Merge branch 'main' into security/siem-migrations/11283-install-rules

.buildkite/ftr_platform_stateful_configs.yml

@@ -231,6 +231,7 @@ enabled:
   - x-pack/test/functional/apps/lens/group4/config.ts
   - x-pack/test/functional/apps/lens/group5/config.ts
   - x-pack/test/functional/apps/lens/group6/config.ts
+  - x-pack/test/functional/apps/lens/group7/config.ts
   - x-pack/test/functional/apps/lens/open_in_lens/tsvb/config.ts
   - x-pack/test/functional/apps/lens/open_in_lens/agg_based/config.ts
   - x-pack/test/functional/apps/lens/open_in_lens/dashboard/config.ts

.github/CODEOWNERS

@@ -620,7 +620,7 @@ packages/shared-ux/storybook/mock @elastic/appex-sharedux
 packages/shared-ux/table_persist @elastic/appex-sharedux
 src/core @elastic/kibana-core
 src/plugins/advanced_settings @elastic/appex-sharedux @elastic/kibana-management
-src/plugins/ai_assistant_management/selection @elastic/obs-knowledge-team
+src/plugins/ai_assistant_management/selection @elastic/obs-ai-assistant
 src/plugins/bfetch @elastic/appex-sharedux
 src/plugins/chart_expressions/common @elastic/kibana-visualizations
 src/plugins/chart_expressions/expression_gauge @elastic/kibana-visualizations
@@ -918,7 +918,7 @@ x-pack/plugins/monitoring @elastic/stack-monitoring
 x-pack/plugins/monitoring_collection @elastic/stack-monitoring
 x-pack/plugins/notifications @elastic/appex-sharedux
 x-pack/plugins/observability_solution/apm @elastic/obs-ux-infra_services-team
-x-pack/plugins/observability_solution/apm_data_access @elastic/obs-knowledge-team @elastic/obs-ux-infra_services-team
+x-pack/plugins/observability_solution/apm_data_access @elastic/obs-ux-infra_services-team
 x-pack/plugins/observability_solution/apm/ftr_e2e @elastic/obs-ux-infra_services-team
 x-pack/plugins/observability_solution/dataset_quality @elastic/obs-ux-logs-team
 x-pack/plugins/observability_solution/entities_data_access @elastic/obs-entities
@@ -929,10 +929,10 @@ x-pack/plugins/observability_solution/inventory @elastic/obs-ux-infra_services-t
 x-pack/plugins/observability_solution/inventory/e2e @elastic/obs-ux-infra_services-team
 x-pack/plugins/observability_solution/investigate @elastic/obs-ux-management-team
 x-pack/plugins/observability_solution/investigate_app @elastic/obs-ux-management-team
-x-pack/plugins/observability_solution/logs_data_access @elastic/obs-knowledge-team @elastic/obs-ux-logs-team
+x-pack/plugins/observability_solution/logs_data_access @elastic/obs-ux-logs-team
 x-pack/plugins/observability_solution/logs_explorer @elastic/obs-ux-logs-team
 x-pack/plugins/observability_solution/logs_shared @elastic/obs-ux-logs-team
-x-pack/plugins/observability_solution/metrics_data_access @elastic/obs-knowledge-team @elastic/obs-ux-infra_services-team
+x-pack/plugins/observability_solution/metrics_data_access @elastic/obs-ux-infra_services-team
 x-pack/plugins/observability_solution/observability @elastic/obs-ux-management-team
 x-pack/plugins/observability_solution/observability_ai_assistant @elastic/obs-ai-assistant
 x-pack/plugins/observability_solution/observability_ai_assistant_app @elastic/obs-ai-assistant

packages/kbn-server-route-repository-utils/src/format_request.test.ts

@@ -10,20 +10,21 @@
 import { formatRequest } from './format_request';
 
 describe('formatRequest', () => {
+  const version = 1;
   it('should return the correct path if the optional or required param is provided', () => {
     const pathParams = { param: 'testParam' };
-    const resultOptionalEnd = formatRequest('GET /api/endpoint/{param?}', pathParams);
+    const resultOptionalEnd = formatRequest(`GET /api/endpoint/{param?} ${version}`, pathParams);
     expect(resultOptionalEnd.pathname).toBe('/api/endpoint/testParam');
-    const resultRequiredEnd = formatRequest('GET /api/endpoint/{param}', pathParams);
+    const resultRequiredEnd = formatRequest(`GET /api/endpoint/{param} ${version}`, pathParams);
     expect(resultRequiredEnd.pathname).toBe('/api/endpoint/testParam');
   });
   it('should return the correct path if the only an optional param is provided', () => {
-    const resultOptEnd = formatRequest('GET /api/endpoint/{id?}', { id: 123 });
+    const resultOptEnd = formatRequest(`GET /api/endpoint/{id?} ${version}`, { id: 123 });
     expect(resultOptEnd.pathname).toBe('/api/endpoint/123');
   });
   it('should return the correct path if the optional param is not provided', () => {
     const pathParams = {};
-    const resultEnd = formatRequest('GET /api/endpoint/{pathParamReq?}', pathParams);
+    const resultEnd = formatRequest(`GET /api/endpoint/{pathParamReq?} ${version}`, pathParams);
     expect(resultEnd.pathname).toBe('/api/endpoint');
   });
 });

src/plugins/ai_assistant_management/selection/kibana.jsonc

@@ -1,9 +1,7 @@
 {
   "type": "plugin",
   "id": "@kbn/ai-assistant-management-plugin",
-  "owner": [
-    "@elastic/obs-knowledge-team"
-  ],
+  "owner": ["@elastic/obs-ai-assistant"],
   // This should probably be platform. While the code owner is currently observability, the package is a platform AI assistant selector.
   "group": "platform",
   "visibility": "shared",

src/plugins/console/public/application/containers/editor/monaco_editor_actions_provider.ts

@@ -411,13 +411,44 @@ export class MonacoEditorActionsProvider {
     return getDocumentationLinkFromAutocomplete(request, docLinkVersion);
   }
 
+  private isInsideMultilineComment(model: monaco.editor.ITextModel, lineNumber: number): boolean {
+    let insideComment = false;
+    for (let i = 1; i <= lineNumber; i++) {
+      const lineContent = model.getLineContent(i).trim();
+      if (lineContent.startsWith('/*')) {
+        insideComment = true;
+      }
+      if (lineContent.includes('*/')) {
+        insideComment = false;
+      }
+    }
+    return insideComment;
+  }
+
   private async getAutocompleteType(
     model: monaco.editor.ITextModel,
     { lineNumber, column }: monaco.Position
   ): Promise<AutocompleteType | null> {
+    // Get the content of the current line up until the cursor position
+    const currentLineContent = model.getLineContent(lineNumber);
+    const trimmedContent = currentLineContent.trim();
+
+    // If we are positioned inside a comment block, no autocomplete should be provided
+    if (
+      trimmedContent.startsWith('#') ||
+      trimmedContent.startsWith('//') ||
+      trimmedContent.startsWith('/*') ||
+      trimmedContent.startsWith('*') ||
+      trimmedContent.includes('*/') ||
+      this.isInsideMultilineComment(model, lineNumber)
+    ) {
+      return null;
+    }
+
     // get the current request on this line
     const currentRequests = await this.getRequestsBetweenLines(model, lineNumber, lineNumber);
     const currentRequest = currentRequests.at(0);
+
     // if there is no request, suggest method
     if (!currentRequest) {
       return AutocompleteType.METHOD;

test/functional/apps/console/_autocomplete.ts

@@ -399,5 +399,41 @@ GET _search
         expect(await PageObjects.console.getAutocompleteSuggestion(1)).to.be.eql(undefined);
       });
     });
+
+    describe('Autocomplete shouldnt trigger within', () => {
+      beforeEach(async () => {
+        await PageObjects.console.skipTourIfExists();
+        await PageObjects.console.clearEditorText();
+      });
+
+      it('a hash comment', async () => {
+        await PageObjects.console.enterText(`# GET /`);
+        await PageObjects.console.sleepForDebouncePeriod();
+
+        expect(PageObjects.console.isAutocompleteVisible()).to.be.eql(false);
+      });
+
+      it('a simple double slash comment', async () => {
+        await PageObjects.console.enterText(`// GET /`);
+        await PageObjects.console.sleepForDebouncePeriod();
+
+        expect(PageObjects.console.isAutocompleteVisible()).to.be.eql(false);
+      });
+
+      it('a single line block comment', async () => {
+        await PageObjects.console.enterText(`/* GET /`);
+        await PageObjects.console.sleepForDebouncePeriod();
+
+        expect(PageObjects.console.isAutocompleteVisible()).to.be.eql(false);
+      });
+
+      it('a multiline block comment', async () => {
+        await PageObjects.console.enterText(`/*
+          GET /`);
+        await PageObjects.console.sleepForDebouncePeriod();
+
+        expect(PageObjects.console.isAutocompleteVisible()).to.be.eql(false);
+      });
+    });
   });
 }

x-pack/packages/ai-infra/product-doc-common/src/indices.ts

@@ -7,9 +7,9 @@
 
 import type { ProductName } from './product';
 
-export const productDocIndexPrefix = '.kibana-ai-product-doc';
-export const productDocIndexPattern = `${productDocIndexPrefix}-*`;
+export const productDocIndexPrefix = '.kibana_ai_product_doc';
+export const productDocIndexPattern = `${productDocIndexPrefix}_*`;
 
 export const getProductDocIndexName = (productName: ProductName): string => {
-  return `${productDocIndexPrefix}-${productName.toLowerCase()}`;
+  return `${productDocIndexPrefix}_${productName.toLowerCase()}`;
 };

x-pack/plugins/observability_solution/apm_data_access/kibana.jsonc

@@ -1,10 +1,7 @@
 {
   "type": "plugin",
   "id": "@kbn/apm-data-access-plugin",
-  "owner": [
-    "@elastic/obs-knowledge-team",
-    "@elastic/obs-ux-infra_services-team"
-  ],
+  "owner": ["@elastic/obs-ux-infra_services-team"],
   "group": "observability",
   "visibility": "private",
   "plugin": {

x-pack/plugins/observability_solution/logs_data_access/kibana.jsonc

@@ -1,7 +1,7 @@
 {
   "type": "plugin",
   "id": "@kbn/logs-data-access-plugin",
-  "owner": ["@elastic/obs-knowledge-team", "@elastic/obs-ux-logs-team"],
+  "owner": ["@elastic/obs-ux-logs-team"],
   "plugin": {
     "id": "logsDataAccess",
     "server": true,

x-pack/plugins/observability_solution/metrics_data_access/kibana.jsonc

@@ -1,10 +1,7 @@
 {
   "type": "plugin",
   "id": "@kbn/metrics-data-access-plugin",
-  "owner": [
-    "@elastic/obs-knowledge-team",
-    "@elastic/obs-ux-infra_services-team"
-  ],
+  "owner": ["@elastic/obs-ux-infra_services-team"],
   "group": "observability",
   "visibility": "private",
   "description": "Exposes utilities for accessing metrics data",

x-pack/plugins/observability_solution/profiling/public/components/contexts/license/license_context.tsx

@@ -14,8 +14,8 @@ import { useProfilingDependencies } from '../profiling_dependencies/use_profilin
 
 export const LicenseContext = React.createContext<ILicense | undefined>(undefined);
 
-export function LicenseProvider({ children }: { children: React.ReactChild }) {
-  const { license$ } = useProfilingDependencies().setup.licensing;
+export function LicenseProvider({ children }: { children: React.ReactNode }) {
+  const { license$ } = useProfilingDependencies().start.licensing;
   const license = useObservable(license$);
   // if license is not loaded yet, consider it valid
   const hasInvalidLicense = license?.isActive === false;

x-pack/plugins/observability_solution/profiling/public/types.ts

@@ -18,7 +18,7 @@ import {
   ObservabilitySharedPluginStart,
 } from '@kbn/observability-shared-plugin/public/plugin';
 import { ChartsPluginSetup, ChartsPluginStart } from '@kbn/charts-plugin/public';
-import { LicensingPluginSetup } from '@kbn/licensing-plugin/public';
+import type { LicensingPluginStart } from '@kbn/licensing-plugin/public';
 import type { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public';
 import {
   ObservabilityAIAssistantPublicSetup,
@@ -36,7 +36,6 @@ export interface ProfilingPluginPublicSetupDeps {
   dataViews: DataViewsPublicPluginSetup;
   data: DataPublicPluginSetup;
   charts: ChartsPluginSetup;
-  licensing: LicensingPluginSetup;
   share: SharePluginSetup;
   unifiedSearch: UnifiedSearchPluginSetup;
 }
@@ -50,4 +49,5 @@ export interface ProfilingPluginPublicStartDeps {
   charts: ChartsPluginStart;
   share: SharePluginStart;
   unifiedSearch: UnifiedSearchPublicPluginStart;
+  licensing: LicensingPluginStart;
 }

x-pack/plugins/observability_solution/slo/README.md

@@ -20,3 +20,27 @@ See the [kibana contributing guide](https://github.com/elastic/kibana/blob/main/
   <dt><code>yarn plugin-helpers dev --watch</code></dt>
     <dd>Execute this to build your plugin ui browser side so Kibana could pick up when started in development</dd>
 </dl>
+
+
+## API Integration Tests
+The SLO tests are located under `x-pack/test/api_integration/deployment_agnostic/apis/observability/slo` folder. In order to run the SLO tests of your interest, you can grep accordingly. Use the commands below to run all SLO tests (`grep=SLO`) on stateful or serverless.
+
+### Stateful
+
+```
+# start server
+node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.stateful.config.ts
+
+# run tests
+node scripts/functional_test_runner --config x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.stateful.config.ts --grep=SLO
+```
+
+### Serverless
+
+```
+# start server
+node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
+
+# run tests
+node scripts/functional_test_runner --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts --grep=SLO
+```

x-pack/plugins/security_solution/docs/siem_migration/README.md

@@ -0,0 +1,17 @@
+# SIEM Migration Library
+
+## Migration Process
+
+The SIEM migration library defines a set of UI components and services that are used to migrate third party SIEM resources like detection rules and translate them into resources that can be used in the Elastic Security app.
+
+## Graphs:
+
+The below images are generated by running the following command from the security_solution directory:
+
+```bash
+yarn siem-migrations:graph:draw
+```
+
+Main agent graph:
+
+![Agent Graph](./img/agent_graph.png)

x-pack/plugins/security_solution/package.json

@@ -27,6 +27,7 @@
     "test:generate:serverless-dev": "NODE_TLS_REJECT_UNAUTHORIZED=0 node --no-warnings scripts/endpoint/resolver_generator --node https://elastic_serverless:changeme@127.0.0.1:9200 --kibana http://elastic_serverless:changeme@127.0.0.1:5601",
     "mappings:generate": "node scripts/mappings/mappings_generator",
     "mappings:load": "node scripts/mappings/mappings_loader",
+    "siem-migrations:graph:draw": "node scripts/siem_migration/draw_graphs",
     "junit:transform": "node scripts/junit_transformer --pathPattern '../../../target/kibana-security-solution/cypress/results/*.xml' --rootDirectory ../../../ --reportName 'Security Solution Cypress' --writeInPlace",
     "openapi:generate": "node scripts/openapi/generate",
     "openapi:generate:debug": "node --inspect-brk scripts/openapi/generate",
@@ -35,4 +36,4 @@
     "openapi:bundle:entity-analytics": "node scripts/openapi/bundle_entity_analytics",
     "openapi:bundle:endpoint-management": "node scripts/openapi/bundle_endpoint_management"
   }
-}
+}

x-pack/plugins/security_solution/scripts/siem_migration/draw_graphs.js

@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+require('../../../../../src/setup_node_env');
+require('./draw_graphs_script').draw();

x-pack/plugins/security_solution/scripts/siem_migration/draw_graphs_script.ts

@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { InferenceClient } from '@kbn/inference-plugin/server';
+import type {
+  ActionsClientChatOpenAI,
+  ActionsClientSimpleChatModel,
+} from '@kbn/langchain/server/language_models';
+import type { Logger } from '@kbn/logging';
+import { ToolingLog } from '@kbn/tooling-log';
+import { FakeLLM } from '@langchain/core/utils/testing';
+import fs from 'fs/promises';
+import path from 'path';
+import { getRuleMigrationAgent } from '../../server/lib/siem_migrations/rules/task/agent';
+import type { IntegrationRetriever } from '../../server/lib/siem_migrations/rules/task/util/integration_retriever';
+import type { PrebuiltRulesMapByName } from '../../server/lib/siem_migrations/rules/task/util/prebuilt_rules';
+import type { RuleResourceRetriever } from '../../server/lib/siem_migrations/rules/task/util/rule_resource_retriever';
+
+interface Drawable {
+  drawMermaidPng: () => Promise<Blob>;
+}
+
+const mockLlm = new FakeLLM({
+  response: JSON.stringify({}, null, 2),
+}) as unknown as ActionsClientChatOpenAI | ActionsClientSimpleChatModel;
+
+const inferenceClient = {} as InferenceClient;
+const connectorId = 'draw_graphs';
+const prebuiltRulesMap = {} as PrebuiltRulesMapByName;
+const resourceRetriever = {} as RuleResourceRetriever;
+const integrationRetriever = {} as IntegrationRetriever;
+
+const createLlmInstance = () => {
+  return mockLlm;
+};
+
+async function getAgentGraph(logger: Logger): Promise<Drawable> {
+  const model = createLlmInstance();
+  const graph = getRuleMigrationAgent({
+    model,
+    inferenceClient,
+    prebuiltRulesMap,
+    resourceRetriever,
+    integrationRetriever,
+    connectorId,
+    logger,
+  });
+  return graph.getGraphAsync({ xray: true });
+}
+
+export const drawGraph = async ({
+  getGraphAsync,
+  outputFilename,
+}: {
+  getGraphAsync: (logger: Logger) => Promise<Drawable>;
+  outputFilename: string;
+}) => {
+  const logger = new ToolingLog({
+    level: 'info',
+    writeTo: process.stdout,
+  }) as unknown as Logger;
+  logger.info('Compiling graph');
+  const outputPath = path.join(__dirname, outputFilename);
+  const graph = await getGraphAsync(logger);
+  const output = await graph.drawMermaidPng();
+  const buffer = Buffer.from(await output.arrayBuffer());
+  logger.info(`Writing graph to ${outputPath}`);
+  await fs.writeFile(outputPath, buffer);
+};
+
+export const draw = async () => {
+  await drawGraph({
+    getGraphAsync: getAgentGraph,
+    outputFilename: '../../docs/siem_migration/img/agent_graph.png',
+  });
+};