Merge branch 'main' into eui-ghost/canvas

elastic · Oct 24, 2023 · 08927bd · 08927bd
2 parents 2184c6e + 255e32a
commit 08927bd
Show file tree

Hide file tree

Showing 32 changed files with 2,193 additions and 1,062 deletions.
diff --git a/docs/management/cases/add-connectors.asciidoc b/docs/management/cases/add-connectors.asciidoc
@@ -1,10 +1,12 @@
 [[add-case-connectors]]
-== Add connectors
-
+== Add connectors to cases
 :frontmatter-description: Configure connectors to push case details to external incident management systems.
 :frontmatter-tags-products: [kibana]
 :frontmatter-tags-content-type: [how-to] 
 :frontmatter-tags-user-goals: [configure]
+++++
+<titleabbrev>Add connectors</titleabbrev>
+++++
 
 You can add connectors to cases to push information to these external incident
 management systems:
@@ -23,6 +25,11 @@ appropriate {kib} feature privileges. Refer to <<setup-cases>>.
 [[create-case-connectors]]
 == Create connectors
 
+:frontmatter-description: Open and track issues in {kib} cases. 
+:frontmatter-tags-products: [kibana]
+:frontmatter-tags-content-type: [overview] 
+:frontmatter-tags-user-goals: [analyze]
+
 You can create connectors in *{stack-manage-app} > {connectors-ui}*,
 as described in <<action-types>>. Alternatively, you can create them in
 *{stack-manage-app} > Cases*:
@@ -31,7 +38,7 @@ as described in <<action-types>>. Alternatively, you can create them in
 +
 --
 [role="screenshot"]
-image::images/cases-connectors.png[]
+image::images/cases-settings.png[View case settings]
 // NOTE: This is an autogenerated screenshot. Do not edit it directly.
 --
 

diff --git a/docs/management/cases/images/cases-create.png b/docs/management/cases/images/cases-create.png
diff --git a/docs/management/cases/images/cases-custom-fields-add.png b/docs/management/cases/images/cases-custom-fields-add.png
diff --git a/docs/management/cases/images/cases-custom-fields-view.png b/docs/management/cases/images/cases-custom-fields-view.png
diff --git a/docs/management/cases/images/cases-custom-fields.png b/docs/management/cases/images/cases-custom-fields.png
diff --git a/...agement/cases/images/cases-connectors.png → ...anagement/cases/images/cases-settings.png b/...agement/cases/images/cases-connectors.png → ...anagement/cases/images/cases-settings.png
diff --git a/docs/management/cases/index.asciidoc b/docs/management/cases/index.asciidoc
@@ -1,4 +1,4 @@
 include::cases.asciidoc[]
 include::setup-cases.asciidoc[leveloffset=+1]
 include::manage-cases.asciidoc[leveloffset=+1]
-include::add-connectors.asciidoc[leveloffset=+1]
+include::add-connectors.asciidoc[leveloffset=+1]
diff --git a/docs/management/cases/manage-cases.asciidoc b/docs/management/cases/manage-cases.asciidoc
@@ -12,6 +12,12 @@
 Open a new case to keep track of issues and share their details with colleagues.
 
 . Go to *Management > {stack-manage-app} > Cases*, then click *Create case*.
++
+--
+[role="screenshot"]
+image::images/cases-create.png[Create a case in {stack-manage-app}]
+// NOTE: This is an autogenerated screenshot. Do not edit it directly.
+--
 
 . Give the case a name, severity, and description.
 +
@@ -22,11 +28,90 @@ text.
 . Optionally, add a category, assignees, and tags.
 You can add users only if they meet the necessary <<setup-cases,prerequisites>>.
 
-. For *External incident management system*, select a connector. For more
+. preview:[] If you defined any custom fields, they appear in the *Additional fields* section.
+Check out <<case-custom-fields>>.
+
+. For the *External incident management system*, select a connector. For more
 information, refer to <<add-case-connectors>>.
 
 . After you've completed all of the required fields, click *Create case*.
 
+[[case-custom-fields]]
+=== Add custom fields
+
+preview::[]
+
+You can add optional and required fields for customized case collaboration.
+
+. Go to *{stack-manage-app} > Cases* and click *Settings*.
++
+--
+[role="screenshot"]
+image::images/cases-custom-fields-view.png[View custom fields in case settings]
+// NOTE: This is an autogenerated screenshot. Do not edit it directly.
+
+NOTE: To view and change case settings, you must have the appropriate {kib} feature privileges. Refer to <<setup-cases>>.
+--
+
+. In the *Custom fields* section, click *Add field*.
++
+--
+[role="screenshot"]
+image::images/cases-custom-fields-add.png[Add a custom field in case settings]
+// NOTE: This is an autogenerated screenshot. Do not edit it directly.
+--
+
+. Enter a field label.
+
+. Choose a field type: text or toggle.
+
+. If you want the text field to be mandatory in all cases, select *Make this field required*.
+
+. Click *Save field*.
+
+You can subsequently remove or edit custom fields on the *Settings* page.
+
+After you create custom fields, they're added to all new and existing cases.
+
+Existing cases have null values for the new text fields until you set them in each case.
+For example, you must click the pencil icon next to `my-field` to set it:
+
+[role="screenshot"]
+image::images/cases-custom-fields.png[A case that has an unset custom field]
+// NOTE: This is an autogenerated screenshot. Do not edit it directly.
+
+[[add-case-notifications]]
+=== Add email notifications
+
+You can configure email notifications that occur when users are assigned to
+cases.
+
+For hosted {kib} on {ess}:
+
+. Add the email domains to the {cloud}/ec-organizations-notifications-domain-allowlist.html[notifications domain allowlist].
++
+--
+You do not need to take any more steps to configure an email connector or update
+{kib} user settings, since the preconfigured Elastic-Cloud-SMTP connector is
+used by default.
+--
+
+For self-managed {kib}:
+
+. Create a preconfigured email connector.
++
+--
+NOTE: At this time, email notifications support only preconfigured connectors,
+which are defined in the `kibana.yml` file.
+For examples, refer to <<preconfigured-email-configuration>> and <<configuring-email>>.
+--
+. Set the `notifications.connectors.default.email` {kib} setting to the name of
+your email connector.
+. If you want the email notifications to contain links back to the case, you
+must configure the <<server-publicBaseUrl,server.publicBaseUrl>> setting.
+
+When you subsequently add assignees to cases, they receive an email.
+
 [[add-case-files]]
 === Add files
 
@@ -48,7 +133,7 @@ When you export cases as <<managing-saved-objects,saved objects>>, the case file
 ============================================================================
 
 [[add-case-visualization]]
-=== Add a visualization
+=== Add visualizations
 
 You can also optionally add visualizations.
 For example, you can portray event and alert data through charts and graphs.
@@ -79,40 +164,6 @@ Alternatively, while viewing a <<dashboard,dashboard>> you can open a panel's me
 
 After a visualization has been added to a case, you can modify or interact with it by clicking the *Open Visualization* option in the case's comment menu.
 
-[[add-case-notifications]]
-=== Add email notifications
-
-// tag::case-notifications[]
-You can configure email notifications that occur when users are assigned to
-cases.
-
-For hosted {kib} on {ess}:
-
-. Add the email domains to the {cloud}/ec-organizations-notifications-domain-allowlist.html[notifications domain allowlist].
-+
---
-You do not need to take any more steps to configure an email connector or update
-{kib} user settings, since the preconfigured Elastic-Cloud-SMTP connector is
-used by default.
---
-
-For self-managed {kib}:
-
-. Create a preconfigured email connector.
-+
---
-NOTE: At this time, email notifications support only preconfigured connectors,
-which are defined in the `kibana.yml` file.
-For examples, refer to <<preconfigured-email-configuration>> and <<configuring-email>>.
---
-. Set the `notifications.connectors.default.email` {kib} setting to the name of
-your email connector.
-. If you want the email notifications to contain links back to the case, you
-must configure the <<server-publicBaseUrl,server.publicBaseUrl>> setting.
-
-When you subsequently add assignees to cases, they receive an email.
-// end::case-notifications[]
-
 [[manage-case]]
 === Manage cases
 

diff --git a/docs/management/cases/setup-cases.asciidoc b/docs/management/cases/setup-cases.asciidoc
@@ -13,7 +13,7 @@ privileges:
 |=== 
 
 | Action | {kib} privileges
-| Give full access to manage cases 
+| Give full access to manage cases and settings
 a|
 * `All` for the *Cases* feature under *Management*.
 * `All` for the *{connectors-feature}* feature under *Management*.

diff --git a/...re/server/integration_tests/saved_objects/migrations/group3/actions/actions_test_suite.ts b/...re/server/integration_tests/saved_objects/migrations/group3/actions/actions_test_suite.ts
@@ -1451,7 +1451,8 @@ export const runActionTestSuite = ({
     });
   });
 
-  describe('waitForPickupUpdatedMappingsTask', () => {
+  // FLAKY: https://github.com/elastic/kibana/issues/166199
+  describe.skip('waitForPickupUpdatedMappingsTask', () => {
     it('rejects if there are failures', async () => {
       const res = (await pickupUpdatedMappings(
         client,

diff --git a/x-pack/plugins/security_solution/server/usage/collector.ts b/x-pack/plugins/security_solution/server/usage/collector.ts
@@ -71,6 +71,13 @@ export const registerCollector: RegisterCollector = ({
                 type: 'long',
                 _meta: { description: 'Number of notifications enabled' },
               },
+              legacy_investigation_fields: {
+                type: 'long',
+                _meta: {
+                  description:
+                    'Number of rules using the legacy investigation fields type introduced only in 8.10 ESS',
+                },
+              },
             },
             threshold: {
               enabled: {
@@ -107,6 +114,13 @@ export const registerCollector: RegisterCollector = ({
                 type: 'long',
                 _meta: { description: 'Number of notifications enabled' },
               },
+              legacy_investigation_fields: {
+                type: 'long',
+                _meta: {
+                  description:
+                    'Number of rules using the legacy investigation fields type introduced only in 8.10 ESS',
+                },
+              },
             },
             eql: {
               enabled: { type: 'long', _meta: { description: 'Number of eql rules enabled' } },
@@ -135,6 +149,13 @@ export const registerCollector: RegisterCollector = ({
                 type: 'long',
                 _meta: { description: 'Number of notifications enabled' },
               },
+              legacy_investigation_fields: {
+                type: 'long',
+                _meta: {
+                  description:
+                    'Number of rules using the legacy investigation fields type introduced only in 8.10 ESS',
+                },
+              },
             },
             machine_learning: {
               enabled: {
@@ -171,6 +192,13 @@ export const registerCollector: RegisterCollector = ({
                 type: 'long',
                 _meta: { description: 'Number of notifications enabled' },
               },
+              legacy_investigation_fields: {
+                type: 'long',
+                _meta: {
+                  description:
+                    'Number of rules using the legacy investigation fields type introduced only in 8.10 ESS',
+                },
+              },
             },
             threat_match: {
               enabled: {
@@ -207,6 +235,13 @@ export const registerCollector: RegisterCollector = ({
                 type: 'long',
                 _meta: { description: 'Number of notifications enabled' },
               },
+              legacy_investigation_fields: {
+                type: 'long',
+                _meta: {
+                  description:
+                    'Number of rules using the legacy investigation fields type introduced only in 8.10 ESS',
+                },
+              },
             },
             new_terms: {
               enabled: {
@@ -243,6 +278,13 @@ export const registerCollector: RegisterCollector = ({
                 type: 'long',
                 _meta: { description: 'Number of notifications enabled' },
               },
+              legacy_investigation_fields: {
+                type: 'long',
+                _meta: {
+                  description:
+                    'Number of rules using the legacy investigation fields type introduced only in 8.10 ESS',
+                },
+              },
             },
             elastic_total: {
               enabled: { type: 'long', _meta: { description: 'Number of elastic rules enabled' } },
@@ -274,6 +316,13 @@ export const registerCollector: RegisterCollector = ({
                 type: 'long',
                 _meta: { description: 'Number of notifications enabled' },
               },
+              legacy_investigation_fields: {
+                type: 'long',
+                _meta: {
+                  description:
+                    'Number of rules using the legacy investigation fields type introduced only in 8.10 ESS',
+                },
+              },
             },
             custom_total: {
               enabled: { type: 'long', _meta: { description: 'Number of custom rules enabled' } },
@@ -302,6 +351,13 @@ export const registerCollector: RegisterCollector = ({
                 type: 'long',
                 _meta: { description: 'Number of notifications enabled' },
               },
+              legacy_investigation_fields: {
+                type: 'long',
+                _meta: {
+                  description:
+                    'Number of rules using the legacy investigation fields type introduced only in 8.10 ESS',
+                },
+              },
             },
           },
           detection_rule_detail: {

diff --git a/x-pack/plugins/security_solution/server/usage/detections/get_metrics.test.ts b/x-pack/plugins/security_solution/server/usage/detections/get_metrics.test.ts
@@ -99,6 +99,7 @@ describe('Detections Usage and Metrics', () => {
               updated_on: '2021-03-23T17:15:59.634Z',
               has_legacy_notification: false,
               has_notification: false,
+              has_legacy_investigation_field: false,
             },
           ],
           detection_rule_usage: {
@@ -112,6 +113,7 @@ describe('Detections Usage and Metrics', () => {
               legacy_notifications_disabled: 0,
               notifications_enabled: 0,
               notifications_disabled: 0,
+              legacy_investigation_fields: 0,
             },
             elastic_total: {
               alerts: 3400,
@@ -122,6 +124,7 @@ describe('Detections Usage and Metrics', () => {
               legacy_notifications_disabled: 0,
               notifications_enabled: 0,
               notifications_disabled: 0,
+              legacy_investigation_fields: 0,
             },
           },
         },
@@ -163,6 +166,7 @@ describe('Detections Usage and Metrics', () => {
               legacy_notifications_disabled: 0,
               notifications_enabled: 0,
               notifications_disabled: 0,
+              legacy_investigation_fields: 0,
             },
             query: {
               alerts: 800,
@@ -173,6 +177,7 @@ describe('Detections Usage and Metrics', () => {
               legacy_notifications_disabled: 0,
               notifications_enabled: 0,
               notifications_disabled: 0,
+              legacy_investigation_fields: 0,
             },
           },
         },
@@ -217,6 +222,7 @@ describe('Detections Usage and Metrics', () => {
               updated_on: '2021-03-23T17:15:59.634Z',
               has_legacy_notification: false,
               has_notification: false,
+              has_legacy_investigation_field: false,
             },
           ],
           detection_rule_usage: {
@@ -230,6 +236,7 @@ describe('Detections Usage and Metrics', () => {
               legacy_notifications_disabled: 0,
               notifications_enabled: 0,
               notifications_disabled: 0,
+              legacy_investigation_fields: 0,
             },
             query: {
               alerts: 0,
@@ -240,6 +247,7 @@ describe('Detections Usage and Metrics', () => {
               legacy_notifications_disabled: 0,
               notifications_enabled: 0,
               notifications_disabled: 0,
+              legacy_investigation_fields: 0,
             },
           },
         },