Merge branch 'main' into security/rules/4680-new-preview

x-pack/plugins/enterprise_search/common/ui_settings_keys.ts

@@ -6,4 +6,4 @@
  */
 
 export const enterpriseSearchFeatureId = 'enterpriseSearch';
-export const enableIndexTransformsTab = 'enterpriseSearch:enableIndexTransformsTab';
+export const enableIndexPipelinesTab = 'enterpriseSearch:enableIndexTransformsTab';

x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/pipelines.tsx

@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+
+import { EuiFlexGroup, EuiFlexItem, EuiSpacer } from '@elastic/eui';
+
+import { i18n } from '@kbn/i18n';
+
+import { DataPanel } from '../../../../shared/data_panel/data_panel';
+
+export const SearchIndexPipelines: React.FC = () => {
+  return (
+    <>
+      <EuiSpacer />
+      <EuiFlexGroup direction="row">
+        <EuiFlexItem>
+          <DataPanel
+            hasBorder
+            title={
+              <h2>
+                {i18n.translate(
+                  'xpack.enterpriseSearch.content.indices.pipelines.ingestionPipeline.title',
+                  {
+                    defaultMessage: 'Ingest Pipelines',
+                  }
+                )}
+              </h2>
+            }
+            iconType="logstashInput"
+          >
+            <div />
+          </DataPanel>
+          <EuiSpacer />
+          <DataPanel
+            hasBorder
+            title={
+              <h2>
+                {i18n.translate(
+                  'xpack.enterpriseSearch.content.indices.pipelines.mlInferencePipelines.title',
+                  {
+                    defaultMessage: 'ML Inference pipelines',
+                  }
+                )}
+              </h2>
+            }
+            iconType="compute"
+          >
+            <div />
+          </DataPanel>
+        </EuiFlexItem>
+        <EuiFlexItem />
+      </EuiFlexGroup>
+    </>
+  );
+};

x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/search_index.tsx

@@ -17,7 +17,7 @@ import { i18n } from '@kbn/i18n';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
 
 import { Status } from '../../../../../common/types/api';
-import { enableIndexTransformsTab } from '../../../../../common/ui_settings_keys';
+import { enableIndexPipelinesTab } from '../../../../../common/ui_settings_keys';
 import { generateEncodedPath } from '../../../shared/encode_path_params';
 import { KibanaLogic } from '../../../shared/kibana';
 import { FetchIndexApiLogic } from '../../api/index/fetch_index_api_logic';
@@ -38,16 +38,17 @@ import { SearchIndexDocuments } from './documents';
 import { SearchIndexIndexMappings } from './index_mappings';
 import { IndexNameLogic } from './index_name_logic';
 import { SearchIndexOverview } from './overview';
+import { SearchIndexPipelines } from './pipelines/pipelines';
 
 export enum SearchIndexTabId {
   // all indices
   OVERVIEW = 'overview',
   DOCUMENTS = 'documents',
   INDEX_MAPPINGS = 'index_mappings',
+  PIPELINES = 'pipelines',
   // connector indices
   CONFIGURATION = 'configuration',
   SCHEDULING = 'scheduling',
-  TRANSFORMS = 'transforms',
   // crawler indices
   DOMAIN_MANAGEMENT = 'domain_management',
 }
@@ -64,7 +65,7 @@ export const SearchIndex: React.FC = () => {
 
   const { indexName } = useValues(IndexNameLogic);
 
-  const transformsEnabled = uiSettings?.get<boolean>(enableIndexTransformsTab) ?? false;
+  const pipelinesEnabled = uiSettings?.get<boolean>(enableIndexPipelinesTab) ?? false;
 
   const ALL_INDICES_TABS: EuiTabbedContentTab[] = [
     {
@@ -124,12 +125,12 @@ export const SearchIndex: React.FC = () => {
     },
   ];
 
-  const TRANSFORMS_TAB: EuiTabbedContentTab[] = [
+  const PIPELINES_TAB: EuiTabbedContentTab[] = [
     {
-      content: <div />,
-      id: SearchIndexTabId.TRANSFORMS,
-      name: i18n.translate('xpack.enterpriseSearch.content.searchIndex.transformsTabLabel', {
-        defaultMessage: 'Transforms',
+      content: <SearchIndexPipelines />,
+      id: SearchIndexTabId.PIPELINES,
+      name: i18n.translate('xpack.enterpriseSearch.content.searchIndex.pipelinesTabLabel', {
+        defaultMessage: 'Pipelines',
       }),
     },
   ];
@@ -138,7 +139,7 @@ export const SearchIndex: React.FC = () => {
     ...ALL_INDICES_TABS,
     ...(isConnectorIndex(indexData) ? CONNECTOR_TABS : []),
     ...(isCrawlerIndex(indexData) ? CRAWLER_TABS : []),
-    ...(transformsEnabled && isConnectorIndex(indexData) ? TRANSFORMS_TAB : []),
+    ...(pipelinesEnabled ? PIPELINES_TAB : []),
   ];
 
   const selectedTab = tabs.find((tab) => tab.id === tabId);

x-pack/plugins/enterprise_search/server/ui_settings.ts

@@ -9,19 +9,19 @@ import { schema } from '@kbn/config-schema';
 import { UiSettingsParams } from '@kbn/core/types';
 import { i18n } from '@kbn/i18n';
 
-import { enterpriseSearchFeatureId, enableIndexTransformsTab } from '../common/ui_settings_keys';
+import { enterpriseSearchFeatureId, enableIndexPipelinesTab } from '../common/ui_settings_keys';
 
 /**
  * uiSettings definitions for Enterprise Search
  */
 export const uiSettings: Record<string, UiSettingsParams<boolean>> = {
-  [enableIndexTransformsTab]: {
+  [enableIndexPipelinesTab]: {
     category: [enterpriseSearchFeatureId],
-    description: i18n.translate('xpack.enterpriseSearch.uiSettings.indexTransforms.description', {
-      defaultMessage: 'Enable the new index transforms tab in Enterprise Search.',
+    description: i18n.translate('xpack.enterpriseSearch.uiSettings.indexPipelines.description', {
+      defaultMessage: 'Enable the new index pipelines tab in Enterprise Search.',
     }),
-    name: i18n.translate('xpack.enterpriseSearch.uiSettings.indexTransforms.name', {
-      defaultMessage: 'Enable index transforms',
+    name: i18n.translate('xpack.enterpriseSearch.uiSettings.indexPipelines.name', {
+      defaultMessage: 'Enable index pipelines',
     }),
     requiresPageReload: false,
     schema: schema.boolean(),

x-pack/plugins/security_solution/common/constants.ts

@@ -458,3 +458,6 @@ export enum BulkActionsDryRunErrCode {
   MACHINE_LEARNING_AUTH = 'MACHINE_LEARNING_AUTH',
   MACHINE_LEARNING_INDEX_PATTERN = 'MACHINE_LEARNING_INDEX_PATTERN',
 }
+
+export const RISKY_HOSTS_DOC_LINK =
+  'https://www.github.com/elastic/detection-rules/blob/main/docs/experimental-machine-learning/host-risk-score.md';

x-pack/plugins/security_solution/common/endpoint/data_generators/base_data_generator.ts

@@ -167,7 +167,9 @@ export class BaseDataGenerator<GeneratedDoc extends {} = {}> {
   }
 
   protected randomVersion(): string {
-    return [7, ...this.randomNGenerator(20, 2)].map((x) => x.toString()).join('.');
+    // the `major` is sometimes (30%) 7 and most of the time (70%) 8
+    const major = this.randomBoolean(0.4) ? 7 : 8;
+    return [major, ...this.randomNGenerator(20, 2)].map((x) => x.toString()).join('.');
   }
 
   protected randomChoice<T>(choices: T[] | readonly T[]): T {

x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_metadata_generator.ts

@@ -0,0 +1,149 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { DeepPartial } from 'utility-types';
+import { merge } from 'lodash';
+import { gte } from 'semver';
+import { BaseDataGenerator } from './base_data_generator';
+import type { HostMetadataInterface, OSFields } from '../types';
+import { EndpointStatus, HostPolicyResponseActionStatus } from '../types';
+
+/**
+ * Metadata generator for docs that are sent by the Endpoint running on hosts
+ */
+export class EndpointMetadataGenerator extends BaseDataGenerator {
+  /** Generate an Endpoint host metadata document */
+  generate(overrides: DeepPartial<HostMetadataInterface> = {}): HostMetadataInterface {
+    const ts = overrides['@timestamp'] ?? new Date().getTime();
+    const hostName = this.randomHostname();
+    const agentVersion = overrides?.agent?.version ?? this.randomVersion();
+    const agentId = this.seededUUIDv4();
+    const isIsolated = this.randomBoolean(0.3);
+    const capabilities = ['isolation'];
+
+    // v8.4 introduced additional endpoint capabilities
+    if (gte(agentVersion, '8.4.0')) {
+      capabilities.push('kill_process', 'suspend_process', 'running_processes');
+    }
+
+    const hostMetadataDoc: HostMetadataInterface = {
+      '@timestamp': ts,
+      event: {
+        created: ts,
+        id: this.seededUUIDv4(),
+        kind: 'metric',
+        category: ['host'],
+        type: ['info'],
+        module: 'endpoint',
+        action: 'endpoint_metadata',
+        dataset: 'endpoint.metadata',
+      },
+      data_stream: {
+        type: 'metrics',
+        dataset: 'endpoint.metadata',
+        namespace: 'default',
+      },
+      agent: {
+        version: agentVersion,
+        id: agentId,
+        type: 'endpoint',
+      },
+      elastic: {
+        agent: {
+          id: agentId,
+        },
+      },
+      host: {
+        id: this.seededUUIDv4(),
+        hostname: hostName,
+        name: hostName,
+        architecture: this.randomString(10),
+        ip: this.randomArray(3, () => this.randomIP()),
+        mac: this.randomArray(3, () => this.randomMac()),
+        os: this.randomOsFields(),
+      },
+      Endpoint: {
+        status: EndpointStatus.enrolled,
+        policy: {
+          applied: {
+            name: 'With Eventing',
+            id: 'C2A9093E-E289-4C0A-AA44-8C32A414FA7A',
+            status: HostPolicyResponseActionStatus.success,
+            endpoint_policy_version: 3,
+            version: 5,
+          },
+        },
+        configuration: {
+          isolation: isIsolated,
+        },
+        state: {
+          isolation: isIsolated,
+        },
+        capabilities,
+      },
+    };
+
+    return merge(hostMetadataDoc, overrides);
+  }
+
+  protected randomOsFields(): OSFields {
+    return this.randomChoice([
+      {
+        name: 'Windows',
+        full: 'Windows 10',
+        version: '10.0',
+        platform: 'Windows',
+        family: 'windows',
+        Ext: {
+          variant: 'Windows Pro',
+        },
+      },
+      {
+        name: 'Windows',
+        full: 'Windows Server 2016',
+        version: '10.0',
+        platform: 'Windows',
+        family: 'windows',
+        Ext: {
+          variant: 'Windows Server',
+        },
+      },
+      {
+        name: 'Windows',
+        full: 'Windows Server 2012',
+        version: '6.2',
+        platform: 'Windows',
+        family: 'windows',
+        Ext: {
+          variant: 'Windows Server',
+        },
+      },
+      {
+        name: 'Windows',
+        full: 'Windows Server 2012R2',
+        version: '6.3',
+        platform: 'Windows',
+        family: 'windows',
+        Ext: {
+          variant: 'Windows Server Release 2',
+        },
+      },
+      {
+        Ext: {
+          variant: 'Debian',
+        },
+        kernel: '4.19.0-21-cloud-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30)',
+        name: 'Linux',
+        family: 'debian',
+        type: 'linux',
+        version: '10.12',
+        platform: 'debian',
+        full: 'Debian 10.12',
+      },
+    ]);
+  }
+}

x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts

@@ -504,7 +504,7 @@ describe('data generator', () => {
         events[previousProcessEventIndex].process?.parent?.entity_id
       );
       expect(events[events.length - 1].event?.kind).toEqual('alert');
-      expect(events[events.length - 1].event?.category).toEqual('malware');
+      expect(events[events.length - 1].event?.category).toEqual('behavior');
     });
   });