[SECURITY] Rename siem plugin to security_solution (#67902)

* rename siem to security_solution

* rename siem to security solution inside of code

* rename translation keys

* fix snapshot

* replace siem for security solution in tutorial

* missing translation to be renamed

* fix types for api test integration

* updates runner file to match the new path

* change category for kibana settings

* miss renaming in advance settings

* fixes cypress tests

* fix api integration test

* fix new translation

* fix unit test

* update translation i18n

* update translation i18n II

Co-authored-by: Gloria Hornero <snootchie.boochies@gmail.com>

.eslintrc.js

@@ -587,11 +587,11 @@ module.exports = {
     },
 
     /**
-     * SIEM overrides
+     * Security Solution overrides
      */
     {
       // front end typescript and javascript files only
-      files: ['x-pack/plugins/siem/public/**/*.{js,ts,tsx}'],
+      files: ['x-pack/plugins/security_solution/public/**/*.{js,ts,tsx}'],
       rules: {
         'import/no-nodejs-modules': 'error',
         'no-restricted-imports': [
@@ -605,7 +605,7 @@ module.exports = {
     },
     {
       // typescript only for front and back end
-      files: ['x-pack/{,legacy/}plugins/siem/**/*.{ts,tsx}'],
+      files: ['x-pack/{,legacy/}plugins/security_solution/**/*.{ts,tsx}'],
       rules: {
         // This will be turned on after bug fixes are complete
         // '@typescript-eslint/explicit-member-accessibility': 'warn',
@@ -640,7 +640,7 @@ module.exports = {
     // {
     //   // will introduced after the other warns are fixed
     //   // typescript and javascript for front end react performance
-    //   files: ['x-pack/plugins/siem/public/**/!(*.test).{js,ts,tsx}'],
+    //   files: ['x-pack/plugins/security_solution/public/**/!(*.test).{js,ts,tsx}'],
     //   plugins: ['react-perf'],
     //   rules: {
     //     // 'react-perf/jsx-no-new-object-as-prop': 'error',
@@ -651,7 +651,7 @@ module.exports = {
     // },
     {
       // typescript and javascript for front and back end
-      files: ['x-pack/{,legacy/}plugins/siem/**/*.{js,ts,tsx}'],
+      files: ['x-pack/{,legacy/}plugins/security_solution/**/*.{js,ts,tsx}'],
       plugins: ['eslint-plugin-node', 'react'],
       env: {
         mocha: true,

.github/CODEOWNERS

@@ -225,12 +225,12 @@
 /x-pack/test/plugin_functional/plugins/resolver_test/ @elastic/endpoint-app-team @elastic/siem
 /x-pack/test/plugin_functional/test_suites/resolver/ @elastic/endpoint-app-team @elastic/siem
 
-# SIEM
-/x-pack/plugins/siem/ @elastic/siem @elastic/endpoint-app-team
+# Security Solution
+/x-pack/plugins/security_solution/ @elastic/siem @elastic/endpoint-app-team
 /x-pack/test/detection_engine_api_integration @elastic/siem @elastic/endpoint-app-team
-/x-pack/test/api_integration/apis/siem @elastic/siem @elastic/endpoint-app-team
+/x-pack/test/api_integration/apis/security_solution @elastic/siem @elastic/endpoint-app-team
 /x-pack/plugins/case @elastic/siem @elastic/endpoint-app-team
 /x-pack/plugins/lists @elastic/siem @elastic/endpoint-app-team
 
 # Security Intelligence And Analytics
-/x-pack/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics
+/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics

Jenkinsfile

@@ -41,9 +41,9 @@ kibanaPipeline(timeoutMinutes: 155, checkPrChanges: true) {
             'xpack-ciGroup9': kibanaPipeline.xpackCiGroupProcess(9),
             'xpack-ciGroup10': kibanaPipeline.xpackCiGroupProcess(10),
             'xpack-accessibility': kibanaPipeline.functionalTestProcess('xpack-accessibility', './test/scripts/jenkins_xpack_accessibility.sh'),
-            'xpack-siemCypress': { processNumber ->
-              whenChanged(['x-pack/plugins/siem/', 'x-pack/test/siem_cypress/']) {
-                kibanaPipeline.functionalTestProcess('xpack-siemCypress', './test/scripts/jenkins_siem_cypress.sh')(processNumber)
+            'xpack-securitySolutionCypress': { processNumber ->
+              whenChanged(['x-pack/plugins/security_solution/', 'x-pack/test/security_solution_cypress/']) {
+                kibanaPipeline.functionalTestProcess('xpack-securitySolutionCypress', './test/scripts/jenkins_security_solution_cypress.sh')(processNumber)
               }
             },
 

src/cli/cluster/cluster_manager.ts

@@ -262,7 +262,7 @@ export class ClusterManager {
       ...pluginInternalDirsIgnore,
       fromRoot('src/legacy/server/sass/__tmp__'),
       fromRoot('x-pack/plugins/reporting/.chromium'),
-      fromRoot('x-pack/plugins/siem/cypress'),
+      fromRoot('x-pack/plugins/security_solution/cypress'),
       fromRoot('x-pack/plugins/apm/e2e'),
       fromRoot('x-pack/plugins/apm/scripts'),
       fromRoot('x-pack/plugins/canvas/canvas_plugin_src'), // prevents server from restarting twice for Canvas plugin changes,

src/dev/storybook/aliases.ts

@@ -26,5 +26,5 @@ export const storybookAliases = {
   drilldowns: 'x-pack/plugins/drilldowns/scripts/storybook.js',
   embeddable: 'src/plugins/embeddable/scripts/storybook.js',
   infra: 'x-pack/legacy/plugins/infra/scripts/storybook.js',
-  siem: 'x-pack/plugins/siem/scripts/storybook.js',
+  security_solution: 'x-pack/plugins/security_solution/scripts/storybook.js',
 };

src/dev/typescript/projects.ts

@@ -27,8 +27,8 @@ export const PROJECTS = [
   new Project(resolve(REPO_ROOT, 'test/tsconfig.json'), { name: 'kibana/test' }),
   new Project(resolve(REPO_ROOT, 'x-pack/tsconfig.json')),
   new Project(resolve(REPO_ROOT, 'x-pack/test/tsconfig.json'), { name: 'x-pack/test' }),
-  new Project(resolve(REPO_ROOT, 'x-pack/plugins/siem/cypress/tsconfig.json'), {
-    name: 'siem/cypress',
+  new Project(resolve(REPO_ROOT, 'x-pack/plugins/security_solution/cypress/tsconfig.json'), {
+    name: 'security_solution/cypress',
   }),
   new Project(resolve(REPO_ROOT, 'x-pack/plugins/apm/e2e/tsconfig.json'), {
     name: 'apm/cypress',

src/plugins/advanced_settings/public/management_app/lib/get_category_name.ts

@@ -46,8 +46,8 @@ const names: Record<string, string> = {
   search: i18n.translate('advancedSettings.categoryNames.searchLabel', {
     defaultMessage: 'Search',
   }),
-  siem: i18n.translate('advancedSettings.categoryNames.siemLabel', {
-    defaultMessage: 'SIEM',
+  securitySolution: i18n.translate('advancedSettings.categoryNames.securitySolutionLabel', {
+    defaultMessage: 'Security Solution',
   }),
 };
 

src/plugins/home/server/services/tutorials/lib/tutorial_schema.ts

@@ -26,7 +26,7 @@ const PARAM_TYPES = {
 
 const TUTORIAL_CATEGORY = {
   LOGGING: 'logging',
-  SIEM: 'siem',
+  SECURITY_SOLUTION: 'security solution',
   METRICS: 'metrics',
   OTHER: 'other',
 };

src/plugins/home/server/services/tutorials/lib/tutorials_registry_types.ts

@@ -22,7 +22,7 @@ import { KibanaRequest } from 'src/core/server';
 /** @public */
 export enum TutorialsCategory {
   LOGGING = 'logging',
-  SIEM = 'siem',
+  SECURITY_SOLUTION = 'security',
   METRICS = 'metrics',
   OTHER = 'other',
 }

src/plugins/home/server/tutorials/auditbeat/index.ts

@@ -36,7 +36,7 @@ export function auditbeatSpecProvider(context: TutorialContext): TutorialSchema
     name: i18n.translate('home.tutorials.auditbeat.nameTitle', {
       defaultMessage: 'Auditbeat',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.auditbeat.shortDescription', {
       defaultMessage: 'Collect audit data from your hosts.',
     }),
@@ -53,9 +53,9 @@ processes, users, logins, sockets information, file accesses, and more. \
     artifacts: {
       dashboards: [],
       application: {
-        path: '/app/siem',
+        path: '/app/security',
         label: i18n.translate('home.tutorials.auditbeat.artifacts.dashboards.linkLabel', {
-          defaultMessage: 'SIEM App',
+          defaultMessage: 'Security App',
         }),
       },
       exportedFields: {

src/plugins/home/server/tutorials/cisco_logs/index.ts

@@ -37,7 +37,7 @@ export function ciscoLogsSpecProvider(context: TutorialContext): TutorialSchema
     name: i18n.translate('home.tutorials.ciscoLogs.nameTitle', {
       defaultMessage: 'Cisco',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.ciscoLogs.shortDescription', {
       defaultMessage: 'Collect and parse logs received from Cisco ASA firewalls.',
     }),
@@ -54,9 +54,9 @@ supports the "asa" fileset for Cisco ASA firewall logs received over syslog or r
     artifacts: {
       dashboards: [],
       application: {
-        path: '/app/siem',
+        path: '/app/security',
         label: i18n.translate('home.tutorials.ciscoLogs.artifacts.dashboards.linkLabel', {
-          defaultMessage: 'SIEM App',
+          defaultMessage: 'Security App',
         }),
       },
       exportedFields: {

src/plugins/home/server/tutorials/coredns_logs/index.ts

@@ -37,7 +37,7 @@ export function corednsLogsSpecProvider(context: TutorialContext): TutorialSchem
     name: i18n.translate('home.tutorials.corednsLogs.nameTitle', {
       defaultMessage: 'CoreDNS logs',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.corednsLogs.shortDescription', {
       defaultMessage: 'Collect the logs created by Coredns.',
     }),

src/plugins/home/server/tutorials/envoyproxy_logs/index.ts

@@ -37,7 +37,7 @@ export function envoyproxyLogsSpecProvider(context: TutorialContext): TutorialSc
     name: i18n.translate('home.tutorials.envoyproxyLogs.nameTitle', {
       defaultMessage: 'Envoyproxy',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.envoyproxyLogs.shortDescription', {
       defaultMessage: 'Collect and parse logs received from the Envoy proxy.',
     }),
@@ -54,9 +54,9 @@ It supports both standalone deployment and Envoy proxy deployment in Kubernetes.
     artifacts: {
       dashboards: [],
       application: {
-        path: '/app/siem',
+        path: '/app/security',
         label: i18n.translate('home.tutorials.envoyproxyLogs.artifacts.dashboards.linkLabel', {
-          defaultMessage: 'SIEM App',
+          defaultMessage: 'Security App',
         }),
       },
       exportedFields: {

src/plugins/home/server/tutorials/iptables_logs/index.ts

@@ -37,7 +37,7 @@ export function iptablesLogsSpecProvider(context: TutorialContext): TutorialSche
     name: i18n.translate('home.tutorials.iptablesLogs.nameTitle', {
       defaultMessage: 'Iptables / Ubiquiti',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.iptablesLogs.shortDescription', {
       defaultMessage: 'Collect and parse iptables and ip6tables logs or from Ubiqiti firewalls.',
     }),
@@ -56,9 +56,9 @@ number and the action performed on the traffic (allow/deny).. \
     artifacts: {
       dashboards: [],
       application: {
-        path: '/app/siem',
+        path: '/app/security',
         label: i18n.translate('home.tutorials.iptablesLogs.artifacts.dashboards.linkLabel', {
-          defaultMessage: 'SIEM App',
+          defaultMessage: 'Security App',
         }),
       },
       exportedFields: {

src/plugins/home/server/tutorials/netflow/index.ts

@@ -28,7 +28,7 @@ export function netflowSpecProvider() {
   return {
     id: 'netflow',
     name: 'Netflow',
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.netflow.tutorialShortDescription', {
       defaultMessage: 'Collect Netflow records sent by a Netflow exporter.',
     }),

src/plugins/home/server/tutorials/osquery_logs/index.ts

@@ -37,7 +37,7 @@ export function osqueryLogsSpecProvider(context: TutorialContext): TutorialSchem
     name: i18n.translate('home.tutorials.osqueryLogs.nameTitle', {
       defaultMessage: 'Osquery logs',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.osqueryLogs.shortDescription', {
       defaultMessage: 'Collect the result logs created by osqueryd.',
     }),

src/plugins/home/server/tutorials/suricata_logs/index.ts

@@ -37,7 +37,7 @@ export function suricataLogsSpecProvider(context: TutorialContext): TutorialSche
     name: i18n.translate('home.tutorials.suricataLogs.nameTitle', {
       defaultMessage: 'Suricata logs',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.suricataLogs.shortDescription', {
       defaultMessage: 'Collect the result logs created by Suricata IDS/IPS/NSM.',
     }),

src/plugins/home/server/tutorials/windows_event_logs/index.ts

@@ -36,7 +36,7 @@ export function windowsEventLogsSpecProvider(context: TutorialContext): Tutorial
       defaultMessage: 'Windows Event Log',
     }),
     isBeta: false,
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.windowsEventLogs.shortDescription', {
       defaultMessage: 'Fetch logs from the Windows Event Log.',
     }),

src/plugins/home/server/tutorials/zeek_logs/index.ts

@@ -37,7 +37,7 @@ export function zeekLogsSpecProvider(context: TutorialContext): TutorialSchema {
     name: i18n.translate('home.tutorials.zeekLogs.nameTitle', {
       defaultMessage: 'Zeek logs',
     }),
-    category: TutorialsCategory.SIEM,
+    category: TutorialsCategory.SECURITY_SOLUTION,
     shortDescription: i18n.translate('home.tutorials.zeekLogs.shortDescription', {
       defaultMessage: 'Collect the logs created by Zeek/Bro.',
     }),

test/scripts/jenkins_siem_cypress.sh → test/scripts/jenkins_security_solution_cypress.sh

@@ -8,14 +8,14 @@ cp -R "$installDir" "$destDir"
 
 export KIBANA_INSTALL_DIR="$destDir"
 
-echo " -> Running SIEM cypress tests"
+echo " -> Running security solution cypress tests"
 cd "$XPACK_DIR"
 
-checks-reporter-with-killswitch "SIEM Cypress Tests" \
+checks-reporter-with-killswitch "Security solution Cypress Tests" \
   node scripts/functional_tests \
     --debug --bail \
     --kibana-install-dir "$KIBANA_INSTALL_DIR" \
-    --config test/siem_cypress/config.ts
+    --config test/security_solution_cypress/config.ts
 
 echo ""
 echo ""

test/scripts/jenkins_xpack.sh

@@ -17,7 +17,7 @@ if [[ -z "$CODE_COVERAGE" ]] ; then
 
   echo " -> Running SIEM cyclic dependency test"
   cd "$XPACK_DIR"
-  checks-reporter-with-killswitch "X-Pack SIEM cyclic dependency test" node plugins/siem/scripts/check_circular_deps
+  checks-reporter-with-killswitch "X-Pack SIEM cyclic dependency test" node plugins/security_solution/scripts/check_circular_deps
   echo ""
   echo ""
 

x-pack/.gitignore

@@ -12,4 +12,4 @@
 /.kibana-plugin-helpers.dev.*
 !/legacy/plugins/infra/**/target
 .cache
-!/legacy/plugins/siem/**/target
+!/legacy/plugins/security_solution/**/target

x-pack/.i18nrc.json

@@ -40,7 +40,7 @@
     "xpack.searchProfiler": "plugins/searchprofiler",
     "xpack.security": ["legacy/plugins/security", "plugins/security"],
     "xpack.server": "legacy/server",
-    "xpack.siem": "plugins/siem",
+    "xpack.securitySolution": "plugins/security_solution",
     "xpack.snapshotRestore": "plugins/snapshot_restore",
     "xpack.spaces": ["legacy/plugins/spaces", "plugins/spaces"],
     "xpack.taskManager": "legacy/plugins/task_manager",

x-pack/plugins/lists/common/siem_common_deps.ts

@@ -4,5 +4,5 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export { exactCheck } from '../../siem/common/exact_check';
-export { getPaths, foldLeftRight } from '../../siem/common/test_utils';
+export { exactCheck } from '../../security_solution/common/exact_check';
+export { getPaths, foldLeftRight } from '../../security_solution/common/test_utils';

x-pack/plugins/lists/server/siem_server_deps.ts

@@ -18,4 +18,4 @@ export {
   getIndexExists,
   buildRouteValidation,
   validate,
-} from '../../siem/server';
+} from '../../security_solution/server';

x-pack/plugins/security_solution/.gitattributes

@@ -0,0 +1,6 @@
+# Auto-collapse generated files in GitHub
+# https://help.github.com/en/articles/customizing-how-changed-files-appear-on-github
+x-pack/plugins/security_solution/server/graphql/types.ts linguist-generated=true
+x-pack/plugins/security_solution/public/graphql/types.ts linguist-generated=true
+x-pack/plugins/security_solution/public/graphql/introspection.json linguist-generated=true
+

x-pack/plugins/siem/common/constants.ts → x-pack/plugins/security_solution/common/constants.ts

@@ -4,24 +4,24 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export const APP_ID = 'siem';
-export const APP_NAME = 'SIEM';
+export const APP_ID = 'securitySolution';
+export const APP_NAME = 'Security';
 export const APP_ICON = 'securityAnalyticsApp';
-export const APP_PATH = `/app/${APP_ID}`;
+export const APP_PATH = `/app/security`;
 export const DEFAULT_BYTES_FORMAT = 'format:bytes:defaultPattern';
 export const DEFAULT_DATE_FORMAT = 'dateFormat';
 export const DEFAULT_DATE_FORMAT_TZ = 'dateFormat:tz';
 export const DEFAULT_DARK_MODE = 'theme:darkMode';
-export const DEFAULT_INDEX_KEY = 'siem:defaultIndex';
+export const DEFAULT_INDEX_KEY = 'securitySolution:defaultIndex';
 export const DEFAULT_NUMBER_FORMAT = 'format:number:defaultPattern';
 export const DEFAULT_TIME_RANGE = 'timepicker:timeDefaults';
 export const DEFAULT_REFRESH_RATE_INTERVAL = 'timepicker:refreshIntervalDefaults';
-export const DEFAULT_SIEM_TIME_RANGE = 'siem:timeDefaults';
-export const DEFAULT_SIEM_REFRESH_INTERVAL = 'siem:refreshIntervalDefaults';
+export const DEFAULT_APP_TIME_RANGE = 'securitySolution:timeDefaults';
+export const DEFAULT_APP_REFRESH_INTERVAL = 'securitySolution:refreshIntervalDefaults';
 export const DEFAULT_SIGNALS_INDEX = '.siem-signals';
 export const DEFAULT_MAX_SIGNALS = 100;
 export const DEFAULT_SEARCH_AFTER_PAGE_SIZE = 100;
-export const DEFAULT_ANOMALY_SCORE = 'siem:defaultAnomalyScore';
+export const DEFAULT_ANOMALY_SCORE = 'securitySolution:defaultAnomalyScore';
 export const DEFAULT_MAX_TABLE_QUERY_SIZE = 10000;
 export const DEFAULT_SCALE_DATE_FORMAT = 'dateFormat:scaled';
 export const DEFAULT_FROM = 'now-24h';
@@ -42,16 +42,16 @@ export const DEFAULT_INDEX_PATTERN = [
 ];
 
 /** This Kibana Advanced Setting enables the `Security news` feed widget */
-export const ENABLE_NEWS_FEED_SETTING = 'siem:enableNewsFeed';
+export const ENABLE_NEWS_FEED_SETTING = 'securitySolution:enableNewsFeed';
 
 /** This Kibana Advanced Setting specifies the URL of the News feed widget */
-export const NEWS_FEED_URL_SETTING = 'siem:newsFeedUrl';
+export const NEWS_FEED_URL_SETTING = 'securitySolution:newsFeedUrl';
 
 /** The default value for News feed widget */
 export const NEWS_FEED_URL_SETTING_DEFAULT = 'https://feeds.elastic.co/security-solution';
 
 /** This Kibana Advanced Setting specifies the URLs of `IP Reputation Links`*/
-export const IP_REPUTATION_LINKS_SETTING = 'siem:ipReputationLinks';
+export const IP_REPUTATION_LINKS_SETTING = 'securitySolution:ipReputationLinks';
 
 /** The default value for `IP Reputation Links` */
 export const IP_REPUTATION_LINKS_SETTING_DEFAULT = `[
@@ -62,12 +62,12 @@ export const IP_REPUTATION_LINKS_SETTING_DEFAULT = `[
 /**
  * Id for the signals alerting type
  */
-export const SIGNALS_ID = `${APP_ID}.signals`;
+export const SIGNALS_ID = `siem.signals`;
 
 /**
  * Id for the notifications alerting type
  */
-export const NOTIFICATIONS_ID = `${APP_ID}.notifications`;
+export const NOTIFICATIONS_ID = `siem.notifications`;
 
 /**
  * Special internal structure for tags for signals. This is used