Merge branch 'main' into pit-indicator

elastic · Mar 23, 2022 · 1d3ef60 · 1d3ef60
2 parents e138352 + 0b4282e
commit 1d3ef60
Show file tree

Hide file tree

Showing 817 changed files with 21,891 additions and 5,706 deletions.
diff --git a/.buildkite/pipelines/artifacts.yml b/.buildkite/pipelines/artifacts.yml
@@ -0,0 +1,6 @@
+steps:
+  - command: .buildkite/scripts/steps/artifacts/build.sh
+    label: Build Kibana Artifacts
+    agents:
+      queue: c2-16
+    timeout_in_minutes: 60
diff --git a/.buildkite/scripts/steps/artifacts/build.sh b/.buildkite/scripts/steps/artifacts/build.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+.buildkite/scripts/bootstrap.sh
+
+echo "--- Build Kibana Distribution"
+node scripts/build --all-platforms --debug --skip-docker-cloud
+
+echo "--- Build dependencies report"
+node scripts/licenses_csv_report --csv=target/dependencies_report.csv
diff --git a/.buildkite/scripts/steps/cloud/build_and_deploy.sh b/.buildkite/scripts/steps/cloud/build_and_deploy.sh
@@ -75,7 +75,6 @@ if [ -z "${CLOUD_DEPLOYMENT_ID}" ]; then
 else
 ecctl deployment show "$CLOUD_DEPLOYMENT_ID" --generate-update-payload | jq '
   .resources.kibana[0].plan.kibana.docker_image = "'$CLOUD_IMAGE'" |
-  .resources.elasticsearch[0].plan.elasticsearch.docker_image = "'$ELASTICSEARCH_CLOUD_IMAGE'" |
   (.. | select(.version? != null).version) = "'$VERSION'"
   ' > /tmp/deploy.json
   ecctl deployment update "$CLOUD_DEPLOYMENT_ID" --track --output json --file /tmp/deploy.json &> "$JSON_FILE"

diff --git a/.github/workflows/add-to-ao-project.yml b/.github/workflows/add-to-ao-project.yml
@@ -0,0 +1,23 @@
+name: Add issues to Actionable Observability project
+on:
+  issues:
+    types: [labeled]
+jobs:
+  sync_issues_with_table:
+    runs-on: ubuntu-latest
+    name: Add issues to project
+    if: |
+      github.event.label.name == 'Team: Actionable Observability'
+    steps:
+      - name: Add
+        uses: richkuz/projectnext-label-assigner@1.0.2
+        id: add_to_projects
+        with:
+          config: |
+            [
+              {"label": "Team: Actionable Observability", "projectNumber": 669}
+            ]
+        env:
+          GRAPHQL_API_BASE: 'https://api.github.com'
+          PAT_TOKEN: ${{ secrets.PROJECT_ASSIGNER_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.i18nrc.json b/.i18nrc.json
@@ -31,6 +31,7 @@
     "expressions": "src/plugins/expressions",
     "expressionShape": "src/plugins/expression_shape",
     "expressionTagcloud": "src/plugins/chart_expressions/expression_tagcloud",
+    "eventAnnotation": "src/plugins/event_annotation",
     "fieldFormats": "src/plugins/field_formats",
     "flot": "packages/kbn-flot-charts/lib",
     "home": "src/plugins/home",
@@ -50,7 +51,10 @@
     "kibana-react": "src/plugins/kibana_react",
     "kibanaOverview": "src/plugins/kibana_overview",
     "lists": "packages/kbn-securitysolution-list-utils/src",
-    "management": ["src/legacy/core_plugins/management", "src/plugins/management"],
+    "management": [
+      "src/legacy/core_plugins/management",
+      "src/plugins/management"
+    ],
     "monaco": "packages/kbn-monaco/src",
     "navigation": "src/plugins/navigation",
     "newsfeed": "src/plugins/newsfeed",
@@ -62,8 +66,13 @@
     "sharedUX": "src/plugins/shared_ux",
     "sharedUXComponents": "packages/kbn-shared-ux-components/src",
     "statusPage": "src/legacy/core_plugins/status_page",
-    "telemetry": ["src/plugins/telemetry", "src/plugins/telemetry_management_section"],
-    "timelion": ["src/plugins/vis_types/timelion"],
+    "telemetry": [
+      "src/plugins/telemetry",
+      "src/plugins/telemetry_management_section"
+    ],
+    "timelion": [
+      "src/plugins/vis_types/timelion"
+    ],
     "uiActions": "src/plugins/ui_actions",
     "uiActionsExamples": "examples/ui_action_examples",
     "usageCollection": "src/plugins/usage_collection",
@@ -83,4 +92,4 @@
     "visualizations": "src/plugins/visualizations"
   },
   "translations": []
-}
+}
diff --git a/dev_docs/contributing/standards.mdx b/dev_docs/contributing/standards.mdx
@@ -69,7 +69,7 @@ Every team should be collecting telemetry metrics on it’s public API usage. Th
 
 ### APM
 
-Kibana server and client are instrumented with APM node and APM RUM clients respectively, tracking serveral types of transactions by default, such as `page-load`, `request`, etc.
+Kibana server and client are instrumented with APM node and APM RUM clients respectively, tracking several types of transactions by default, such as `page-load`, `request`, etc.
 You may introduce custom transactions. Please refer to the [APM documentation](https://www.elastic.co/guide/en/apm/get-started/current/index.html) and follow these guidelines when doing so:
 
 - Use dashed syntax for transaction types and names: `my-transaction-type` and `my-transaction-name`

diff --git a/dev_docs/key_concepts/kibana_platform_plugin_intro.mdx b/dev_docs/key_concepts/kibana_platform_plugin_intro.mdx
@@ -153,7 +153,7 @@ plugins to customize the Kibana experience. Examples of extension points are:
 - core.overlays.showModal
 - embeddables.registerEmbeddableFactory
 - uiActions.registerAction
-- core.saedObjects.registerType
+- core.savedObjects.registerType
 
 ## Follow up material
 

diff --git a/dev_docs/tutorials/endpoints.mdx b/dev_docs/tutorials/endpoints.mdx
@@ -46,7 +46,7 @@ HTTP method. All these APIs share the same signature, and receive two parameters
 
 When invoked, the `handler` receive three parameters: `context`, `request`, and `response`, and must return a response that will be sent to serve
 the request.
-- `context` is a request-bound context exposed for the request. It allows for example to use an elasticsearch client bound to the request's credentials.
+- `context` is a request-bound context exposed for the request. For example, it allows to use an elasticsearch client bound to the request's credentials.
 - `request` contains information related to the request, such as the path and query parameter
 - `response` contains factory helpers to create the response to return from the endpoint
 

diff --git a/docs/api/cases.asciidoc b/docs/api/cases.asciidoc
@@ -5,14 +5,14 @@ You can create, manage, configure, and send cases to external systems with
 these APIs:
 
 * {security-guide}/cases-api-add-comment.html[Add comment]
-* {security-guide}/cases-api-create.html[Create case]
+* <<cases-api-create>>
 * {security-guide}/cases-api-delete-case.html[Delete case]
 * {security-guide}/cases-api-delete-all-comments.html[Delete all comments]
 * {security-guide}/cases-api-delete-comment.html[Delete comment]
 * {security-guide}/cases-api-find-alert.html[Find all alerts attached to a case]
-* {security-guide}/cases-api-find-cases.html[Find cases]
+* <<cases-api-find-cases>>
 * {security-guide}/cases-api-find-cases-by-alert.html[Find cases by alert]
-* {security-guide}/cases-api-find-connectors.html[Find connectors]
+* <<cases-api-find-connectors>>
 * {security-guide}/cases-api-get-case-activity.html[Get all case activity]
 * {security-guide}/cases-api-get-all-case-comments.html[Get all case comments]
 * {security-guide}/cases-api-get-case.html[Get case]
@@ -24,5 +24,13 @@ these APIs:
 * {security-guide}/cases-api-push.html[Push case]
 * {security-guide}/assign-connector.html[Set default Elastic Security UI connector]
 * {security-guide}/case-api-update-connector.html[Update case configurations]
-* {security-guide}/cases-api-update.html[Update case]
+* <<cases-api-update>>
 * {security-guide}/cases-api-update-comment.html[Update comment]
+
+//CREATE
+include::cases/cases-api-create.asciidoc[leveloffset=+1]
+//FIND
+include::cases/cases-api-find-cases.asciidoc[leveloffset=+1]
+include::cases/cases-api-find-connectors.asciidoc[leveloffset=+1]
+//UPDATE
+include::cases/cases-api-update.asciidoc[leveloffset=+1]
diff --git a/docs/api/cases/cases-api-create.asciidoc b/docs/api/cases/cases-api-create.asciidoc
@@ -0,0 +1,237 @@
+[[cases-api-create]]
+== Create case API
+++++
+<titleabbrev>Create case</titleabbrev>
+++++
+
+Creates a case.
+
+=== Request
+
+`POST <kibana host>:<port>/api/cases`
+
+`POST <kibana host>:<port>/s/<space_id>/api/cases`
+
+=== Prerequisite
+
+You must have `all` privileges for the *Cases* feature in the *Management*,
+*{observability}*, or *Security* section of the
+<<kibana-feature-privileges,{kib} feature privileges>>, depending on the
+`owner` of the case you're creating.
+
+=== Path parameters
+
+`<space_id>`::
+(Optional, string) An identifier for the space. If it is not specified, the
+default space is used.
+
+=== Request body
+
+`connector`::
+(Required, object) An object that contains the connector configuration.
++
+.Properties of `connector`
+[%collapsible%open]
+====
+`fields`::
+(Required, object) An object containing the connector fields.
++
+--
+To create a case without a connector, specify `null`. If you want to omit any
+individual field, specify `null` as its value.
+
+For {ibm-r} connectors, specify:
+
+`issueTypes`:::
+(Required, array of numbers) The type of the incident.
+
+`severityCode`:::
+(Required, number) The severity code of the incident.
+
+For {jira} connectors, specify:
+
+`issueType`:::
+(Required, string) The type of the issue.
+
+`parent`:::
+(Required, string) The key of the parent issue, when the issue type is `Sub-task`.
+
+`priority`:::
+(Required, string) The priority of the issue.
+
+For {sn-itsm} connectors, specify:
+
+`category`:::
+(Required, string) The category of the incident.
+
+`impact`:::
+(Required, string) The effect an incident had on business.
+
+`severity`:::
+(Required, string) The severity of the incident.
+
+`subcategory`:::
+(Required, string) The subcategory of the incident.
+
+`urgency`:::
+(Required, string) The extent to which the incident resolution can be delayed.
+
+For {sn-sir} connectors, specify:
+
+`category`:::
+(Required, string) The category of the incident.
+
+`destIp`:::
+(Required, string) A comma separated list of destination IPs.
+
+`malwareHash`:::
+(Required, string) A comma separated list of malware hashes.
+
+`malwareUrl`:::
+(Required, string) A comma separated list of malware URLs.
+
+`priority`:::
+(Required, string) The priority of the incident.
+
+`sourceIp`:::
+(Required, string) A comma separated list of source IPs.
+
+`subcategory`:::
+(Required, string) The subcategory of the incident.
+
+For {swimlane} connectors, specify:
+
+`caseId`:::
+(Required, string) The case ID.
+--
+
+`id`::
+(Required, string) The identifier for the connector. To create a case without a
+connector, use `none`.
+//To retrieve connector IDs, use <<cases-api-find-connectors>>).
+
+`name`::
+(Required, string) The name of the connector. To create a case without a
+connector, use `none`.
+
+`type`::
+(Required, string) The type of the connector. Valid values are: `.jira`, `.none`,
+`.resilient`,`.servicenow`, `.servicenow-sir`, and `.swimlane`. To create a case
+without a connector, use `.none`.
+====
+
+`description`::
+(Required, string) The description for the case.
+
+`owner`::
+(Required, string) The application that owns the case. Valid values are:
+`cases`, `observability`, or `securitySolution`. This value affects
+whether the case is visible in the {stack-manage-app}, {observability}, or
+{security-app}.
+
+`settings`::
+(Required, object)
+An object that contains the case settings.
++
+.Properties of `settings`
+[%collapsible%open]
+====
+`syncAlerts`:: 
+(Required, boolean) Turns alert syncing on or off.
+====
+
+`tags`::
+(Required, string array) The words and phrases that help
+categorize cases. It can be an empty array.
+
+`title`::
+(Required, string) A title for the case.
+
+=== Response code
+
+`200`::
+   Indicates a successful call.
+
+=== Example
+
+[source,sh]
+--------------------------------------------------
+POST api/cases
+{
+  "description": "James Bond clicked on a highly suspicious email
+  banner advertising cheap holidays for underpaid civil servants.",
+  "title": "This case will self-destruct in 5 seconds",
+  "tags": [
+    "phishing",
+    "social engineering"
+  ],
+  "connector": {
+    "id": "131d4448-abe0-4789-939d-8ef60680b498",
+    "name": "My connector",
+    "type": ".jira",
+    "fields": {
+      "issueType": "10006",
+      "priority": "High",
+      "parent": null
+    }
+  },
+  "settings": {
+    "syncAlerts": true
+  },
+  "owner": "securitySolution"
+}
+--------------------------------------------------
+// KIBANA
+
+The API returns a JSON object that includes the user who created the case and
+the case identifier, version, and creation time. For example:
+
+[source,json]
+--------------------------------------------------
+{
+  "id": "66b9aa00-94fa-11ea-9f74-e7e108796192", <1>
+  "version": "WzUzMiwxXQ==",
+  "comments": [],
+  "totalComment": 0,
+  "totalAlerts": 0,
+  "title": "This case will self-destruct in 5 seconds",
+  "tags": [
+    "phishing",
+    "social engineering",
+    "bubblegum"
+  ],
+  "settings": {
+    "syncAlerts": true
+  },
+  "owner": "securitySolution",
+  "description": "James Bond clicked on a highly suspicious email banner advertising cheap holidays for underpaid civil servants. Operation bubblegum is active. Repeat - operation bubblegum is now active",
+  "closed_at": null,
+  "closed_by": null,
+  "created_at": "2022-05-13T09:16:17.416Z",
+  "created_by": {
+    "email": "ahunley@imf.usa.gov",
+    "full_name": "Alan Hunley",
+    "username": "ahunley"
+  },
+  "status": "open",
+  "updated_at": null,
+  "updated_by": null,
+  "connector": {
+    "id": "131d4448-abe0-4789-939d-8ef60680b498", <2>
+    "name": "My connector",
+    "type": ".jira",
+    "fields": {
+      "issueType": "10006",
+      "parent": null,
+      "priority": "High"
+    }
+  },
+  "external_service": null <3>
+}
+--------------------------------------------------
+
+<1> The case identifier is also its saved object ID (`savedObjectId`), which is
+used when pushing cases to external systems.
+<2> The default connector used to push cases to external services.
+<3> The `external_service` object stores information about the incident after it
+is pushed to an external incident management system.