Merge branch 'master' into dev/discover-force-pause-refresh

.github/CODEOWNERS

@@ -349,6 +349,21 @@
 /x-pack/test/case_api_integration @elastic/security-threat-hunting
 /x-pack/plugins/lists @elastic/security-detections-response
 
+## Security Solution sub teams - security-onboarding-and-lifecycle-mgt 
+/x-pack/plugins/security_solution/public/management/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/public/common/lib/endpoint*/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/public/common/components/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/common/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/routes/actions/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/routes/metadata/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/lib/policy/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/lib/license/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/fleet_integration/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/scripts/endpoint/event_filters/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/scripts/endpoint/trusted_apps/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/test/security_solution_endpoint/apps/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
+
 # Security Intelligence And Analytics
 /x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics
 

WORKSPACE.bazel

@@ -10,15 +10,15 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 # Fetch Node.js rules
 http_archive(
   name = "build_bazel_rules_nodejs",
-  sha256 = "0fa2d443571c9e02fcb7363a74ae591bdcce2dd76af8677a95965edf329d778a",
-  urls = ["https://github.com/bazelbuild/rules_nodejs/releases/download/3.6.0/rules_nodejs-3.6.0.tar.gz"],
+  sha256 = "8f5f192ba02319254aaf2cdcca00ec12eaafeb979a80a1e946773c520ae0a2c9",
+  urls = ["https://github.com/bazelbuild/rules_nodejs/releases/download/3.7.0/rules_nodejs-3.7.0.tar.gz"],
 )
 
 # Now that we have the rules let's import from them to complete the work
 load("@build_bazel_rules_nodejs//:index.bzl", "check_rules_nodejs_version", "node_repositories", "yarn_install")
 
 # Assure we have at least a given rules_nodejs version
-check_rules_nodejs_version(minimum_version_string = "3.6.0")
+check_rules_nodejs_version(minimum_version_string = "3.7.0")
 
 # Setup the Node.js toolchain for the architectures we want to support
 #

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.exporters.md

@@ -10,5 +10,7 @@
 exporters: {
     datatableToCSV: typeof datatableToCSV;
     CSV_MIME_TYPE: string;
+    cellHasFormulas: (val: string) => boolean;
+    tableHasFormulas: (columns: import("../../expressions").DatatableColumn[], rows: Record<string, any>[]) => boolean;
 }
 ```

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.filtermanager.md

@@ -7,7 +7,7 @@
 <b>Signature:</b>
 
 ```typescript
-export declare class FilterManager 
+export declare class FilterManager implements PersistableStateService 
 ```
 
 ## Constructors
@@ -16,6 +16,16 @@ export declare class FilterManager
 |  --- | --- | --- |
 |  [(constructor)(uiSettings)](./kibana-plugin-plugins-data-public.filtermanager._constructor_.md) |  | Constructs a new instance of the <code>FilterManager</code> class |
 
+## Properties
+
+|  Property | Modifiers | Type | Description |
+|  --- | --- | --- | --- |
+|  [extract](./kibana-plugin-plugins-data-public.filtermanager.extract.md) |  | <code>any</code> |  |
+|  [getAllMigrations](./kibana-plugin-plugins-data-public.filtermanager.getallmigrations.md) |  | <code>() =&gt; {}</code> |  |
+|  [inject](./kibana-plugin-plugins-data-public.filtermanager.inject.md) |  | <code>any</code> |  |
+|  [migrateToLatest](./kibana-plugin-plugins-data-public.filtermanager.migratetolatest.md) |  | <code>any</code> |  |
+|  [telemetry](./kibana-plugin-plugins-data-public.filtermanager.telemetry.md) |  | <code>(filters: import(&quot;../../../../kibana_utils/common/persistable_state&quot;).SerializableState, collector: unknown) =&gt; {}</code> |  |
+
 ## Methods
 
 |  Method | Modifiers | Description |

docs/development/plugins/data/server/kibana-plugin-plugins-data-server.getcapabilitiesforrollupindices.md

@@ -7,9 +7,9 @@
 <b>Signature:</b>
 
 ```typescript
-export declare function getCapabilitiesForRollupIndices(indices: {
-    [key: string]: any;
-}): {
+export declare function getCapabilitiesForRollupIndices(indices: Record<string, {
+    rollup_jobs: any;
+}>): {
     [key: string]: any;
 };
 ```
@@ -18,7 +18,7 @@ export declare function getCapabilitiesForRollupIndices(indices: {
 
 |  Parameter | Type | Description |
 |  --- | --- | --- |
-|  indices | <code>{</code><br/><code>    [key: string]: any;</code><br/><code>}</code> |  |
+|  indices | <code>Record&lt;string, {</code><br/><code>    rollup_jobs: any;</code><br/><code>}&gt;</code> |  |
 
 <b>Returns:</b>
 

docs/development/plugins/data/server/kibana-plugin-plugins-data-server.mergecapabilitieswithfields.md

@@ -9,7 +9,5 @@
 ```typescript
 mergeCapabilitiesWithFields: (rollupIndexCapabilities: {
     [key: string]: any;
-}, fieldsFromFieldCapsApi: {
-    [key: string]: any;
-}, previousFields?: FieldDescriptor[]) => FieldDescriptor[]
+}, fieldsFromFieldCapsApi: Record<string, FieldDescriptor>, previousFields?: FieldDescriptor[]) => FieldDescriptor[]
 ```

docs/management/managing-saved-objects.asciidoc

@@ -37,12 +37,15 @@ and select *Relationships*.
 [[managing-saved-objects-export-objects]]
 === Import and export
 
-Using the import and export commands, you can move objects between different
+Using the import and export actions, you can move objects between different
 {kib} instances. This action is useful when you
 have multiple environments for development and production.
 Import and export also work well when you have a large number
 of objects to update and want to batch the process.
 
+In addition to the user interface, {kib} provides beta <<saved-objects-api-import, import>> and <<saved-objects-api-export, export>> APIs if
+you want to automate this process.
+
 [float]
 ==== Compatibility across versions
 

docs/management/watcher-ui/index.asciidoc

@@ -123,9 +123,6 @@ in {es} for this example to work.
 you want to send the message when the condition is met.
 
 . Enter a subject and body for the email.
-+
-[role="screenshot"]
-image:management/watcher-ui/images/threshold-alert/threshold-alert-action.png["Action for threshold alert"]
 
 . To test the action before saving the watch, click *Send test email*.
 +

docs/settings/security-settings.asciidoc

@@ -337,24 +337,12 @@ For more details and a reference of audit events, refer to <<xpack-security-audi
 [cols="2*<"]
 |======
 | `xpack.security.audit.enabled` {ess-icon}
-| Set to `true` to enable audit logging for security events. *Default:* `false`
-|======
-
-[float]
-[[ecs-audit-logging-settings]]
-==== ECS audit logging settings
-
-To enable the <<xpack-security-ecs-audit-logging, ECS audit logger>>, specify where you want to write the audit events using `xpack.security.audit.appender`.
-
-[cols="2*<,*50"]
-|======
-| `xpack.security.audit.appender`
-| Optional. Specifies where audit logs should be written to and how they should be formatted.
+| Set to `true` _and_ configure an appender with `xpack.security.audit.appender` to enable ECS audit logging`. *Default:* `false`
 
 2+a| For example:
-
 [source,yaml]
 ----------------------------------------
+xpack.security.audit.enabled: true
 xpack.security.audit.appender:
   type: rolling-file
   fileName: ./audit.log
@@ -370,7 +358,31 @@ xpack.security.audit.appender:
 <1> Rotates log files every 24 hours.
 <2> Keeps maximum of 10 log files before deleting older ones.
 
-| `xpack.security.audit.appender.type`
+[NOTE]
+============
+{ess} does not support custom log file policies. To enable audit logging on {ess} only specify:
+
+[source,yaml]
+----------------------------------------
+xpack.security.audit.enabled: true
+xpack.security.audit.appender.type: rolling-file
+----------------------------------------
+============
+
+[NOTE]
+============
+deprecated:[7.15.0,"In 8.0 and later, the legacy audit logger will be removed, and this setting will enable the ECS audit logger with a default appender."] To enable the legacy audit logger only specify:
+
+[source,yaml]
+----------------------------------------
+xpack.security.audit.enabled: true
+----------------------------------------
+============
+
+| `xpack.security.audit.appender` {ess-icon}
+| Optional. Specifies where audit logs should be written to and how they should be formatted.
+
+| `xpack.security.audit.appender.type` {ess-icon}
 | Required. Specifies where audit logs should be written to. Allowed values are `console`, `file`, or `rolling-file`. 
 
 Refer to <<audit-logging-file-appender>> and <<audit-logging-rolling-file-appender>> for appender specific settings.

docs/spaces/index.asciidoc

@@ -12,7 +12,7 @@ spaces, you're asked to choose a space when you log in to Kibana. You can change
 current space at any time by using the menu.
 
 [role="screenshot"]
-image::spaces/images/change-space.png["Change current space menu"]
+image::images/change-space.png["Change current space menu"]
 
 Kibana supports spaces in several ways.  You can:
 
@@ -40,7 +40,7 @@ Open the main menu, then click *Stack Management > Spaces* for an overview of yo
 for you to create, edit, and delete spaces.
 
 [role="screenshot"]
-image::spaces/images/space-management.png["Space management"]
+image::images/space-management.png["Space management"]
 
 [float]
 ==== Create or edit a space
@@ -57,7 +57,7 @@ You cannot change the space identifier once you create the space.
 if you prefer to create spaces programatically.
 
 [role="screenshot"]
-image::spaces/images/edit-space.png["Space management"]
+image::images/edit-space.png["Space management"]
 
 [float]
 ==== Delete a space
@@ -81,7 +81,7 @@ to specific features on a per-user basis, you must configure
 <<xpack-security-authorization, Kibana Security>>.
 
 [role="screenshot"]
-image::spaces/images/edit-space-feature-visibility.png["Controlling features visiblity"]
+image::images/edit-space-feature-visibility.png["Controlling features visiblity"]
 
 [float]
 [[spaces-control-user-access]]
@@ -95,26 +95,13 @@ while analysts or executives might have Dashboard and Canvas with read-only priv
 See <<adding_kibana_privileges>> for details.
 
 [role="screenshot"]
-image::spaces/images/spaces-roles.png["Controlling features visiblity"]
+image::images/spaces-roles.png["Controlling features visiblity"]
 
 [float]
 [[spaces-moving-objects]]
 === Move saved objects between spaces
 
-To <<managing-saved-objects-copy-to-space, copy objects>> from one space to another, open the main menu,
-then click *Stack Management > Saved Objects*.
-
-Alternately, you can move objects using {kib}'s <<managing-saved-objects-export-objects, import and export>>
-interface.
-
-. Navigate to the space that contains your saved objects.
-. Export your saved objects.
-. Navigate to the space where you want to import the objects.
-. Import your saved objects.
-. (Optional) Delete objects in the export space that you no longer need.
-
-{kib} also has beta <<saved-objects-api-import, import>> and
-<<saved-objects-api-export, export>> APIs if you want to automate this process.
+To move saved objects between spaces, you can <<managing-saved-objects-copy-to-space, copy objects>>, or <<managing-saved-objects-export-objects, export and import objects>>.
 
 [float]
 [[spaces-default-route]]
@@ -125,10 +112,10 @@ The landing page can route users to a specific dashboard, application, or saved
 
 To configure the landing page, use the default route setting in
 <<kibana-general-settings, Stack Management > {kib} > Advanced settings>>.
-For example, you might set the default route to `/app/kibana#/dashboards`.
+For example, you might set the default route to `/app/dashboards`.
 
 [role="screenshot"]
-image::spaces/images/spaces-configure-landing-page.png["Configure space-level landing page"]
+image::images/spaces-configure-landing-page.png["Configure space-level landing page"]
 
 
 [float]

docs/user/dashboard/lens.asciidoc

@@ -316,10 +316,16 @@ Each *Layer* in a visualization is associated with an index pattern and mutiple
 You can also change the index pattern for a single *Layer*.
 
 [float]
-[[why-my-field-x-is-missing-from-the-fields-list]]
-===== Why is my field X missing from the fields list?
+[[why-my-field-is-missing-from-the-fields-list]]
+===== Why is my field missing from the fields list?
 
-*Lens* does not support the visualization of full-text fields, therefore it is not showing them in the data summary.
+Fields do not appear in the *Available fields* in the following scenarios:
+* The field is a full-text field.
+* The field is a `geo_point` field
+* The field is a `flattened` field.
+* The field is a `object` field.
+
+Verify if the field appears in the *Empty fields* list. *Lens* uses heuristics to determine if the fields contain values. For sparse data sets, the heuristics are less precise.
 
 [float]
 [[how-to-handle-gaps-in-time-series-visualizations]]
@@ -370,3 +376,9 @@ Here's a short list of few different aspects to check:
 ** If a custom `Number` configuration is used, check that the color stop values are covering the current data range.
 
 ** If a `Percent` configuration is used, and the data range changes, the colors displayed are affected.
+
+[float]
+[[is-it-possible-to-show-icons-in-datatable]]
+===== Is it possible to display icons in data tables?
+
+You can display icons with <<managing-index-patterns, field formatter>> in data tables.

docs/user/introduction.asciidoc

@@ -206,7 +206,7 @@ image::images/rules-and-connectors.png[Rules and Connectors view]
 === Organize your work in spaces
 
 Want to share {kib}’s goodness with other people or teams without overwhelming them? You can do so
-with <<xpack-spaces, Spaces>>, built for organizing your visualizations, dashboards, and indices.
+with <<xpack-spaces, Spaces>>, built for organizing your visualizations, dashboards, and index patterns.
 Think of a space as its own mini {kib} installation&mdash;it’s isolated from all other spaces,
 so you can tailor it to your specific needs without impacting others.
 
@@ -234,15 +234,15 @@ For example, roles with no access to an app will not have access to its alerts.
 ==== Control feature visibility
 
 You can take spaces one step further and control which features are visible
-within each space. For example, you might hide **Dev Tools** in your "Executive"
-space or show **Stack Monitoring** only in your "Admin" space.
+within each space. For example, you might hide **Dev Tools** in your "Marketing"
+space or show **Stack Monitoring** only in your "Engineering" space.
 
 Controlling feature visibility is not a security feature. To secure access
 to specific features on a per-user basis, you must configure
 <<xpack-security-authorization,{kib} Security>>.
 
 [role="screenshot"]
-image::images/features-control.png[Features Controls view]
+image::spaces/images/edit-space-feature-visibility.png[Features Controls view]
 
 [float]
 [[intro-kibana-Security]]
@@ -260,7 +260,7 @@ see <<security-settings-kb,Security settings in {kib}>>.
 allowing you to login using {es}’s built-in realms, or by your own single sign-on provider.
 
 [role="screenshot"]
-image::images/login-screen.png[Login page]
+image::security/images/kibana-login.png[Login page]
 
 [float]
 ==== Secure access
@@ -281,7 +281,7 @@ while analysts or executives might have *Dashboard* and *Canvas* with read-only
 levels, or you can automate role creation via our <<role-management-api,API>>.
 
 [role="screenshot"]
-image::images/roles-and-privileges.png[{kib privileges}]
+image::spaces/images/spaces-roles.png[{kib privileges}]
 
 [float]
 ==== Audit access

docs/user/security/access-agreement.asciidoc

@@ -2,26 +2,31 @@
 [[xpack-security-access-agreement]]
 === Access agreement
 
-Some work environments require you to acknowledge and accept an agreement before you can access {kib}, which can contain sensitive information. The agreement text supports Markdown format and can be specified using the `xpack.security.authc.providers.<provider-type>.<provider-name>.accessAgreement.message` setting.
+Access agreement is a https://www.elastic.co/subscriptions[subscription feature] that requires users to acknowledge and accept an
+agreement before accessing {kib}. The agreement text supports Markdown format and can be specified using the
+`xpack.security.authc.providers.<provider-type>.<provider-name>.accessAgreement.message` setting.
 
 [NOTE]
 ============================================================================
 You need to acknowledge the access agreement only once per session, and {kib} reports the acknowledgement in the audit logs.
 ============================================================================
 
-Here is how your `kibana.yml` can look like if you define an access agreement:
+Here is an example of defining an access agreement in `kibana.yml`:
 
 [source,yaml]
 --------------------------------------------------------------------------------
 xpack.security.authc.providers:
   basic.basic1:
     order: 0
     accessAgreement:
-      message: "**You are accessing a system with a sensitive information** \n\n
-                  By logging in, you acknowledge that (shortened ...)"
+      message: |
+        **You are accessing a system with sensitive information**
+
+        By logging in, you acknowledge that information system usage
+        ...(shortened)
 --------------------------------------------------------------------------------
 
 When you authenticate using `basic.basic1`, you'll see the following agreement that you must acknowledge before you can access {kib}:
 
 [role="screenshot"]
-image::user/security/images/access-agreement.png["Access Agreement UI"]
+image::images/access-agreement.png["Access Agreement UI"]