations') + .and('have.class', 'euiButtonGroupButton-isSelected'); - cy.log('suppressed alerts'); + // cy.log('suppressed alerts'); // TODO get proper data to test suppressed alerts // cy.get(CORRELATIONS_SUPPRESSED_ALERTS_TITLE).scrollIntoView(); @@ -78,38 +66,42 @@ describe('Expandable flyout left panel correlations', { tags: ['@ess', '@serverl cy.log('related cases'); - cy.get(CORRELATIONS_CASES_SECTION_TITLE).scrollIntoView(); - cy.get(CORRELATIONS_CASES_SECTION_TITLE) - .should('be.visible') - .and('contain.text', '1 related case'); - cy.get(CORRELATIONS_CASES_SECTION_TABLE).should('be.visible'); + cy.get(CORRELATIONS_CASES_SECTION_TITLE).should('contain.text', '1 related case'); + cy.get(CORRELATIONS_CASES_SECTION_TABLE) + .should('contain.text', 'case') + .and('contain.text', 'open'); cy.log('related alerts by source event'); - cy.get(CORRELATIONS_SOURCE_SECTION_TITLE).scrollIntoView(); - cy.get(CORRELATIONS_SOURCE_SECTION_TITLE) - .should('be.visible') - .and('contain.text', '1 alert related by source event'); - cy.get(CORRELATIONS_SOURCE_SECTION_TABLE).should('be.visible'); - cy.get(CORRELATIONS_SOURCE_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should('be.visible'); + cy.get(CORRELATIONS_SOURCE_SECTION_TITLE).should( + 'contain.text', + '1 alert related by source event' + ); + cy.get(CORRELATIONS_SOURCE_SECTION_TABLE).should('exist'); + cy.get(CORRELATIONS_SOURCE_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should( + 'contain.text', + 'Investigate in timeline' + ); cy.log('related alerts by session'); - cy.get(CORRELATIONS_SESSION_SECTION_TITLE).scrollIntoView(); - cy.get(CORRELATIONS_SESSION_SECTION_TITLE) - .should('be.visible') - .and('contain.text', '1 alert related by session'); - cy.get(CORRELATIONS_SESSION_SECTION_TABLE).should('be.visible'); - cy.get(CORRELATIONS_SESSION_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should('be.visible'); + cy.get(CORRELATIONS_SESSION_SECTION_TITLE).should('contain.text', '1 alert related by session'); + cy.get(CORRELATIONS_SESSION_SECTION_TABLE).should('exist'); + cy.get(CORRELATIONS_SESSION_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should( + 'contain.text', + 'Investigate in timeline' + ); cy.log('related alerts by ancestry'); - cy.get(CORRELATIONS_ANCESTRY_SECTION_TITLE).scrollIntoView(); - cy.get(CORRELATIONS_ANCESTRY_SECTION_TITLE) - .should('be.visible') - .and('contain.text', '1 alert related by ancestry'); - cy.get(CORRELATIONS_ANCESTRY_SECTION_TABLE).scrollIntoView(); - cy.get(CORRELATIONS_ANCESTRY_SECTION_TABLE).should('be.visible'); - cy.get(CORRELATIONS_ANCESTRY_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should('be.visible'); + cy.get(CORRELATIONS_ANCESTRY_SECTION_TITLE).should( + 'contain.text', + '1 alert related by ancestry' + ); + cy.get(CORRELATIONS_ANCESTRY_SECTION_TABLE).should('exist'); + cy.get(CORRELATIONS_ANCESTRY_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should( + 'contain.text', + 'Investigate in timeline' + ); }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_entities_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_entities_tab.cy.ts index 06bba72700c2ba..567a60752398c3 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_entities_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_entities_tab.cy.ts @@ -8,12 +8,13 @@ import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS, + DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_RIGHT_SECTION, + DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_TITLE, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS, + DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_RIGHT_SECTION, + DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_TITLE, } from '../../../../screens/expandable_flyout/alert_details_left_panel_entities_tab'; -import { - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB, - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { openEntitiesTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_entities_tab'; import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; @@ -42,20 +43,32 @@ describe( it('should display host details and user details under Insights Entities', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB) - .should('be.visible') - .and('have.text', 'Insights'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible'); + .should('have.text', 'Insights') + .and('have.class', 'euiTab-isSelected'); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON) - .should('be.visible') - .and('have.text', 'Entities'); + .should('have.text', 'Entities') + .and('have.class', 'euiButtonGroupButton-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS).scrollIntoView(); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_TITLE).should( + 'contain.text', + 'test' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_RIGHT_SECTION).should( + 'contain.text', + 'Related hosts: 0' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS).should('exist'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS).scrollIntoView(); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_TITLE).should( + 'contain.text', + 'siem-kibana' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_RIGHT_SECTION).should( + 'contain.text', + 'Related users: 0' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS).should('exist'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_investigation_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_investigation_tab.cy.ts index 36bd13e5c103d8..c4e4cf5535352a 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_investigation_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_investigation_tab.cy.ts @@ -35,10 +35,13 @@ describe( it('should display investigation guide', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB) - .should('be.visible') - .and('have.text', 'Investigation'); + .should('have.text', 'Investigation') + .and('have.class', 'euiTab-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT).should( + 'contain.text', + 'test markdown' + ); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_prevalence_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_prevalence_tab.cy.ts index 38fd4ffb7496ab..44f48f7f74d0cc 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_prevalence_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_prevalence_tab.cy.ts @@ -9,10 +9,7 @@ import { openPrevalenceTab } from '../../../../tasks/expandable_flyout/alert_det import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; -import { - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB, - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_ALERT_COUNT_CELL, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON, @@ -21,7 +18,6 @@ import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_DOC_COUNT_CELL, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_HOST_PREVALENCE_CELL, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_USER_PREVALENCE_CELL, - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_DATE_PICKER, } from '../../../../screens/expandable_flyout/alert_details_left_panel_prevalence_tab'; import { login } from '../../../../tasks/login'; @@ -48,18 +44,18 @@ describe( it('should display prevalence tab', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB) - .should('be.visible') - .and('have.text', 'Insights'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible'); + .should('have.text', 'Insights') + .and('have.class', 'euiTab-isSelected'); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON) - .should('be.visible') - .and('have.text', 'Prevalence'); + .should('have.text', 'Prevalence') + .and('have.class', 'euiButtonGroupButton-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_DATE_PICKER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_DATE_PICKER).should( + 'contain.text', + 'Last 30 days' + ); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE).should('be.visible'); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_TYPE_CELL) .should('contain.text', 'host.os.name') .and('contain.text', 'host.name') diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_response_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_response_tab.cy.ts index 8948480911c961..e4c2baba4e87ec 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_response_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_response_tab.cy.ts @@ -5,7 +5,10 @@ * 2.0. */ -import { DOCUMENT_DETAILS_FLYOUT_RESPONSE_EMPTY } from '../../../../screens/expandable_flyout/alert_details_left_panel_response_tab'; +import { + DOCUMENT_DETAILS_FLYOUT_RESPONSE_DETAILS, + DOCUMENT_DETAILS_FLYOUT_RESPONSE_EMPTY, +} from '../../../../screens/expandable_flyout/alert_details_left_panel_response_tab'; import { openResponseTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_response_tab'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; @@ -15,6 +18,7 @@ import { createRule } from '../../../../tasks/api_calls/rules'; import { getNewRule } from '../../../../objects/rule'; import { ALERTS_URL } from '../../../../urls/navigation'; import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; +import { DOCUMENT_DETAILS_FLYOUT_RESPONSE_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; describe( 'Alert details expandable flyout left panel investigation', @@ -31,7 +35,16 @@ describe( }); it('should display empty response message', () => { - cy.get(DOCUMENT_DETAILS_FLYOUT_RESPONSE_EMPTY).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_RESPONSE_TAB) + .should('have.text', 'Response') + .and('have.class', 'euiTab-isSelected'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_RESPONSE_DETAILS).should('contain.text', 'Responses'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_RESPONSE_EMPTY).and( + 'contain.text', + "There are no response actions defined for this event. To add some, edit the rule's settings and set up response actions(opens in a new tab or window)." + ); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_session_view_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_session_view_tab.cy.ts index cbe17d55271e2a..0c37aa9b835bb5 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_session_view_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_session_view_tab.cy.ts @@ -6,10 +6,7 @@ */ import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON } from '../../../../screens/expandable_flyout/alert_details_left_panel_session_view_tab'; -import { - DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB, - DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; import { login } from '../../../../tasks/login'; @@ -35,14 +32,12 @@ describe.skip( it('should display session view under visualize', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB) - .should('be.visible') - .and('have.text', 'Visualize'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP).should('be.visible'); + .and('have.text', 'Visualize') + .and('have.class', 'euiTab-isSelected'); cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON) - .should('be.visible') - .and('have.text', 'Session View'); + .should('have.text', 'Session View') + .and('have.class', 'euiButtonGroupButton-isSelected'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.cy.ts index 85338d85ed7325..17080cbd32ae82 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.cy.ts @@ -16,10 +16,7 @@ import { visit } from '../../../../tasks/navigation'; import { ALERTS_URL } from '../../../../urls/navigation'; import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel'; import { openThreatIntelligenceTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_threat_intelligence_tab'; -import { - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB, - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON } from '../../../../screens/expandable_flyout/alert_details_left_panel_threat_intelligence_tab'; describe( @@ -39,16 +36,14 @@ describe( it('should serialize its state to url', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB) - .should('be.visible') - .and('have.text', 'Insights'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible'); + .should('have.text', 'Insights') + .and('have.class', 'euiTab-isSelected'); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON) - .should('be.visible') - .and('have.text', 'Threat intelligence'); + .should('have.text', 'Threat intelligence') + .and('have.class', 'euiButtonGroupButton-isSelected'); - cy.get(INDICATOR_MATCH_ENRICHMENT_SECTION).should('be.visible'); + cy.get(INDICATOR_MATCH_ENRICHMENT_SECTION).should('exist'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_alert_reason_preview.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_alert_reason_preview.cy.ts index 09d90627d8b1bd..89596877fb3e89 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_alert_reason_preview.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_alert_reason_preview.cy.ts @@ -32,8 +32,15 @@ describe( describe('alert reason preview', () => { it('should display alert reason preview', () => { - cy.get(DOCUMENT_DETAILS_FLYOUT_ALERT_REASON_PREVIEW_CONTAINER).scrollIntoView(); - cy.get(DOCUMENT_DETAILS_FLYOUT_ALERT_REASON_PREVIEW_CONTAINER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_ALERT_REASON_PREVIEW_CONTAINER) + .should('contain.text', 'Alert reason') + .and('contain.text', 'process') + .and('contain.text', 'zsh') + .and('contain.text', '80') + .and('contain.text', 'test') + .and('contain.text', 'siem-kibana') + .and('contain.text', 'high') + .and('contain.text', rule.name); }); }); } diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_rule_preview.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_rule_preview.cy.ts index 13c98358ec3eed..82ce9902929018 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_rule_preview.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_rule_preview.cy.ts @@ -7,12 +7,9 @@ import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; import { - DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SECTION, - DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_HEADER, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE, DOCUMENT_DETAILS_FLYOUT_CREATED_BY, DOCUMENT_DETAILS_FLYOUT_UPDATED_BY, - DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_BODY, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_HEADER, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_CONTENT, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_HEADER, @@ -20,6 +17,7 @@ import { DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_HEADER, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_CONTENT, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER, + DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER_LINK, } from '../../../../screens/expandable_flyout/alert_details_preview_panel_rule_preview'; import { toggleRulePreviewAboutSection, @@ -53,48 +51,75 @@ describe( it('should display rule preview and its sub sections', () => { cy.log('rule preview panel'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SECTION).scrollIntoView(); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_HEADER).should('be.visible'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_BODY).should('be.visible'); - cy.log('title'); cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE).scrollIntoView(); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE).should('contain.text', rule.name); cy.get(DOCUMENT_DETAILS_FLYOUT_CREATED_BY).should('be.visible'); cy.get(DOCUMENT_DETAILS_FLYOUT_UPDATED_BY).should('be.visible'); cy.log('about'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_HEADER) - .should('be.visible') - .and('contain.text', 'About'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_CONTENT).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_HEADER).should( + 'contain.text', + 'About' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_CONTENT) + .should('contain.text', 'Severity') + .and('contain.text', 'High') + .and('contain.text', 'Risk score') + .and('contain.text', '17'); + toggleRulePreviewAboutSection(); cy.log('definition'); toggleRulePreviewDefinitionSection(); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_HEADER) - .should('be.visible') - .and('contain.text', 'Definition'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_HEADER).should( + 'contain.text', + 'Definition' + ); cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT).should( - 'be.visible' + 'contain.text', + 'Index patterns' + ); + // @ts-ignore + rule.index.forEach((index: string) => + cy + .get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT) + .should('contain.text', index) ); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT) + .should('contain.text', 'Custom query') + .and('contain.text', rule.query); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT) + .should('contain.text', 'Rule type') + .and('contain.text', rule.type); + toggleRulePreviewDefinitionSection(); cy.log('schedule'); toggleRulePreviewScheduleSection(); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_HEADER) - .should('be.visible') - .and('contain.text', 'Schedule'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_CONTENT).should('be.visible'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_HEADER).should( + 'contain.text', + 'Schedule' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_CONTENT) + .should('contain.text', 'Runs every') + .and('contain.text', rule.interval); + toggleRulePreviewScheduleSection(); cy.log('footer'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER).scrollIntoView(); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER_LINK).should( + 'contain.text', + 'Show rule details' + ); }); }); } diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts index d89cc4ad4eb50b..6e0b437f2e2e6a 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts @@ -30,6 +30,8 @@ import { DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED, DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND, DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON, + DOCUMENT_DETAILS_FLYOUT_HEADER_ICON, + DOCUMENT_DETAILS_FLYOUT_HEADER_LINK_ICON, DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE, DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE, DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE, @@ -56,167 +58,158 @@ import { createRule } from '../../../../tasks/api_calls/rules'; import { getNewRule } from '../../../../objects/rule'; import { ALERTS_URL } from '../../../../urls/navigation'; import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; +import { TOASTER } from '../../../../screens/alerts_detection_rules'; -// FLAKY: https://github.com/elastic/kibana/issues/171002 -describe.skip( - 'Alert details expandable flyout right panel', - { tags: ['@ess', '@serverless'] }, - () => { - const rule = getNewRule(); - - beforeEach(() => { - deleteAlertsAndRules(); - login(); - createRule(rule); - visit(ALERTS_URL); - waitForAlertsToPopulate(); - }); - - it('should display header and footer basics', () => { - expandFirstAlertExpandableFlyout(); - - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('have.text', rule.name); - - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_STATUS).should('have.text', 'open'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE).should('have.text', 'Risk score:'); - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE) - .should('be.visible') - .and('have.text', rule.risk_score); - - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE) - .should('be.visible') - .and('have.text', upperFirst(rule.severity)); - - cy.log('Verify all 3 tabs are visible'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB) - .should('have.text', 'Overview') - .and('have.class', 'euiTab-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB) - .should('have.text', 'Table') - .and('not.have.class', 'euiTab-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB) - .should('have.text', 'JSON') - .and('not.have.class', 'euiTab-isSelected'); - - cy.log('Verify the expand/collapse button is visible and functionality works'); - - expandDocumentDetailsExpandableFlyoutLeftSection(); - cy.get(DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON).should( - 'have.text', - 'Collapse details' - ); +describe('Alert details expandable flyout right panel', { tags: ['@ess', '@serverless'] }, () => { + const rule = getNewRule(); + + beforeEach(() => { + deleteAlertsAndRules(); + login(); + createRule(rule); + visit(ALERTS_URL); + waitForAlertsToPopulate(); + }); + + it('should display header and footer basics', () => { + expandFirstAlertExpandableFlyout(); + + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_ICON).should('exist'); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('have.text', rule.name); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_LINK_ICON).should('exist'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_STATUS).should('have.text', 'open'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE).should('have.text', 'Risk score:'); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE) + .should('be.visible') + .and('have.text', rule.risk_score); + + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE) + .should('be.visible') + .and('have.text', upperFirst(rule.severity)); + + cy.log('Verify all 3 tabs are visible'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB) + .should('have.text', 'Overview') + .and('have.class', 'euiTab-isSelected'); + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB) + .should('have.text', 'Table') + .and('not.have.class', 'euiTab-isSelected'); + cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB) + .should('have.text', 'JSON') + .and('not.have.class', 'euiTab-isSelected'); + + cy.log('Verify the expand/collapse button is visible and functionality works'); + + expandDocumentDetailsExpandableFlyoutLeftSection(); + cy.get(DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON).should('have.text', 'Collapse details'); + + collapseDocumentDetailsExpandableFlyoutLeftSection(); + cy.get(DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON).should('have.text', 'Expand details'); + + cy.log('Verify the take action button is visible on all tabs'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); + + openTableTab(); + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB).should('have.class', 'euiTab-isSelected'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); + + openJsonTab(); + cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB).should('have.class', 'euiTab-isSelected'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); + }); + + // TODO this will change when add to existing case is improved + // https://github.com/elastic/security-team/issues/6298 + it('should add to existing case', () => { + expandFirstAlertExpandableFlyout(); + openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE); + fillOutFormToCreateNewCase(); + openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_EXISTING_CASE); + + cy.get(EXISTING_CASE_SELECT_BUTTON).contains('Select').click(); - collapseDocumentDetailsExpandableFlyoutLeftSection(); - cy.get(DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON).should('have.text', 'Expand details'); + cy.get(VIEW_CASE_TOASTER_LINK).should('contain.text', 'View case'); + }); - cy.log('Verify the take action button is visible on all tabs'); + // TODO this will change when add to new case is improved + // https://github.com/elastic/security-team/issues/6298 + it('should add to new case', () => { + expandFirstAlertExpandableFlyout(); + openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE); + fillOutFormToCreateNewCase(); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); + cy.get(VIEW_CASE_TOASTER_LINK).should('contain.text', 'View case'); + }); - openTableTab(); - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB).should('have.class', 'euiTab-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); - - openJsonTab(); - cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB).should('have.class', 'euiTab-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); - }); - - // TODO this will change when add to existing case is improved - // https://github.com/elastic/security-team/issues/6298 - it('should add to existing case', () => { - expandFirstAlertExpandableFlyout(); - openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE); - fillOutFormToCreateNewCase(); - openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_EXISTING_CASE); - - cy.get(EXISTING_CASE_SELECT_BUTTON).should('be.visible').contains('Select').click(); - - cy.get(VIEW_CASE_TOASTER_LINK).should('be.visible').and('contain.text', 'View case'); - }); - - // TODO this will change when add to new case is improved - // https://github.com/elastic/security-team/issues/6298 - it('should add to new case', () => { - expandFirstAlertExpandableFlyout(); - openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE); - fillOutFormToCreateNewCase(); - - cy.get(VIEW_CASE_TOASTER_LINK).should('be.visible').and('contain.text', 'View case'); - }); - - it('should mark as acknowledged', () => { - cy.get(ALERT_CHECKBOX).should('have.length', 1); - - expandFirstAlertExpandableFlyout(); - openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_MARK_AS_ACKNOWLEDGED); - - // TODO figure out how to verify the toasts pops up - // cy.get(KIBANA_TOAST) - // .should('be.visible') - // .and('have.text', 'Successfully marked 1 alert as acknowledged.'); - cy.get(EMPTY_ALERT_TABLE).should('exist'); - }); - - it('should mark as closed', () => { - cy.get(ALERT_CHECKBOX).should('have.length', 1); - - expandFirstAlertExpandableFlyout(); - openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED); - - // TODO figure out how to verify the toasts pops up - // cy.get(KIBANA_TOAST).should('be.visible').and('have.text', 'Successfully closed 1 alert.'); - cy.get(EMPTY_ALERT_TABLE).should('exist'); - }); - - // these actions are now grouped together as we're not really testing their functionality but just the existence of the option in the dropdown - it('should test other action within take action dropdown', () => { - expandFirstAlertExpandableFlyout(); - - cy.log('should add endpoint exception'); - - // TODO figure out why this option is disabled in Cypress but not running the app locally - // https://github.com/elastic/security-team/issues/6300 - openTakeActionButton(); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_ENDPOINT_EXCEPTION).should('be.disabled'); - - cy.log('should add rule exception'); - - // TODO this isn't fully testing the add rule exception yet - // https://github.com/elastic/security-team/issues/6301 - selectTakeActionItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_HEADER).should('exist'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_CANCEL_BUTTON) - .should('be.visible') - .click(); - - // cy.log('should isolate host'); - - // TODO figure out why isolate host isn't showing up in the dropdown - // https://github.com/elastic/security-team/issues/6302 - // openTakeActionButton(); - // cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ISOLATE_HOST).should('be.visible'); - - cy.log('should respond'); - - // TODO this will change when respond is improved - // https://github.com/elastic/security-team/issues/6303 - openTakeActionButton(); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND).should('be.disabled'); - - cy.log('should investigate in timeline'); - - selectTakeActionItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_SECTION) - .first() - .within(() => - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_ENTRY).should('exist') - ); - }); - } -); + it('should mark as acknowledged', () => { + cy.get(ALERT_CHECKBOX).should('have.length', 1); + + expandFirstAlertExpandableFlyout(); + openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_MARK_AS_ACKNOWLEDGED); + + cy.get(TOASTER).should('have.text', 'Successfully marked 1 alert as acknowledged.'); + cy.get(EMPTY_ALERT_TABLE).should('exist'); + }); + + it('should mark as closed', () => { + cy.get(ALERT_CHECKBOX).should('have.length', 1); + + expandFirstAlertExpandableFlyout(); + openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED); + + cy.get(TOASTER).should('have.text', 'Successfully closed 1 alert.'); + cy.get(EMPTY_ALERT_TABLE).should('exist'); + }); + + // these actions are now grouped together as we're not really testing their functionality but just the existence of the option in the dropdown + it('should test other action within take action dropdown', () => { + expandFirstAlertExpandableFlyout(); + + cy.log('should add endpoint exception'); + + // TODO figure out why this option is disabled in Cypress but not running the app locally + // https://github.com/elastic/security-team/issues/6300 + openTakeActionButton(); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_ENDPOINT_EXCEPTION).should('be.disabled'); + + cy.log('should add rule exception'); + + // TODO this isn't fully testing the add rule exception yet + // https://github.com/elastic/security-team/issues/6301 + selectTakeActionItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_HEADER).should('exist'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_CANCEL_BUTTON) + .should('be.visible') + .click(); + + // cy.log('should isolate host'); + + // TODO figure out why isolate host isn't showing up in the dropdown + // https://github.com/elastic/security-team/issues/6302 + // openTakeActionButton(); + // cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ISOLATE_HOST).should('be.visible'); + + cy.log('should respond'); + + // TODO this will change when respond is improved + // https://github.com/elastic/security-team/issues/6303 + openTakeActionButton(); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND).should('be.disabled'); + + cy.log('should investigate in timeline'); + + selectTakeActionItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_SECTION) + .first() + .within(() => + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_ENTRY).should('exist') + ); + }); +}); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_json_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_json_tab.cy.ts index a7bb39381ad9ad..f41dba6dd1006e 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_json_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_json_tab.cy.ts @@ -7,7 +7,10 @@ import { openJsonTab } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; -import { DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT } from '../../../../screens/expandable_flyout/alert_details_right_panel_json_tab'; +import { + DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT, + DOCUMENT_DETAILS_FLYOUT_JSON_TAB_COPY_TO_CLIPBOARD_BUTTON, +} from '../../../../screens/expandable_flyout/alert_details_right_panel_json_tab'; import { login } from '../../../../tasks/login'; import { visit } from '../../../../tasks/navigation'; import { createRule } from '../../../../tasks/api_calls/rules'; @@ -29,7 +32,13 @@ describe( }); it('should display the json component', () => { - cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT).should('exist'); + cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB_COPY_TO_CLIPBOARD_BUTTON).should( + 'have.text', + 'Copy to clipboard' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT) + .should('contain.text', '_index') + .and('contain.text', '_id'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_table_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_table_tab.cy.ts index 9f10b73065ba85..aa320000a256ce 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_table_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_table_tab.cy.ts @@ -12,6 +12,7 @@ import { PROVIDER_BADGE } from '../../../../screens/timeline'; import { removeKqlFilter } from '../../../../tasks/search_bar'; import { COLUMN_HEADER, FILTER_BADGE, TIMESTAMP_COLUMN } from '../../../../screens/alerts'; import { + DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_HOST_OS_BUILD_ROW, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_COPY_TO_CLIPBOARD, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_CELL, @@ -19,7 +20,6 @@ import { } from '../../../../screens/expandable_flyout/alert_details_right_panel_table_tab'; import { addToTimelineTableTabTable, - clearFilterTableTabTable, filterInTableTabTable, filterOutTableTabTable, filterTableTabTable, @@ -48,11 +48,23 @@ describe( }); it('should display and filter the table', () => { - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW).should('be.visible'); - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW) + .should('be.visible') + .and('contain.text', '@timestamp'); + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW) + .should('be.visible') + .and('contain.text', '_id'); + + // this entry is the last one of the first page of the table and should not be visible + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_HOST_OS_BUILD_ROW) + .should('not.be.visible') + .and('contain.text', 'host.os.build'); + filterTableTabTable('timestamp'); - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW).should('be.visible'); - clearFilterTableTabTable(); + + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW) + .should('be.visible') + .and('contain.text', '@timestamp'); }); it('should test cell actions', () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_url_sync.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_url_sync.cy.ts index 5e46dea3ee245a..fae802cbfc190e 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_url_sync.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_url_sync.cy.ts @@ -33,7 +33,7 @@ describe('Expandable flyout state sync', { tags: ['@ess', '@serverless'] }, () = cy.log('should serialize its state to url'); cy.url().should('include', 'eventFlyout'); - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('be.visible').and('have.text', rule.name); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('have.text', rule.name); cy.log('should reopen the flyout after browser refresh'); @@ -41,7 +41,7 @@ describe('Expandable flyout state sync', { tags: ['@ess', '@serverless'] }, () = waitForAlertsToPopulate(); cy.url().should('include', 'eventFlyout'); - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('be.visible').and('have.text', rule.name); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('have.text', rule.name); cy.log('should clear the url state when flyout is closed'); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/creation.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/creation.cy.ts index 1b69b314daf75f..546cdaa6b64c1a 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/creation.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/creation.cy.ts @@ -75,7 +75,8 @@ describe('Timelines', (): void => { deleteTimelines(); }); - describe('Toggle create timeline from plus icon', () => { + // FLAKY: https://github.com/elastic/kibana/issues/169866 + describe.skip('Toggle create timeline from plus icon', () => { context('Privileges: CRUD', { tags: '@ess' }, () => { beforeEach(() => { login(); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/alerts.ts b/x-pack/test/security_solution_cypress/cypress/screens/alerts.ts index f616b63e45e19d..0eaec7ce0b4716 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/alerts.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/alerts.ts @@ -140,10 +140,8 @@ export const SELECT_HISTOGRAM = '[data-test-subj="chart-select-trend"]'; export const LEGEND_ACTIONS = { ADD_TO_TIMELINE: (ruleName: string) => `[data-test-subj="legend-${ruleName}-embeddable_addToTimeline"]`, - FILTER_FOR: (ruleName: string) => - `[data-test-subj="legend-${ruleName}-histogramLegendActionFilterIn"]`, - FILTER_OUT: (ruleName: string) => - `[data-test-subj="legend-${ruleName}-histogramLegendActionFilterOut"]`, + FILTER_FOR: (ruleName: string) => `[data-test-subj="legend-${ruleName}-embeddable_filterIn"]`, + FILTER_OUT: (ruleName: string) => `[data-test-subj="legend-${ruleName}-embeddable_filterOut"]`, COPY: (ruleName: string) => `[data-test-subj="legend-${ruleName}-embeddable_copyToClipboard"]`, }; diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel.ts index 5b8c8255dffee1..7edd12dcf1eda6 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel.ts @@ -5,10 +5,6 @@ * 2.0. */ -import { - INSIGHTS_TAB_BUTTON_GROUP_TEST_ID, - VISUALIZE_TAB_BUTTON_GROUP_TEST_ID, -} from '@kbn/security-solution-plugin/public/flyout/document_details/left/tabs/test_ids'; import { INSIGHTS_TAB_TEST_ID, INVESTIGATION_TAB_TEST_ID, @@ -25,9 +21,3 @@ export const DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB = getDataTestSubjectSelector(INVESTIGATION_TAB_TEST_ID); export const DOCUMENT_DETAILS_FLYOUT_RESPONSE_TAB = getDataTestSubjectSelector(RESPONSE_TAB_TEST_ID); -export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP = getDataTestSubjectSelector( - VISUALIZE_TAB_BUTTON_GROUP_TEST_ID -); -export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP = getDataTestSubjectSelector( - INSIGHTS_TAB_BUTTON_GROUP_TEST_ID -); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_entities_tab.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_entities_tab.ts index 0cda5fb1c87ee6..8d4bb411c9e3e9 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_entities_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_entities_tab.ts @@ -6,23 +6,33 @@ */ import { - ENTITIES_DETAILS_TEST_ID, HOST_DETAILS_TEST_ID, USER_DETAILS_TEST_ID, } from '@kbn/security-solution-plugin/public/flyout/document_details/left/components/test_ids'; import { INSIGHTS_TAB_ENTITIES_BUTTON_TEST_ID } from '@kbn/security-solution-plugin/public/flyout/document_details/left/tabs/test_ids'; -import { EXPANDABLE_PANEL_CONTENT_TEST_ID } from '@kbn/security-solution-plugin/public/flyout/shared/components/test_ids'; +import { + EXPANDABLE_PANEL_CONTENT_TEST_ID, + EXPANDABLE_PANEL_HEADER_RIGHT_SECTION_TEST_ID, + EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID, +} from '@kbn/security-solution-plugin/public/flyout/shared/components/test_ids'; import { getDataTestSubjectSelector } from '../../helpers/common'; export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON = getDataTestSubjectSelector( INSIGHTS_TAB_ENTITIES_BUTTON_TEST_ID ); - -export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT = - getDataTestSubjectSelector(ENTITIES_DETAILS_TEST_ID); +export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_TITLE = getDataTestSubjectSelector( + EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID(USER_DETAILS_TEST_ID) +); +export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_RIGHT_SECTION = + getDataTestSubjectSelector(EXPANDABLE_PANEL_HEADER_RIGHT_SECTION_TEST_ID(USER_DETAILS_TEST_ID)); export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS = getDataTestSubjectSelector( EXPANDABLE_PANEL_CONTENT_TEST_ID(USER_DETAILS_TEST_ID) ); +export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_TITLE = getDataTestSubjectSelector( + EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID(HOST_DETAILS_TEST_ID) +); +export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_RIGHT_SECTION = + getDataTestSubjectSelector(EXPANDABLE_PANEL_HEADER_RIGHT_SECTION_TEST_ID(HOST_DETAILS_TEST_ID)); export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS = getDataTestSubjectSelector( EXPANDABLE_PANEL_CONTENT_TEST_ID(HOST_DETAILS_TEST_ID) ); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_prevalence_tab.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_prevalence_tab.ts index 0efc48511c9bed..fe7f7d2fc9e8e3 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_prevalence_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_prevalence_tab.ts @@ -10,7 +10,6 @@ import { PREVALENCE_DETAILS_TABLE_DOC_COUNT_CELL_TEST_ID, PREVALENCE_DETAILS_TABLE_HOST_PREVALENCE_CELL_TEST_ID, PREVALENCE_DETAILS_TABLE_VALUE_CELL_TEST_ID, - PREVALENCE_DETAILS_TABLE_TEST_ID, PREVALENCE_DETAILS_TABLE_FIELD_CELL_TEST_ID, PREVALENCE_DETAILS_TABLE_USER_PREVALENCE_CELL_TEST_ID, PREVALENCE_DETAILS_DATE_PICKER_TEST_ID, @@ -23,9 +22,6 @@ export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON = getDataTes ); export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_DATE_PICKER = getDataTestSubjectSelector(PREVALENCE_DETAILS_DATE_PICKER_TEST_ID); -export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE = getDataTestSubjectSelector( - PREVALENCE_DETAILS_TABLE_TEST_ID -); export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_TYPE_CELL = getDataTestSubjectSelector(PREVALENCE_DETAILS_TABLE_FIELD_CELL_TEST_ID); export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_NAME_CELL = diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts index 90d051aec1b571..e808a3c07a7db7 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts @@ -9,7 +9,6 @@ import { RULE_PREVIEW_TITLE_TEST_ID, RULE_PREVIEW_RULE_CREATED_BY_TEST_ID, RULE_PREVIEW_RULE_UPDATED_BY_TEST_ID, - RULE_PREVIEW_BODY_TEST_ID, RULE_PREVIEW_ABOUT_HEADER_TEST_ID, RULE_PREVIEW_ABOUT_CONTENT_TEST_ID, RULE_PREVIEW_DEFINITION_HEADER_TEST_ID, @@ -17,46 +16,35 @@ import { RULE_PREVIEW_SCHEDULE_HEADER_TEST_ID, RULE_PREVIEW_SCHEDULE_CONTENT_TEST_ID, RULE_PREVIEW_FOOTER_TEST_ID, + RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID, } from '@kbn/security-solution-plugin/public/flyout/document_details/preview/components/test_ids'; import { getDataTestSubjectSelector } from '../../helpers/common'; -export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SECTION = - getDataTestSubjectSelector('previewSection'); - -export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_HEADER = - getDataTestSubjectSelector('previewSectionHeader'); - export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE = getDataTestSubjectSelector( RULE_PREVIEW_TITLE_TEST_ID ); - export const DOCUMENT_DETAILS_FLYOUT_CREATED_BY = getDataTestSubjectSelector( RULE_PREVIEW_RULE_CREATED_BY_TEST_ID ); - export const DOCUMENT_DETAILS_FLYOUT_UPDATED_BY = getDataTestSubjectSelector( RULE_PREVIEW_RULE_UPDATED_BY_TEST_ID ); - -export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_BODY = - getDataTestSubjectSelector(RULE_PREVIEW_BODY_TEST_ID); - export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_HEADER = getDataTestSubjectSelector( RULE_PREVIEW_ABOUT_HEADER_TEST_ID ); export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_CONTENT = getDataTestSubjectSelector(RULE_PREVIEW_ABOUT_CONTENT_TEST_ID); - export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_HEADER = getDataTestSubjectSelector(RULE_PREVIEW_DEFINITION_HEADER_TEST_ID); export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT = getDataTestSubjectSelector(RULE_PREVIEW_DEFINITION_CONTENT_TEST_ID); - export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_HEADER = getDataTestSubjectSelector(RULE_PREVIEW_SCHEDULE_HEADER_TEST_ID); export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_CONTENT = getDataTestSubjectSelector(RULE_PREVIEW_SCHEDULE_CONTENT_TEST_ID); - export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER = getDataTestSubjectSelector( RULE_PREVIEW_FOOTER_TEST_ID ); +export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER_LINK = getDataTestSubjectSelector( + RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID +); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts index de2a25749d6a9d..abf9585e368ec8 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts @@ -21,6 +21,8 @@ import { import { COLLAPSE_DETAILS_BUTTON_TEST_ID, EXPAND_DETAILS_BUTTON_TEST_ID, + TITLE_HEADER_TEXT_TEST_ID, + TITLE_LINK_ICON_TEST_ID, } from '@kbn/security-solution-plugin/public/flyout/shared/components/test_ids'; import { getDataTestSubjectSelector } from '../../helpers/common'; @@ -28,8 +30,14 @@ export const DOCUMENT_DETAILS_FLYOUT_BODY = getDataTestSubjectSelector(FLYOUT_BO /* Header */ +export const DOCUMENT_DETAILS_FLYOUT_HEADER_ICON = getDataTestSubjectSelector( + TITLE_LINK_ICON_TEST_ID(FLYOUT_HEADER_TITLE_TEST_ID) +); export const DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE = getDataTestSubjectSelector( - FLYOUT_HEADER_TITLE_TEST_ID + TITLE_HEADER_TEXT_TEST_ID(FLYOUT_HEADER_TITLE_TEST_ID) +); +export const DOCUMENT_DETAILS_FLYOUT_HEADER_LINK_ICON = getDataTestSubjectSelector( + TITLE_LINK_ICON_TEST_ID(FLYOUT_HEADER_TITLE_TEST_ID) ); export const DOCUMENT_DETAILS_FLYOUT_CLOSE_BUTTON = getDataTestSubjectSelector('euiFlyoutCloseButton'); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_json_tab.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_json_tab.ts index e53d1af68d4556..66549fea944c6d 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_json_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_json_tab.ts @@ -5,11 +5,14 @@ * 2.0. */ -import { JSON_TAB_CONTENT_TEST_ID } from '@kbn/security-solution-plugin/public/flyout/document_details/right/tabs/test_ids'; -import { RIGHT_SECTION_TEST_ID } from '@kbn/expandable-flyout/src/components/test_ids'; +import { + JSON_TAB_CONTENT_TEST_ID, + JSON_TAB_COPY_TO_CLIPBOARD_BUTTON_TEST_ID, +} from '@kbn/security-solution-plugin/public/flyout/document_details/right/tabs/test_ids'; import { getDataTestSubjectSelector } from '../../helpers/common'; -export const DOCUMENT_DETAILS_FLYOUT_RIGHT_PANEL_CONTENT = - getDataTestSubjectSelector(RIGHT_SECTION_TEST_ID); +export const DOCUMENT_DETAILS_FLYOUT_JSON_TAB_COPY_TO_CLIPBOARD_BUTTON = getDataTestSubjectSelector( + JSON_TAB_COPY_TO_CLIPBOARD_BUTTON_TEST_ID +); export const DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT = getDataTestSubjectSelector(JSON_TAB_CONTENT_TEST_ID); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_table_tab.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_table_tab.ts index 771180e1be13fd..18c0bd9029ff6b 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_table_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_table_tab.ts @@ -5,15 +5,9 @@ * 2.0. */ -import { TABLE_TAB_CONTENT_TEST_ID } from '@kbn/security-solution-plugin/public/flyout/document_details/right/tabs/test_ids'; import { getClassSelector, getDataTestSubjectSelector } from '../../helpers/common'; -export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CONTENT = - getDataTestSubjectSelector(TABLE_TAB_CONTENT_TEST_ID); - export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER = getClassSelector('euiFieldSearch'); -export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER = - getDataTestSubjectSelector('clearSearchButton'); export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW = getDataTestSubjectSelector( 'event-fields-table-row-@timestamp' ); @@ -22,6 +16,9 @@ export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_CELL = export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW = getDataTestSubjectSelector( 'event-fields-table-row-_id' ); +export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_HOST_OS_BUILD_ROW = getDataTestSubjectSelector( + 'event-fields-table-row-host.os.build' +); const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_ACTIONS = 'actionItem-security-detailsFlyout-cellActions-'; export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_IN = getDataTestSubjectSelector( diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_left_panel_correlations_tab.ts b/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_left_panel_correlations_tab.ts index abc08842c2fc64..cf023e4bd9a68f 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_left_panel_correlations_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_left_panel_correlations_tab.ts @@ -14,7 +14,3 @@ export const openCorrelationsTab = () => { cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON).scrollIntoView(); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON).should('be.visible').click(); }; - -export const expandCorrelationsSection = (sectionSelector: string) => { - cy.get(`${sectionSelector} button`).should('be.visible').click(); -}; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_right_panel_table_tab.ts b/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_right_panel_table_tab.ts index fe578fd145179f..0e87a938d62773 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_right_panel_table_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_right_panel_table_tab.ts @@ -7,7 +7,6 @@ import { DOCUMENT_DETAILS_FLYOUT_BODY } from '../../screens/expandable_flyout/alert_details_right_panel'; import { - DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_ADD_TO_TIMELINE, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_IN, @@ -24,14 +23,6 @@ export const filterTableTabTable = (filterValue: string) => cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER).type(filterValue); }); -/** - * Clear table filter under the Table tab in the alert details expandable flyout right section - */ -export const clearFilterTableTabTable = () => - cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => { - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER).click(); - }); - /** * Filter In action in the first table row under the Table tab in the alert details expandable flyout right section */ @@ -65,11 +56,3 @@ export const toggleColumnTableTabTable = () => { cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_CELL).first().realHover(); cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_TOGGLE_COLUMN).click(); }; - -/** - * Clear filters in the alert page KQL bar - */ -export const clearFilters = () => - cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => { - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_OUT).first().click(); - }); diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts index 07a91a903536bd..4bf71413f8a571 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts @@ -12,7 +12,7 @@ import { LoginState } from '@kbn/security-plugin/common/login_state'; import type { SecurityRoleName } from '@kbn/security-solution-plugin/common/test'; import { KNOWN_SERVERLESS_ROLE_DEFINITIONS } from '@kbn/security-solution-plugin/common/test'; import { LOGOUT_URL } from '../urls/navigation'; -import { rootRequest } from './common'; +import { API_HEADERS, rootRequest } from './common'; import { CLOUD_SERVERLESS, ELASTICSEARCH_PASSWORD, @@ -210,7 +210,7 @@ const loginWithUsernameAndPassword = (username: string, password: string): void (provider) => provider.type === 'basic' ); - return rootRequest({ + cy.request({ url: `${baseUrl}/internal/security/login`, method: 'POST', body: { @@ -219,6 +219,7 @@ const loginWithUsernameAndPassword = (username: string, password: string): void currentURL: '/', params: { username, password }, }, + headers: API_HEADERS, }); }); }; diff --git a/x-pack/test/security_solution_cypress/cypress/tsconfig.json b/x-pack/test/security_solution_cypress/cypress/tsconfig.json index ad3ad00e19af64..3e3563fa2e97b7 100644 --- a/x-pack/test/security_solution_cypress/cypress/tsconfig.json +++ b/x-pack/test/security_solution_cypress/cypress/tsconfig.json @@ -33,7 +33,6 @@ "@kbn/cases-components", "@kbn/security-solution-plugin", "@kbn/dev-utils", - "@kbn/expandable-flyout", "@kbn/config-schema", "@kbn/lists-plugin", "@kbn/securitysolution-list-constants", diff --git a/x-pack/test/security_solution_endpoint/apps/integrations/artifact_entries_list.ts b/x-pack/test/security_solution_endpoint/apps/integrations/artifact_entries_list.ts index 9fcc87ceffa81c..45dbff31170f8b 100644 --- a/x-pack/test/security_solution_endpoint/apps/integrations/artifact_entries_list.ts +++ b/x-pack/test/security_solution_endpoint/apps/integrations/artifact_entries_list.ts @@ -52,8 +52,19 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { .set('kbn-xsrf', 'true'); }; + // Several flaky tests from this file in serverless, hence @skipInServerless + // - https://github.com/elastic/kibana/issues?q=is%3Aissue+is%3Aopen+X-pack+endpoint+integrations++artifact+entries+list + // https://github.com/elastic/kibana/issues/171475 + // https://github.com/elastic/kibana/issues/171476 + // https://github.com/elastic/kibana/issues/171477 + // https://github.com/elastic/kibana/issues/171478 + // https://github.com/elastic/kibana/issues/171487 + // https://github.com/elastic/kibana/issues/171488 + // https://github.com/elastic/kibana/issues/171489 + // https://github.com/elastic/kibana/issues/171491 + // https://github.com/elastic/kibana/issues/171492 describe('For each artifact list under management', function () { - targetTags(this, ['@ess', '@serverless']); + targetTags(this, ['@ess', '@serverless', '@skipInServerless']); this.timeout(60_000 * 5); let indexedData: IndexedHostsAndAlertsResponse; @@ -235,7 +246,9 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }; for (const testData of getArtifactsListTestsData()) { - describe(`When on the ${testData.title} entries list`, function () { + // FLAKY: https://github.com/elastic/kibana/issues/171489 + // FLAKY: https://github.com/elastic/kibana/issues/171475 + describe.skip(`When on the ${testData.title} entries list`, function () { beforeEach(async () => { policyInfo = await policyTestResources.createPolicy(); await removeAllArtifacts(); @@ -321,7 +334,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }); } - describe('Should check artifacts are correctly generated when multiple entries', function () { + // FLAKY: https://github.com/elastic/kibana/issues/171476 + describe.skip('Should check artifacts are correctly generated when multiple entries', function () { let firstPolicy: PolicyTestResourceInfo; let secondPolicy: PolicyTestResourceInfo; diff --git a/x-pack/test/security_solution_endpoint/apps/integrations/trusted_apps_list.ts b/x-pack/test/security_solution_endpoint/apps/integrations/trusted_apps_list.ts index e00dde08d58fb3..1d48a415b1577c 100644 --- a/x-pack/test/security_solution_endpoint/apps/integrations/trusted_apps_list.ts +++ b/x-pack/test/security_solution_endpoint/apps/integrations/trusted_apps_list.ts @@ -16,7 +16,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { const browser = getService('browser'); const endpointTestResources = getService('endpointTestResources'); - describe('When on the Trusted Apps list', function () { + // FLAKY: https://github.com/elastic/kibana/issues/171481 + describe.skip('When on the Trusted Apps list', function () { targetTags(this, ['@ess', '@serverless']); let indexedData: IndexedHostsAndAlertsResponse; @@ -33,7 +34,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { await testSubjects.missingOrFail('header-page-title'); }); - it('should be able to add a new trusted app and remove it', async () => { + // FLAKY: https://github.com/elastic/kibana/issues/171481 + it.skip('should be able to add a new trusted app and remove it', async () => { const SHA256 = 'A4370C0CF81686C0B696FA6261c9d3e0d810ae704ab8301839dffd5d5112f476'; // Add it diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts index 7434f46ca35be6..79f964f8c42713 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts @@ -40,7 +40,12 @@ export default function ({ getService }: FtrProviderContext) { body: Record | undefined; } - describe('When attempting to call an endpoint api', function () { + // Flaky: + // https://github.com/elastic/kibana/issues/171655 + // https://github.com/elastic/kibana/issues/171656 + // https://github.com/elastic/kibana/issues/171647 + // https://github.com/elastic/kibana/issues/171648 + describe.skip('When attempting to call an endpoint api', function () { targetTags(this, ['@ess', '@serverless']); let indexedData: IndexedHostsAndAlertsResponse; diff --git a/yarn.lock b/yarn.lock index 27dfd72978aaec..f9b51eea5202c4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4133,6 +4133,10 @@ version "0.0.0" uid "" +"@kbn/custom-icons@link:packages/kbn-custom-icons": + version "0.0.0" + uid "" + "@kbn/custom-integrations-plugin@link:src/plugins/custom_integrations": version "0.0.0" uid "" @@ -4305,6 +4309,10 @@ version "0.0.0" uid "" +"@kbn/elastic-agent-utils@link:packages/kbn-elastic-agent-utils": + version "0.0.0" + uid "" + "@kbn/elastic-assistant-plugin@link:x-pack/plugins/elastic_assistant": version "0.0.0" uid "" @@ -8378,10 +8386,10 @@ "@tanstack/query-core" "4.29.11" use-sync-external-store "^1.2.0" -"@testim/chrome-version@^1.1.3": - version "1.1.3" - resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.1.3.tgz#fbb68696899d7b8c1b9b891eded9c04fe2cd5529" - integrity sha512-g697J3WxV/Zytemz8aTuKjTGYtta9+02kva3C1xc7KXB8GdbfE1akGJIsZLyY/FSh2QrnE+fiB7vmWU3XNcb6A== +"@testim/chrome-version@^1.1.4": + version "1.1.4" + resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.1.4.tgz#86e04e677cd6c05fa230dd15ac223fa72d1d7090" + integrity sha512-kIhULpw9TrGYnHp/8VfdcneIcxKnLixmADtukQRtJUmsVlMg0niMkwV0xZmi8hqa57xqilIHjWFA0GKvEjVU5g== "@testing-library/dom@^8.0.0": version "8.19.0" @@ -11566,7 +11574,7 @@ axios@^0.26.0: dependencies: follow-redirects "^1.14.8" -axios@^1.3.4, axios@^1.4.0, axios@^1.6.0: +axios@^1.3.4, axios@^1.6.0: version "1.6.0" resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.0.tgz#f1e5292f26b2fd5c2e66876adc5b06cdbd7d2102" integrity sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg== @@ -12838,18 +12846,18 @@ chrome-trace-event@^1.0.2: dependencies: tslib "^1.9.0" -chromedriver@^119.0.0: - version "119.0.0" - resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-119.0.0.tgz#f250c442e72266f3e28d2b1eebc6a671a8629340" - integrity sha512-3TmabGT7xg57/Jbsg6B/Kqk3HaSbCP1ZHkR5zNft5vT/IWKjZCAGTH9waMI+i5KHSEiMH0zOw/WF98l+1Npkpw== +chromedriver@^119.0.1: + version "119.0.1" + resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-119.0.1.tgz#064f3650790ccea055e9bfd95c600f5ea60295e9" + integrity sha512-lpCFFLaXPpvElTaUOWKdP74pFb/sJhWtWqMjn7Ju1YriWn8dT5JBk84BGXMPvZQs70WfCYWecxdMmwfIu1Mupg== dependencies: - "@testim/chrome-version" "^1.1.3" - axios "^1.4.0" - compare-versions "^6.0.0" + "@testim/chrome-version" "^1.1.4" + axios "^1.6.0" + compare-versions "^6.1.0" extract-zip "^2.0.1" https-proxy-agent "^5.0.1" proxy-from-env "^1.1.0" - tcp-port-used "^1.0.1" + tcp-port-used "^1.0.2" chromium-bidi@0.4.28: version "0.4.28" @@ -13258,7 +13266,7 @@ compare-versions@3.5.1: resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-3.5.1.tgz#26e1f5cf0d48a77eced5046b9f67b6b61075a393" integrity sha512-9fGPIB7C6AyM18CJJBHt5EnCZDG3oiTJYy0NjfIAGjKpzv0tkxWko7TNQHF5ymqm7IH03tqmeuBxtvD+Izh6mg== -compare-versions@^6.0.0: +compare-versions@^6.1.0: version "6.1.0" resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-6.1.0.tgz#3f2131e3ae93577df111dba133e6db876ffe127a" integrity sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg== @@ -14359,13 +14367,6 @@ debug@4, debug@4.3.4, debug@^4.0.0, debug@^4.1.0, debug@^4.1.1, debug@^4.3.1, de dependencies: ms "2.1.2" -debug@4.1.0: - version "4.1.0" - resolved "https://registry.yarnpkg.com/debug/-/debug-4.1.0.tgz#373687bffa678b38b1cd91f861b63850035ddc87" - integrity sha512-heNPJUJIqC+xB6ayLAMHaIrmN9HKa7aQO8MGqKpvCA+uJYVcvR6l5kgdrhRuwPFHU7P5/A1w0BjByPHwpfTDKg== - dependencies: - ms "^2.1.1" - debug@4.1.1: version "4.1.1" resolved "https://registry.yarnpkg.com/debug/-/debug-4.1.1.tgz#3b72260255109c6b589cee050f1d516139664791" @@ -14373,6 +14374,13 @@ debug@4.1.1: dependencies: ms "^2.1.1" +debug@4.3.1: + version "4.3.1" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.1.tgz#f0d229c505e0c6d8c49ac553d1b13dc183f6b2ee" + integrity sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ== + dependencies: + ms "2.1.2" + debuglog@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492" @@ -17863,13 +17871,13 @@ handle-thing@^2.0.0: resolved "https://registry.yarnpkg.com/handle-thing/-/handle-thing-2.0.0.tgz#0e039695ff50c93fc288557d696f3c1dc6776754" integrity sha512-d4sze1JNC454Wdo2fkuyzCr6aHcbL6PGGuFAz0Li/NcOm1tCHGnWDRmJP85dh9IhQErTc2svWFEX5xHIOo//kQ== -handlebars@4.7.7, handlebars@^4.7.7: - version "4.7.7" - resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1" - integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA== +handlebars@4.7.8, handlebars@^4.7.7: + version "4.7.8" + resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.8.tgz#41c42c18b1be2365439188c77c6afae71c0cd9e9" + integrity sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ== dependencies: minimist "^1.2.5" - neo-async "^2.6.0" + neo-async "^2.6.2" source-map "^0.6.1" wordwrap "^1.0.0" optionalDependencies: @@ -18846,10 +18854,10 @@ io-ts@^2.0.5: resolved "https://registry.yarnpkg.com/io-ts/-/io-ts-2.0.5.tgz#e6e3db9df8b047f9cbd6b69e7d2ad3e6437a0b13" integrity sha512-pL7uUptryanI5Glv+GUv7xh+aLBjxGEDmLwmEYNSx0yOD3djK0Nw5Bt0N6BAkv9LadOUU7QKpRsLcqnTh3UlLA== -ip-regex@^2.1.0: - version "2.1.0" - resolved "https://registry.yarnpkg.com/ip-regex/-/ip-regex-2.1.0.tgz#fa78bf5d2e6913c911ce9f819ee5146bb6d844e9" - integrity sha1-+ni/XS5pE8kRzp+BnuUUa7bYROk= +ip-regex@^4.1.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/ip-regex/-/ip-regex-4.3.0.tgz#687275ab0f57fa76978ff8f4dddc8a23d5990db5" + integrity sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q== ip@^1.1.8: version "1.1.8" @@ -19409,7 +19417,7 @@ is-url-superb@^4.0.0: resolved "https://registry.yarnpkg.com/is-url-superb/-/is-url-superb-4.0.0.tgz#b54d1d2499bb16792748ac967aa3ecb41a33a8c2" integrity sha512-GI+WjezhPPcbM+tqE9LnmsY5qqjwHzTvjJ36wxYX5ujNXefSUJ/T17r5bqDV8yLhcgB59KTPNOc9O9cmHTPWsA== -is-url@^1.2.2, is-url@^1.2.4: +is-url@^1.2.4: version "1.2.4" resolved "https://registry.yarnpkg.com/is-url/-/is-url-1.2.4.tgz#04a4df46d28c4cff3d73d01ff06abeb318a1aa52" integrity sha512-ITvGim8FhRiYe4IQ5uHSkj7pVaPDrCTkNd3yq3cV7iZAcJdHTUMPMEHcqSOy9xZ9qFenQCvi+2wjH9a1nXqHww== @@ -19483,14 +19491,14 @@ is-yarn-global@^0.3.0: resolved "https://registry.yarnpkg.com/is-yarn-global/-/is-yarn-global-0.3.0.tgz#d502d3382590ea3004893746754c89139973e232" integrity sha512-VjSeb/lHmkoyd8ryPVIKvOCn4D1koMqY+vqyjjUfc3xyKtP4dYOxM44sZrnqQSzSds3xyOrUTLTC9LVCVgLngw== -is2@2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/is2/-/is2-2.0.1.tgz#8ac355644840921ce435d94f05d3a94634d3481a" - integrity sha512-+WaJvnaA7aJySz2q/8sLjMb2Mw14KTplHmSwcSpZ/fWJPkUmqw3YTzSWbPJ7OAwRvdYTWF2Wg+yYJ1AdP5Z8CA== +is2@^2.0.6: + version "2.0.9" + resolved "https://registry.yarnpkg.com/is2/-/is2-2.0.9.tgz#ff63b441f90de343fa8fac2125ee170da8e8240d" + integrity sha512-rZkHeBn9Zzq52sd9IUIV3a5mfwBY+o2HePMh0wkGBM4z4qjvy2GwVxQ6nNXSfw6MmVP6gf1QIlWjiOavhM3x5g== dependencies: deep-is "^0.1.3" - ip-regex "^2.1.0" - is-url "^1.2.2" + ip-regex "^4.1.0" + is-url "^1.2.4" isarray@0.0.1: version "0.0.1" @@ -22666,7 +22674,7 @@ negotiator@0.6.3, negotiator@^0.6.2, negotiator@^0.6.3: resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.3.tgz#58e323a72fedc0d6f9cd4d31fe49f51479590ccd" integrity sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg== -neo-async@^2.5.0, neo-async@^2.6.0, neo-async@^2.6.1, neo-async@^2.6.2: +neo-async@^2.5.0, neo-async@^2.6.1, neo-async@^2.6.2: version "2.6.2" resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f" integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw== @@ -28584,13 +28592,13 @@ tcomb@^3.0.0, tcomb@^3.2.17: resolved "https://registry.yarnpkg.com/tcomb/-/tcomb-3.2.29.tgz#32404fe9456d90c2cf4798682d37439f1ccc386c" integrity sha512-di2Hd1DB2Zfw6StGv861JoAF5h/uQVu/QJp2g8KVbtfKnoHdBQl5M32YWq6mnSYBQ1vFFrns5B1haWJL7rKaOQ== -tcp-port-used@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/tcp-port-used/-/tcp-port-used-1.0.1.tgz#46061078e2d38c73979a2c2c12b5a674e6689d70" - integrity sha512-rwi5xJeU6utXoEIiMvVBMc9eJ2/ofzB+7nLOdnZuFTmNCLqRiQh2sMG9MqCxHU/69VC/Fwp5dV9306Qd54ll1Q== +tcp-port-used@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/tcp-port-used/-/tcp-port-used-1.0.2.tgz#9652b7436eb1f4cfae111c79b558a25769f6faea" + integrity sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA== dependencies: - debug "4.1.0" - is2 "2.0.1" + debug "4.3.1" + is2 "^2.0.6" teex@^1.0.1: version "1.0.1"