Skip to content

Commit

Permalink
Merge branch 'master' into alerting/enable-rule-export-with-exclusions
Browse files Browse the repository at this point in the history
  • Loading branch information
kibanamachine authored Jun 28, 2021
2 parents 2feca91 + bfadab6 commit 21a31d8
Show file tree
Hide file tree
Showing 1,620 changed files with 38,936 additions and 22,274 deletions.
22 changes: 13 additions & 9 deletions NOTICE.txt
Original file line number Diff line number Diff line change
Expand Up @@ -149,17 +149,17 @@ SOFTWARE.

---
Detection Rules
Copyright 2020 Elasticsearch B.V.
Copyright 2021 Elasticsearch B.V.

---
This product bundles rules based on https://github.com/BlueTeamLabs/sentinel-attack
which is available under a "MIT" license. The files based on this license are:
which is available under a "MIT" license. The rules based on this license are:

- defense_evasion_via_filter_manager
- discovery_process_discovery_via_tasklist_command
- persistence_priv_escalation_via_accessibility_features
- persistence_via_application_shimming
- defense_evasion_execution_via_trusted_developer_utilities
- "Potential Evasion via Filter Manager" (06dceabf-adca-48af-ac79-ffdf4c3b1e9a)
- "Process Discovery via Tasklist" (cc16f774-59f9-462d-8b98-d27ccd4519ec)
- "Potential Modification of Accessibility Binaries" (7405ddf1-6c8e-41ce-818f-48bea6bcaed8)
- "Potential Application Shimming via Sdbinst" (fd4a992d-6130-4802-9ff8-829b89ae801f)
- "Trusted Developer Application Usage" (9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae1)

MIT License

Expand All @@ -185,9 +185,9 @@ SOFTWARE.

---
This product bundles rules based on https://github.com/FSecureLABS/leonidas
which is available under a "MIT" license. The files based on this license are:
which is available under a "MIT" license. The rules based on this license are:

- credential_access_secretsmanager_getsecretvalue.toml
- "AWS Access Secret in Secrets Manager" (a00681e3-9ed6-447c-ab2c-be648821c622)

MIT License

Expand Down Expand Up @@ -235,6 +235,10 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

---
Portions of this code are licensed under the following license:
For license information please see https://edge.fullstory.com/s/fs.js.LICENSE.txt

---
This product bundles bootstrap@3.3.6 which is available under a
"MIT" license.
Expand Down
2 changes: 2 additions & 0 deletions docs/developer/getting-started/monorepo-packages.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ yarn kbn watch-bazel
- @kbn/apm-utils
- @kbn/babel-code-parser
- @kbn/babel-preset
- @kbn/cli-dev-mode
- @kbn/config
- @kbn/config-schema
- @kbn/crypto
Expand All @@ -87,6 +88,7 @@ yarn kbn watch-bazel
- @kbn/mapbox-gl
- @kbn/monaco
- @kbn/optimizer
- @kbn/plugin-helpers
- @kbn/rule-data-utils
- @kbn/securitysolution-es-utils
- @kbn/securitysolution-hook-utils
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<!-- Do not edit this file. It is automatically generated by API Documenter. -->

[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [CspConfig](./kibana-plugin-core-server.cspconfig.md) &gt; ["\#private"](./kibana-plugin-core-server.cspconfig.__private_.md)

## CspConfig."\#private" property

<b>Signature:</b>

```typescript
#private;
```
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ The constructor for this class is marked as internal. Third-party code should no
| Property | Modifiers | Type | Description |
| --- | --- | --- | --- |
| ["\#private"](./kibana-plugin-core-server.cspconfig.__private_.md) | | <code></code> | |
| [DEFAULT](./kibana-plugin-core-server.cspconfig.default.md) | <code>static</code> | <code>CspConfig</code> | |
| [disableEmbedding](./kibana-plugin-core-server.cspconfig.disableembedding.md) | | <code>boolean</code> | |
| [header](./kibana-plugin-core-server.cspconfig.header.md) | | <code>string</code> | |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,7 @@ set(status$: Observable<ServiceStatus>): void;

## Remarks

The first emission from this Observable should occur within 30s, else this plugin's status will fallback to `unavailable` until the first emission.

See the [StatusServiceSetup.derivedStatus$](./kibana-plugin-core-server.statusservicesetup.derivedstatus_.md) API for leveraging the default status calculation that is provided by Core.

Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ esFilters: {
FILTERS: typeof FILTERS;
FilterStateStore: typeof FilterStateStore;
buildEmptyFilter: (isPinned: boolean, index?: string | undefined) => import("../common").Filter;
buildPhrasesFilter: (field: import("../common").IFieldType, params: any[], indexPattern: import("../common").IIndexPattern) => import("../common").PhrasesFilter;
buildExistsFilter: (field: import("../common").IFieldType, indexPattern: import("../common").IIndexPattern) => import("../common").ExistsFilter;
buildPhraseFilter: (field: import("../common").IFieldType, value: any, indexPattern: import("../common").IIndexPattern) => import("../common").PhraseFilter;
buildPhrasesFilter: (field: import("../common").IFieldType, params: any[], indexPattern: import("../common").MinimalIndexPattern) => import("../common").PhrasesFilter;
buildExistsFilter: (field: import("../common").IFieldType, indexPattern: import("../common").MinimalIndexPattern) => import("../common").ExistsFilter;
buildPhraseFilter: (field: import("../common").IFieldType, value: any, indexPattern: import("../common").MinimalIndexPattern) => import("../common").PhraseFilter;
buildQueryFilter: (query: any, index: string, alias: string) => import("../common").QueryStringFilter;
buildRangeFilter: (field: import("../common").IFieldType, params: import("../common").RangeFilterParams, indexPattern: import("../common").IIndexPattern, formattedValue?: string | undefined) => import("../common").RangeFilter;
buildRangeFilter: (field: import("../common").IFieldType, params: import("../common").RangeFilterParams, indexPattern: import("../common").MinimalIndexPattern, formattedValue?: string | undefined) => import("../common").RangeFilter;
isPhraseFilter: (filter: any) => filter is import("../common").PhraseFilter;
isExistsFilter: (filter: any) => filter is import("../common").ExistsFilter;
isPhrasesFilter: (filter: any) => filter is import("../common").PhrasesFilter;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@
esKuery: {
nodeTypes: import("../common/es_query/kuery/node_types").NodeTypes;
fromKueryExpression: (expression: any, parseOptions?: Partial<import("../common").KueryParseOptions>) => import("../common").KueryNode;
toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").IIndexPattern | undefined, config?: Record<string, any> | undefined, context?: Record<string, any> | undefined) => import("@kbn/common-utils").JsonObject;
toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").MinimalIndexPattern | undefined, config?: Record<string, any> | undefined, context?: Record<string, any> | undefined) => import("@kbn/common-utils").JsonObject;
}
```
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
esQuery: {
buildEsQuery: typeof buildEsQuery;
getEsQueryConfig: typeof getEsQueryConfig;
buildQueryFromFilters: (filters: import("../common").Filter[] | undefined, indexPattern: import("../common").IIndexPattern | undefined, ignoreFilterIfFieldNotInIndex?: boolean) => {
buildQueryFromFilters: (filters: import("../common").Filter[] | undefined, indexPattern: import("../common").MinimalIndexPattern | undefined, ignoreFilterIfFieldNotInIndex?: boolean) => {
must: never[];
filter: import("../common").Filter[];
should: never[];
Expand Down

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,15 @@
<b>Signature:</b>

```typescript
export interface IIndexPattern
export interface IIndexPattern extends MinimalIndexPattern
```
## Properties
| Property | Type | Description |
| --- | --- | --- |
| [fieldFormatMap](./kibana-plugin-plugins-data-public.iindexpattern.fieldformatmap.md) | <code>Record&lt;string, SerializedFieldFormat&lt;unknown&gt; &#124; undefined&gt;</code> | |
| [fields](./kibana-plugin-plugins-data-public.iindexpattern.fields.md) | <code>IFieldType[]</code> | |
| [getFormatterForField](./kibana-plugin-plugins-data-public.iindexpattern.getformatterforfield.md) | <code>(field: IndexPatternField &#124; IndexPatternField['spec'] &#124; IFieldType) =&gt; FieldFormat</code> | Look up a formatter for a given field |
| [id](./kibana-plugin-plugins-data-public.iindexpattern.id.md) | <code>string</code> | |
| [timeFieldName](./kibana-plugin-plugins-data-public.iindexpattern.timefieldname.md) | <code>string</code> | |
| [title](./kibana-plugin-plugins-data-public.iindexpattern.title.md) | <code>string</code> | |
| [type](./kibana-plugin-plugins-data-public.iindexpattern.type.md) | <code>string</code> | Type is used for identifying rollup indices, otherwise left undefined |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,11 @@ esFilters: {
buildQueryFilter: (query: any, index: string, alias: string) => import("../common").QueryStringFilter;
buildCustomFilter: typeof buildCustomFilter;
buildEmptyFilter: (isPinned: boolean, index?: string | undefined) => import("../common").Filter;
buildExistsFilter: (field: import("../common").IFieldType, indexPattern: import("../common").IIndexPattern) => import("../common").ExistsFilter;
buildExistsFilter: (field: import("../common").IFieldType, indexPattern: import("../common").MinimalIndexPattern) => import("../common").ExistsFilter;
buildFilter: typeof buildFilter;
buildPhraseFilter: (field: import("../common").IFieldType, value: any, indexPattern: import("../common").IIndexPattern) => import("../common").PhraseFilter;
buildPhrasesFilter: (field: import("../common").IFieldType, params: any[], indexPattern: import("../common").IIndexPattern) => import("../common").PhrasesFilter;
buildRangeFilter: (field: import("../common").IFieldType, params: import("../common").RangeFilterParams, indexPattern: import("../common").IIndexPattern, formattedValue?: string | undefined) => import("../common").RangeFilter;
buildPhraseFilter: (field: import("../common").IFieldType, value: any, indexPattern: import("../common").MinimalIndexPattern) => import("../common").PhraseFilter;
buildPhrasesFilter: (field: import("../common").IFieldType, params: any[], indexPattern: import("../common").MinimalIndexPattern) => import("../common").PhrasesFilter;
buildRangeFilter: (field: import("../common").IFieldType, params: import("../common").RangeFilterParams, indexPattern: import("../common").MinimalIndexPattern, formattedValue?: string | undefined) => import("../common").RangeFilter;
isFilterDisabled: (filter: import("../common").Filter) => boolean;
}
```
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@
esKuery: {
nodeTypes: import("../common/es_query/kuery/node_types").NodeTypes;
fromKueryExpression: (expression: any, parseOptions?: Partial<import("../common").KueryParseOptions>) => import("../common").KueryNode;
toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").IIndexPattern | undefined, config?: Record<string, any> | undefined, context?: Record<string, any> | undefined) => import("@kbn/common-utils").JsonObject;
toElasticsearchQuery: (node: import("../common").KueryNode, indexPattern?: import("../common").MinimalIndexPattern | undefined, config?: Record<string, any> | undefined, context?: Record<string, any> | undefined) => import("@kbn/common-utils").JsonObject;
}
```
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

```typescript
esQuery: {
buildQueryFromFilters: (filters: import("../common").Filter[] | undefined, indexPattern: import("../common").IIndexPattern | undefined, ignoreFilterIfFieldNotInIndex?: boolean) => {
buildQueryFromFilters: (filters: import("../common").Filter[] | undefined, indexPattern: import("../common").MinimalIndexPattern | undefined, ignoreFilterIfFieldNotInIndex?: boolean) => {
must: never[];
filter: import("../common").Filter[];
should: never[];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
| [isSavedObjectEmbeddableInput(input)](./kibana-plugin-plugins-embeddable-public.issavedobjectembeddableinput.md) | |
| [openAddPanelFlyout(options)](./kibana-plugin-plugins-embeddable-public.openaddpanelflyout.md) | |
| [plugin(initializerContext)](./kibana-plugin-plugins-embeddable-public.plugin.md) | |
| [useEmbeddableFactory({ input, factory, onInputUpdated, })](./kibana-plugin-plugins-embeddable-public.useembeddablefactory.md) | |

## Interfaces

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
<!-- Do not edit this file. It is automatically generated by API Documenter. -->

[Home](./index.md) &gt; [kibana-plugin-plugins-embeddable-public](./kibana-plugin-plugins-embeddable-public.md) &gt; [useEmbeddableFactory](./kibana-plugin-plugins-embeddable-public.useembeddablefactory.md)

## useEmbeddableFactory() function

<b>Signature:</b>

```typescript
export declare function useEmbeddableFactory<I extends EmbeddableInput>({ input, factory, onInputUpdated, }: EmbeddableRendererWithFactory<I>): readonly [ErrorEmbeddable | IEmbeddable<I, import("./i_embeddable").EmbeddableOutput> | undefined, boolean, string | undefined];
```

## Parameters

| Parameter | Type | Description |
| --- | --- | --- |
| { input, factory, onInputUpdated, } | <code>EmbeddableRendererWithFactory&lt;I&gt;</code> | |

<b>Returns:</b>

`readonly [ErrorEmbeddable | IEmbeddable<I, import("./i_embeddable").EmbeddableOutput> | undefined, boolean, string | undefined]`

4 changes: 4 additions & 0 deletions docs/management/action-types.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@ a| <<slack-action-type, Slack>>

| Send a message to a Slack channel or user.

a| <<swimlane-action-type, Swimlane>>

| Create an incident in Swimlane.

a| <<webhook-action-type, Webhook>>

| Send a request to a web service.
Expand Down
3 changes: 3 additions & 0 deletions docs/management/advanced-options.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -482,6 +482,9 @@ of buckets to try to represent.
[[visualization-visualize-chartslibrary]]`visualization:visualize:legacyChartsLibrary`::
Enables the legacy charts library for aggregation-based area, line, and bar charts in *Visualize*.

[[visualization-visualize-pieChartslibrary]]`visualization:visualize:legacyPieChartsLibrary`::
Enables the legacy charts library for aggregation-based pie charts in *Visualize*.

[[visualization-colormapping]]`visualization:colorMapping`::
**This setting is deprecated and will not be supported as of 8.0.**
Maps values to specific colors in charts using the *Compatibility* palette.
Expand Down
105 changes: 105 additions & 0 deletions docs/management/connectors/action-types/swimlane.asciidoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
[role="xpack"]
[[swimlane-action-type]]
=== Swimlane connector and action
++++
<titleabbrev>Swimlane</titleabbrev>
++++

The Swimlane connector uses the https://swimlane.com/knowledge-center/docs/developer-guide/rest-api/[Swimlane REST API] to create Swimlane records.

[float]
[[swimlane-connector-configuration]]
==== Connector configuration

Swimlane connectors have the following configuration properties.

Name:: The name of the connector. The name is used to identify a connector in the **Stack Management** UI connector listing, and in the connector list when configuring an action.
URL:: Swimlane instance URL.
Application ID:: Swimlane application ID.
API token:: Swimlane API authentication token for HTTP Basic authentication.

[float]
[[Preconfigured-swimlane-configuration]]
==== Preconfigured connector type

[source,text]
--
my-swimlane:
name: preconfigured-swimlane-connector-type
actionTypeId: .swimlane
config:
apiUrl: https://elastic.swimlaneurl.us
appId: app-id
mappings:
alertIdConfig:
fieldType: text
id: agp4s
key: alert-id
name: Alert ID
caseIdConfig:
fieldType: text
id: ae1mi
key: case-id
name: Case ID
caseNameConfig:
fieldType: text
id: anxnr
key: case-name
name: Case Name
commentsConfig:
fieldType: comments
id: au18d
key: comments
name: Comments
descriptionConfig:
fieldType: text
id: ae1gd
key: description
name: Description
ruleNameConfig:
fieldType: text
id: avfsl
key: rule-name
name: Rule Name
severityConfig:
fieldType: text
id: a71ik
key: severity
name: severity
secrets:
apiToken: tokenkeystorevalue
--

Config defines information for the connector type.

`apiUrl`:: An address that corresponds to *URL*.
`appId`:: A key that corresponds to *Application ID*.

Secrets defines sensitive information for the connector type.

`apiToken`:: A string that corresponds to *API Token*. Should be stored in the <<creating-keystore, {kib} keystore>>.

[float]
[[define-swimlane-ui]]
==== Define connector in Stack Management

Define Swimlane connector properties.

[role="screenshot"]
image::management/connectors/images/swimlane-connector.png[Swimlane connector]

Test Swimlane action parameters.

[role="screenshot"]
image::management/connectors/images/swimlane-params-test.png[Swimlane params test]

[float]
[[swimlane-action-configuration]]
==== Action configuration

Swimlane actions have the following configuration properties.

Comments:: Additional information for the client, such as how to troubleshoot the issue.
Severity:: The severity of the incident.

NOTE: Alert ID and Rule Name are filled automatically. Specifically, Alert ID is set to `{{alert.id}}` and Rule Name to `{{rule.name}}`.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions docs/management/connectors/index.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ include::action-types/teams.asciidoc[]
include::action-types/pagerduty.asciidoc[]
include::action-types/server-log.asciidoc[]
include::action-types/servicenow.asciidoc[]
include::action-types/swimlane.asciidoc[]
include::action-types/slack.asciidoc[]
include::action-types/webhook.asciidoc[]
include::pre-configured-connectors.asciidoc[]
Loading

0 comments on commit 21a31d8

Please sign in to comment.