diff --git a/test/functional/apps/saved_objects_management/edit_saved_object.ts b/test/functional/apps/saved_objects_management/edit_saved_object.ts
index 0e2ff44ff62ef..aac6178b34e1d 100644
--- a/test/functional/apps/saved_objects_management/edit_saved_object.ts
+++ b/test/functional/apps/saved_objects_management/edit_saved_object.ts
@@ -67,7 +67,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
   };
 
   // Flaky: https://github.com/elastic/kibana/issues/68400
-  describe('saved objects edition page', () => {
+  describe.skip('saved objects edition page', () => {
     beforeEach(async () => {
       await esArchiver.load('saved_objects_management/edit_saved_object');
     });
diff --git a/test/functional/page_objects/login_page.ts b/test/functional/page_objects/login_page.ts
index 350ab8be1a274..c84f47a342155 100644
--- a/test/functional/page_objects/login_page.ts
+++ b/test/functional/page_objects/login_page.ts
@@ -7,76 +7,26 @@
  * not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *    http://www.apache.org/licenses/LICENSE-2.0
+ *    http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
+ * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 
-import { delay } from 'bluebird';
 import { FtrProviderContext } from '../ftr_provider_context';
 
 export function LoginPageProvider({ getService }: FtrProviderContext) {
   const testSubjects = getService('testSubjects');
-  const log = getService('log');
-  const find = getService('find');
-
-  const regularLogin = async (user: string, pwd: string) => {
-    await testSubjects.setValue('loginUsername', user);
-    await testSubjects.setValue('loginPassword', pwd);
-    await testSubjects.click('loginSubmit');
-    await find.waitForDeletedByCssSelector('.kibanaWelcomeLogo');
-    await find.byCssSelector('[data-test-subj="kibanaChrome"]', 60000); // 60 sec waiting
-  };
-
-  const samlLogin = async (user: string, pwd: string) => {
-    try {
-      await find.clickByButtonText('Login using SAML');
-      await find.setValue('input[name="email"]', user);
-      await find.setValue('input[type="password"]', pwd);
-      await find.clickByCssSelector('.auth0-label-submit');
-      await find.byCssSelector('[data-test-subj="kibanaChrome"]', 60000); // 60 sec waiting
-    } catch (err) {
-      log.debug(`${err} \nFailed to find Auth0 login page, trying the Auth0 last login page`);
-      await find.clickByCssSelector('.auth0-lock-social-button');
-    }
-  };
 
   class LoginPage {
     async login(user: string, pwd: string) {
-      if (
-        process.env.VM === 'ubuntu18_deb_oidc' ||
-        process.env.VM === 'ubuntu16_deb_desktop_saml'
-      ) {
-        await samlLogin(user, pwd);
-        return;
-      }
-
-      await regularLogin(user, pwd);
-    }
-
-    async logoutLogin(user: string, pwd: string) {
-      await this.logout();
-      await this.sleep(3002);
-      await this.login(user, pwd);
-    }
-
-    async logout() {
-      await testSubjects.click('userMenuButton');
-      await this.sleep(500);
-      await testSubjects.click('logoutLink');
-      log.debug('### found and clicked log out--------------------------');
-      await this.sleep(8002);
-    }
-
-    async sleep(sleepMilliseconds: number) {
-      log.debug(`... sleep(${sleepMilliseconds}) start`);
-      await delay(sleepMilliseconds);
-      log.debug(`... sleep(${sleepMilliseconds}) end`);
+      await testSubjects.setValue('loginUsername', user);
+      await testSubjects.setValue('loginPassword', pwd);
+      await testSubjects.click('loginSubmit');
     }
   }
 
diff --git a/x-pack/plugins/ingest_manager/common/types/models/epm.ts b/x-pack/plugins/ingest_manager/common/types/models/epm.ts
index a34038d4fba04..ab6a6c73843c5 100644
--- a/x-pack/plugins/ingest_manager/common/types/models/epm.ts
+++ b/x-pack/plugins/ingest_manager/common/types/models/epm.ts
@@ -229,7 +229,8 @@ export type PackageInfo = Installable<
 >;
 
 export interface Installation extends SavedObjectAttributes {
-  installed: AssetReference[];
+  installed_kibana: KibanaAssetReference[];
+  installed_es: EsAssetReference[];
   es_index_patterns: Record<string, string>;
   name: string;
   version: string;
@@ -246,19 +247,14 @@ export type NotInstalled<T = {}> = T & {
   status: InstallationStatus.notInstalled;
 };
 
-export type AssetReference = Pick<SavedObjectReference, 'id'> & {
-  type: AssetType | IngestAssetType;
-};
+export type AssetReference = KibanaAssetReference | EsAssetReference;
 
-/**
- * Types of assets which can be installed/removed
- */
-export enum IngestAssetType {
-  IlmPolicy = 'ilm_policy',
-  IndexTemplate = 'index_template',
-  ComponentTemplate = 'component_template',
-  IngestPipeline = 'ingest_pipeline',
-}
+export type KibanaAssetReference = Pick<SavedObjectReference, 'id'> & {
+  type: KibanaAssetType;
+};
+export type EsAssetReference = Pick<SavedObjectReference, 'id'> & {
+  type: ElasticsearchAssetType;
+};
 
 export enum DefaultPackages {
   system = 'system',
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/fleet/setup_page/index.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/fleet/setup_page/index.tsx
index e9c9ce0c513d2..ffd8591a642c1 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/fleet/setup_page/index.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/fleet/setup_page/index.tsx
@@ -4,6 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 import React, { useState } from 'react';
+import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n/react';
 import {
   EuiPageBody,
@@ -14,11 +15,39 @@ import {
   EuiTitle,
   EuiSpacer,
   EuiIcon,
+  EuiCallOut,
+  EuiFlexItem,
+  EuiFlexGroup,
+  EuiCode,
+  EuiCodeBlock,
+  EuiLink,
 } from '@elastic/eui';
 import { useCore, sendPostFleetSetup } from '../../../hooks';
 import { WithoutHeaderLayout } from '../../../layouts';
 import { GetFleetStatusResponse } from '../../../types';
 
+export const RequirementItem: React.FunctionComponent<{ isMissing: boolean }> = ({
+  isMissing,
+  children,
+}) => {
+  return (
+    <EuiFlexGroup gutterSize="s" alignItems="flexStart">
+      <EuiFlexItem grow={false}>
+        <EuiText>
+          {isMissing ? (
+            <EuiIcon type="crossInACircleFilled" color="danger" />
+          ) : (
+            <EuiIcon type="checkInCircleFilled" color="success" />
+          )}
+        </EuiText>
+      </EuiFlexItem>
+      <EuiFlexItem grow={false}>
+        <EuiText>{children}</EuiText>
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  );
+};
+
 export const SetupPage: React.FunctionComponent<{
   refresh: () => Promise<void>;
   missingRequirements: GetFleetStatusResponse['missing_requirements'];
@@ -26,8 +55,7 @@ export const SetupPage: React.FunctionComponent<{
   const [isFormLoading, setIsFormLoading] = useState<boolean>(false);
   const core = useCore();
 
-  const onSubmit = async (e: React.FormEvent<HTMLFormElement>) => {
-    e.preventDefault();
+  const onSubmit = async () => {
     setIsFormLoading(true);
     try {
       await sendPostFleetSetup({ forceRecreate: true });
@@ -38,84 +66,218 @@ export const SetupPage: React.FunctionComponent<{
     }
   };
 
-  const content =
-    missingRequirements.includes('tls_required') ||
-    missingRequirements.includes('api_keys') ||
-    missingRequirements.includes('encrypted_saved_object_encryption_key_required') ? (
-      <>
-        <EuiSpacer size="m" />
-        <EuiIcon type="lock" color="subdued" size="xl" />
-        <EuiSpacer size="m" />
-        <EuiTitle size="l">
-          <h2>
+  if (
+    !missingRequirements.includes('tls_required') &&
+    !missingRequirements.includes('api_keys') &&
+    !missingRequirements.includes('encrypted_saved_object_encryption_key_required')
+  ) {
+    return (
+      <WithoutHeaderLayout>
+        <EuiPageBody restrictWidth={548}>
+          <EuiPageContent
+            verticalPosition="center"
+            horizontalPosition="center"
+            className="eui-textCenter"
+            paddingSize="l"
+          >
+            <EuiSpacer size="m" />
+            <EuiIcon type="lock" color="subdued" size="xl" />
+            <EuiSpacer size="m" />
+            <EuiTitle size="l">
+              <h2>
+                <FormattedMessage
+                  id="xpack.ingestManager.setupPage.enableTitle"
+                  defaultMessage="Enable Fleet"
+                />
+              </h2>
+            </EuiTitle>
+            <EuiSpacer size="xl" />
+            <EuiText color="subdued">
+              <FormattedMessage
+                id="xpack.ingestManager.setupPage.enableText"
+                defaultMessage="In order to use Fleet, you must create an Elastic user. This user can create API keys
+        and write to logs-* and metrics-*."
+              />
+            </EuiText>
+            <EuiSpacer size="l" />
+            <EuiForm>
+              <EuiButton onClick={onSubmit} fill isLoading={isFormLoading} type="submit">
+                <FormattedMessage
+                  id="xpack.ingestManager.setupPage.enableFleet"
+                  defaultMessage="Create user and enable Fleet"
+                />
+              </EuiButton>
+            </EuiForm>
+            <EuiSpacer size="m" />
+          </EuiPageContent>
+        </EuiPageBody>
+      </WithoutHeaderLayout>
+    );
+  }
+
+  return (
+    <WithoutHeaderLayout>
+      <EuiPageBody restrictWidth={820}>
+        <EuiPageContent>
+          <EuiCallOut
+            title={i18n.translate('xpack.ingestManager.setupPage.missingRequirementsCalloutTitle', {
+              defaultMessage: 'Missing security requirements',
+            })}
+            color="warning"
+            iconType="alert"
+          >
             <FormattedMessage
-              id="xpack.ingestManager.setupPage.missingRequirementsTitle"
-              defaultMessage="Missing requirements"
+              id="xpack.ingestManager.setupPage.missingRequirementsCalloutDescription"
+              defaultMessage="In order to use Fleet, you must enable the following Elasticsearch and Kibana security features."
             />
-          </h2>
-        </EuiTitle>
-        <EuiSpacer size="xl" />
-        <EuiText color="subdued" textAlign={'left'}>
+          </EuiCallOut>
+          <EuiSpacer size="m" />
           <FormattedMessage
-            id="xpack.ingestManager.setupPage.missingRequirementsDescription"
-            defaultMessage="To use Fleet, you must enable the following features:
-          {space}- Enable Elasticsearch API keys.
-          {space}- Enable TLS to secure the communication between Agents and Kibana.
-          {space}- Set the encryption key for encrypted saved objects.
-          "
-            values={{
-              space: <EuiSpacer size="m" />,
-            }}
+            id="xpack.ingestManager.setupPage.missingRequirementsElasticsearchTitle"
+            defaultMessage="In your Elasticsearch configuration, enable:"
           />
-        </EuiText>
-        <EuiSpacer size="l" />
-      </>
-    ) : (
-      <>
-        <EuiSpacer size="m" />
-        <EuiIcon type="lock" color="subdued" size="xl" />
-        <EuiSpacer size="m" />
-        <EuiTitle size="l">
-          <h2>
+          <EuiSpacer size="l" />
+          <RequirementItem isMissing={false}>
+            <FormattedMessage
+              id="xpack.ingestManager.setupPage.elasticsearchSecurityFlagText"
+              defaultMessage="{esSecurityLink}. Set {securityFlag} to {true} ."
+              values={{
+                esSecurityLink: (
+                  <EuiLink
+                    href="https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-security.html"
+                    target="_blank"
+                    external
+                  >
+                    <FormattedMessage
+                      id="xpack.ingestManager.setupPage.elasticsearchSecurityLink"
+                      defaultMessage="Elasticsearch security"
+                    />
+                  </EuiLink>
+                ),
+                securityFlag: <EuiCode>xpack.security.enabled</EuiCode>,
+                true: <EuiCode>true</EuiCode>,
+              }}
+            />
+          </RequirementItem>
+          <EuiSpacer size="s" />
+          <RequirementItem isMissing={missingRequirements.includes('api_keys')}>
             <FormattedMessage
-              id="xpack.ingestManager.setupPage.enableTitle"
-              defaultMessage="Enable Fleet"
+              id="xpack.ingestManager.setupPage.elasticsearchApiKeyFlagText"
+              defaultMessage="{apiKeyLink}. Set {apiKeyFlag} to {true} ."
+              values={{
+                apiKeyFlag: <EuiCode>xpack.security.authc.api_key.enabled</EuiCode>,
+                true: <EuiCode>true</EuiCode>,
+                apiKeyLink: (
+                  <EuiLink
+                    href="https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#api-key-service-settings"
+                    target="_blank"
+                    external
+                  >
+                    <FormattedMessage
+                      id="xpack.ingestManager.setupPage.apiKeyServiceLink"
+                      defaultMessage="API key service"
+                    />
+                  </EuiLink>
+                ),
+              }}
             />
-          </h2>
-        </EuiTitle>
-        <EuiSpacer size="xl" />
-        <EuiText color="subdued">
+          </RequirementItem>
+          <EuiSpacer size="m" />
+          <EuiCodeBlock isCopyable={true}>
+            {`xpack.security.enabled: true
+xpack.security.authc.api_key.enabled: true`}
+          </EuiCodeBlock>
+          <EuiSpacer size="l" />
           <FormattedMessage
-            id="xpack.ingestManager.setupPage.enableText"
-            defaultMessage="In order to use Fleet, you must create an Elastic user. This user can create API keys
-        and write to logs-* and metrics-*."
+            id="xpack.ingestManager.setupPage.missingRequirementsKibanaTitle"
+            defaultMessage="In your Kibana configuration, enable:"
+          />
+          <EuiSpacer size="l" />
+          <RequirementItem isMissing={missingRequirements.includes('tls_required')}>
+            <FormattedMessage
+              id="xpack.ingestManager.setupPage.tlsFlagText"
+              defaultMessage="{kibanaSecurityLink}. Set {securityFlag} to {true}. For development purposes, you can disable {tlsLink} by setting {tlsFlag} to {true} as an unsafe alternative."
+              values={{
+                kibanaSecurityLink: (
+                  <EuiLink
+                    href="https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html"
+                    target="_blank"
+                    external
+                  >
+                    <FormattedMessage
+                      id="xpack.ingestManager.setupPage.kibanaSecurityLink"
+                      defaultMessage="Kibana security"
+                    />
+                  </EuiLink>
+                ),
+                securityFlag: <EuiCode>xpack.security.enabled</EuiCode>,
+                tlsLink: (
+                  <EuiLink
+                    href="https://www.elastic.co/guide/en/kibana/current/configuring-tls.html"
+                    target="_blank"
+                    external
+                  >
+                    <FormattedMessage
+                      id="xpack.ingestManager.setupPage.tlsLink"
+                      defaultMessage="TLS"
+                    />
+                  </EuiLink>
+                ),
+                tlsFlag: <EuiCode>xpack.ingestManager.fleet.tlsCheckDisabled</EuiCode>,
+                true: <EuiCode>true</EuiCode>,
+              }}
+            />
+          </RequirementItem>
+          <EuiSpacer size="s" />
+          <RequirementItem
+            isMissing={missingRequirements.includes(
+              'encrypted_saved_object_encryption_key_required'
+            )}
+          >
+            <FormattedMessage
+              id="xpack.ingestManager.setupPage.encryptionKeyFlagText"
+              defaultMessage="{encryptionKeyLink}. Set {keyFlag} to any alphanumeric value of at least 32 characters."
+              values={{
+                encryptionKeyLink: (
+                  <EuiLink
+                    href="https://www.elastic.co/guide/en/kibana/current/ingest-manager-settings-kb.html"
+                    target="_blank"
+                    external
+                  >
+                    <FormattedMessage
+                      id="xpack.ingestManager.setupPage.kibanaEncryptionLink"
+                      defaultMessage="Kibana encryption key"
+                    />
+                  </EuiLink>
+                ),
+                keyFlag: <EuiCode>xpack.encryptedSavedObjects.encryptionKey</EuiCode>,
+              }}
+            />
+          </RequirementItem>
+          <EuiSpacer size="m" />
+          <EuiCodeBlock isCopyable={true}>
+            {`xpack.security.enabled: true
+xpack.encryptedSavedObjects.encryptionKey: "something_at_least_32_characters"`}
+          </EuiCodeBlock>
+          <EuiSpacer size="l" />
+          <FormattedMessage
+            id="xpack.ingestManager.setupPage.gettingStartedText"
+            defaultMessage="For more information, read our {link} guide."
+            values={{
+              link: (
+                <EuiLink
+                  href="https://www.elastic.co/guide/en/ingest-management/current/index.html"
+                  target="_blank"
+                  external
+                >
+                  <FormattedMessage
+                    id="xpack.ingestManager.setupPage.gettingStartedLink"
+                    defaultMessage="Getting Started"
+                  />
+                </EuiLink>
+              ),
+            }}
           />
-        </EuiText>
-        <EuiSpacer size="l" />
-        <EuiForm>
-          <form onSubmit={onSubmit}>
-            <EuiButton fill isLoading={isFormLoading} type="submit">
-              <FormattedMessage
-                id="xpack.ingestManager.setupPage.enableFleet"
-                defaultMessage="Create user and enable Fleet"
-              />
-            </EuiButton>
-          </form>
-        </EuiForm>
-        <EuiSpacer size="m" />
-      </>
-    );
-
-  return (
-    <WithoutHeaderLayout>
-      <EuiPageBody restrictWidth={548}>
-        <EuiPageContent
-          verticalPosition="center"
-          horizontalPosition="center"
-          className="eui-textCenter"
-          paddingSize="l"
-        >
-          {content}
         </EuiPageContent>
       </EuiPageBody>
     </WithoutHeaderLayout>
diff --git a/x-pack/plugins/ingest_manager/server/routes/data_streams/handlers.ts b/x-pack/plugins/ingest_manager/server/routes/data_streams/handlers.ts
index 2c65b08a68700..df37aeb27c75c 100644
--- a/x-pack/plugins/ingest_manager/server/routes/data_streams/handlers.ts
+++ b/x-pack/plugins/ingest_manager/server/routes/data_streams/handlers.ts
@@ -122,7 +122,7 @@ export const getListHandler: RequestHandler = async (context, request, response)
       if (pkg !== '' && pkgSavedObject.length > 0 && !packageMetadata[pkg]) {
         // then pick the dashboards from the package saved object
         const dashboards =
-          pkgSavedObject[0].attributes?.installed?.filter(
+          pkgSavedObject[0].attributes?.installed_kibana?.filter(
             (o) => o.type === KibanaAssetType.dashboard
           ) || [];
         // and then pick the human-readable titles from the dashboard saved objects
diff --git a/x-pack/plugins/ingest_manager/server/routes/epm/handlers.ts b/x-pack/plugins/ingest_manager/server/routes/epm/handlers.ts
index fe813f29b72e6..f54e61280b98a 100644
--- a/x-pack/plugins/ingest_manager/server/routes/epm/handlers.ts
+++ b/x-pack/plugins/ingest_manager/server/routes/epm/handlers.ts
@@ -5,6 +5,7 @@
  */
 import { TypeOf } from '@kbn/config-schema';
 import { RequestHandler, CustomHttpResponseOptions } from 'src/core/server';
+import { appContextService } from '../../services';
 import {
   GetInfoResponse,
   InstallPackageResponse,
@@ -29,6 +30,7 @@ import {
   installPackage,
   removeInstallation,
   getLimitedPackages,
+  getInstallationObject,
 } from '../../services/epm/packages';
 
 export const getCategoriesHandler: RequestHandler<
@@ -146,10 +148,12 @@ export const getInfoHandler: RequestHandler<TypeOf<typeof GetInfoRequestSchema.p
 export const installPackageHandler: RequestHandler<TypeOf<
   typeof InstallPackageRequestSchema.params
 >> = async (context, request, response) => {
+  const logger = appContextService.getLogger();
+  const savedObjectsClient = context.core.savedObjects.client;
+  const callCluster = context.core.elasticsearch.legacy.client.callAsCurrentUser;
+  const { pkgkey } = request.params;
+  const [pkgName, pkgVersion] = pkgkey.split('-');
   try {
-    const { pkgkey } = request.params;
-    const savedObjectsClient = context.core.savedObjects.client;
-    const callCluster = context.core.elasticsearch.legacy.client.callAsCurrentUser;
     const res = await installPackage({
       savedObjectsClient,
       pkgkey,
@@ -161,6 +165,17 @@ export const installPackageHandler: RequestHandler<TypeOf<
     };
     return response.ok({ body });
   } catch (e) {
+    try {
+      const installedPkg = await getInstallationObject({ savedObjectsClient, pkgName });
+      const isUpdate = installedPkg && installedPkg.attributes.version < pkgVersion ? true : false;
+      // if this is a failed install, remove any assets installed
+      if (!isUpdate) {
+        await removeInstallation({ savedObjectsClient, pkgkey, callCluster });
+      }
+    } catch (error) {
+      logger.error(`could not remove assets from failed installation attempt for ${pkgkey}`);
+    }
+
     if (e.isBoom) {
       return response.customError({
         statusCode: e.output.statusCode,
diff --git a/x-pack/plugins/ingest_manager/server/saved_objects/index.ts b/x-pack/plugins/ingest_manager/server/saved_objects/index.ts
index 4c58ac57a54a2..aa2b73194067a 100644
--- a/x-pack/plugins/ingest_manager/server/saved_objects/index.ts
+++ b/x-pack/plugins/ingest_manager/server/saved_objects/index.ts
@@ -249,7 +249,14 @@ const savedObjectTypes: { [key: string]: SavedObjectsType } = {
           enabled: false,
           type: 'object',
         },
-        installed: {
+        installed_es: {
+          type: 'nested',
+          properties: {
+            id: { type: 'keyword' },
+            type: { type: 'keyword' },
+          },
+        },
+        installed_kibana: {
           type: 'nested',
           properties: {
             id: { type: 'keyword' },
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/ingest_pipeline/index.ts b/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/ingest_pipeline/index.ts
new file mode 100644
index 0000000000000..6450f7303dd88
--- /dev/null
+++ b/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/ingest_pipeline/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export { installPipelines } from './install';
+
+export { deletePipelines, deletePipeline } from './remove';
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/ingest_pipeline/install.ts b/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/ingest_pipeline/install.ts
index 0865ee5d59e57..878cecf644032 100644
--- a/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/ingest_pipeline/install.ts
+++ b/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/ingest_pipeline/install.ts
@@ -4,15 +4,16 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { SavedObjectsClientContract } from 'src/core/server';
 import {
-  AssetReference,
+  EsAssetReference,
   Dataset,
   ElasticsearchAssetType,
-  IngestAssetType,
   RegistryPackage,
 } from '../../../../types';
 import * as Registry from '../../registry';
 import { CallESAsCurrentUser } from '../../../../types';
+import { saveInstalledEsRefs } from '../../packages/install';
 
 interface RewriteSubstitution {
   source: string;
@@ -23,12 +24,16 @@ interface RewriteSubstitution {
 export const installPipelines = async (
   registryPackage: RegistryPackage,
   paths: string[],
-  callCluster: CallESAsCurrentUser
+  callCluster: CallESAsCurrentUser,
+  savedObjectsClient: SavedObjectsClientContract
 ) => {
+  // unlike other ES assets, pipeline names are versioned so after a template is updated
+  // it can be created pointing to the new template, without removing the old one and effecting data
+  // so do not remove the currently installed pipelines here
   const datasets = registryPackage.datasets;
   const pipelinePaths = paths.filter((path) => isPipeline(path));
   if (datasets) {
-    const pipelines = datasets.reduce<Array<Promise<AssetReference[]>>>((acc, dataset) => {
+    const pipelines = datasets.reduce<Array<Promise<EsAssetReference[]>>>((acc, dataset) => {
       if (dataset.ingest_pipeline) {
         acc.push(
           installPipelinesForDataset({
@@ -41,7 +46,8 @@ export const installPipelines = async (
       }
       return acc;
     }, []);
-    return Promise.all(pipelines).then((results) => results.flat());
+    const pipelinesToSave = await Promise.all(pipelines).then((results) => results.flat());
+    return saveInstalledEsRefs(savedObjectsClient, registryPackage.name, pipelinesToSave);
   }
   return [];
 };
@@ -77,7 +83,7 @@ export async function installPipelinesForDataset({
   pkgVersion: string;
   paths: string[];
   dataset: Dataset;
-}): Promise<AssetReference[]> {
+}): Promise<EsAssetReference[]> {
   const pipelinePaths = paths.filter((path) => isDatasetPipeline(path, dataset.path));
   let pipelines: any[] = [];
   const substitutions: RewriteSubstitution[] = [];
@@ -123,7 +129,7 @@ async function installPipeline({
 }: {
   callCluster: CallESAsCurrentUser;
   pipeline: any;
-}): Promise<AssetReference> {
+}): Promise<EsAssetReference> {
   const callClusterParams: {
     method: string;
     path: string;
@@ -146,7 +152,7 @@ async function installPipeline({
   // which we could otherwise use.
   // See src/core/server/elasticsearch/api_types.ts for available endpoints.
   await callCluster('transport.request', callClusterParams);
-  return { id: pipeline.nameForInstallation, type: IngestAssetType.IngestPipeline };
+  return { id: pipeline.nameForInstallation, type: ElasticsearchAssetType.ingestPipeline };
 }
 
 const isDirectory = ({ path }: Registry.ArchiveEntry) => path.endsWith('/');
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/ingest_pipeline/remove.ts b/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/ingest_pipeline/remove.ts
new file mode 100644
index 0000000000000..8be3a1beab392
--- /dev/null
+++ b/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/ingest_pipeline/remove.ts
@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { SavedObjectsClientContract } from 'src/core/server';
+import { appContextService } from '../../../';
+import { CallESAsCurrentUser, ElasticsearchAssetType } from '../../../../types';
+import { getInstallation } from '../../packages/get';
+import { PACKAGES_SAVED_OBJECT_TYPE } from '../../../../../common';
+
+export const deletePipelines = async (
+  callCluster: CallESAsCurrentUser,
+  savedObjectsClient: SavedObjectsClientContract,
+  pkgName: string,
+  pkgVersion: string
+) => {
+  const logger = appContextService.getLogger();
+  const previousPipelinesPattern = `*-${pkgName}.*-${pkgVersion}`;
+
+  try {
+    await deletePipeline(callCluster, previousPipelinesPattern);
+  } catch (e) {
+    logger.error(e);
+  }
+  try {
+    await deletePipelineRefs(savedObjectsClient, pkgName, pkgVersion);
+  } catch (e) {
+    logger.error(e);
+  }
+};
+
+export const deletePipelineRefs = async (
+  savedObjectsClient: SavedObjectsClientContract,
+  pkgName: string,
+  pkgVersion: string
+) => {
+  const installation = await getInstallation({ savedObjectsClient, pkgName });
+  if (!installation) return;
+  const installedEsAssets = installation.installed_es;
+  const filteredAssets = installedEsAssets.filter(({ type, id }) => {
+    if (type !== ElasticsearchAssetType.ingestPipeline) return true;
+    if (!id.includes(pkgVersion)) return true;
+    return false;
+  });
+  return savedObjectsClient.update(PACKAGES_SAVED_OBJECT_TYPE, pkgName, {
+    installed_es: filteredAssets,
+  });
+};
+export async function deletePipeline(callCluster: CallESAsCurrentUser, id: string): Promise<void> {
+  // '*' shouldn't ever appear here, but it still would delete all ingest pipelines
+  if (id && id !== '*') {
+    try {
+      await callCluster('ingest.deletePipeline', { id });
+    } catch (err) {
+      throw new Error(`error deleting pipeline ${id}`);
+    }
+  }
+}
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/template/install.ts b/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/template/install.ts
index e14645bbbf5fb..436a6a1bdc55d 100644
--- a/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/template/install.ts
+++ b/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/template/install.ts
@@ -5,6 +5,7 @@
  */
 
 import Boom from 'boom';
+import { SavedObjectsClientContract } from 'src/core/server';
 import {
   Dataset,
   RegistryPackage,
@@ -17,13 +18,14 @@ import { Field, loadFieldsFromYaml, processFields } from '../../fields/field';
 import { getPipelineNameForInstallation } from '../ingest_pipeline/install';
 import { generateMappings, generateTemplateName, getTemplate } from './template';
 import * as Registry from '../../registry';
+import { removeAssetsFromInstalledEsByType, saveInstalledEsRefs } from '../../packages/install';
 
 export const installTemplates = async (
   registryPackage: RegistryPackage,
+  isUpdate: boolean,
   callCluster: CallESAsCurrentUser,
-  pkgName: string,
-  pkgVersion: string,
-  paths: string[]
+  paths: string[],
+  savedObjectsClient: SavedObjectsClientContract
 ): Promise<TemplateRef[]> => {
   // install any pre-built index template assets,
   // atm, this is only the base package's global index templates
@@ -31,6 +33,12 @@ export const installTemplates = async (
   await installPreBuiltComponentTemplates(paths, callCluster);
   await installPreBuiltTemplates(paths, callCluster);
 
+  // remove package installation's references to index templates
+  await removeAssetsFromInstalledEsByType(
+    savedObjectsClient,
+    registryPackage.name,
+    ElasticsearchAssetType.indexTemplate
+  );
   // build templates per dataset from yml files
   const datasets = registryPackage.datasets;
   if (datasets) {
@@ -46,7 +54,17 @@ export const installTemplates = async (
     }, []);
 
     const res = await Promise.all(installTemplatePromises);
-    return res.flat();
+    const installedTemplates = res.flat();
+    // get template refs to save
+    const installedTemplateRefs = installedTemplates.map((template) => ({
+      id: template.templateName,
+      type: ElasticsearchAssetType.indexTemplate,
+    }));
+
+    // add package installation's references to index templates
+    await saveInstalledEsRefs(savedObjectsClient, registryPackage.name, installedTemplateRefs);
+
+    return installedTemplates;
   }
   return [];
 };
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/template/template.ts b/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/template/template.ts
index 77ad96952269f..b907c735d2630 100644
--- a/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/template/template.ts
+++ b/x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/template/template.ts
@@ -326,9 +326,10 @@ export const updateCurrentWriteIndices = async (
   callCluster: CallESAsCurrentUser,
   templates: TemplateRef[]
 ): Promise<void> => {
-  if (!templates) return;
+  if (!templates.length) return;
 
   const allIndices = await queryIndicesFromTemplates(callCluster, templates);
+  if (!allIndices.length) return;
   return updateAllIndices(allIndices, callCluster);
 };
 
@@ -358,12 +359,12 @@ const getIndices = async (
     method: 'GET',
     path: `/_data_stream/${templateName}-*`,
   });
-  if (res.length) {
-    return res.map((datastream: any) => ({
-      indexName: datastream.indices[datastream.indices.length - 1].index_name,
-      indexTemplate,
-    }));
-  }
+  const dataStreams = res.data_streams;
+  if (!dataStreams.length) return;
+  return dataStreams.map((dataStream: any) => ({
+    indexName: dataStream.indices[dataStream.indices.length - 1].index_name,
+    indexTemplate,
+  }));
 };
 
 const updateAllIndices = async (
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/kibana/assets/install.ts b/x-pack/plugins/ingest_manager/server/services/epm/kibana/assets/install.ts
new file mode 100644
index 0000000000000..2a743f244e64d
--- /dev/null
+++ b/x-pack/plugins/ingest_manager/server/services/epm/kibana/assets/install.ts
@@ -0,0 +1,126 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import {
+  SavedObject,
+  SavedObjectsBulkCreateObject,
+  SavedObjectsClientContract,
+} from 'src/core/server';
+import { PACKAGES_SAVED_OBJECT_TYPE } from '../../../../../common';
+import * as Registry from '../../registry';
+import { AssetType, KibanaAssetType, AssetReference } from '../../../../types';
+import { deleteKibanaSavedObjectsAssets } from '../../packages/remove';
+import { getInstallationObject, savedObjectTypes } from '../../packages';
+import { saveInstalledKibanaRefs } from '../../packages/install';
+
+type SavedObjectToBe = Required<SavedObjectsBulkCreateObject> & { type: AssetType };
+export type ArchiveAsset = Pick<
+  SavedObject,
+  'id' | 'attributes' | 'migrationVersion' | 'references'
+> & {
+  type: AssetType;
+};
+
+export async function getKibanaAsset(key: string) {
+  const buffer = Registry.getAsset(key);
+
+  // cache values are buffers. convert to string / JSON
+  return JSON.parse(buffer.toString('utf8'));
+}
+
+export function createSavedObjectKibanaAsset(asset: ArchiveAsset): SavedObjectToBe {
+  // convert that to an object
+  return {
+    type: asset.type,
+    id: asset.id,
+    attributes: asset.attributes,
+    references: asset.references || [],
+    migrationVersion: asset.migrationVersion || {},
+  };
+}
+
+// TODO: make it an exhaustive list
+// e.g. switch statement with cases for each enum key returning `never` for default case
+export async function installKibanaAssets(options: {
+  savedObjectsClient: SavedObjectsClientContract;
+  pkgName: string;
+  paths: string[];
+  isUpdate: boolean;
+}): Promise<AssetReference[]> {
+  const { savedObjectsClient, paths, pkgName, isUpdate } = options;
+
+  if (isUpdate) {
+    // delete currently installed kibana saved objects and installation references
+    const installedPkg = await getInstallationObject({ savedObjectsClient, pkgName });
+    const installedKibanaRefs = installedPkg?.attributes.installed_kibana;
+
+    if (installedKibanaRefs?.length) {
+      await deleteKibanaSavedObjectsAssets(savedObjectsClient, installedKibanaRefs);
+      await deleteKibanaInstalledRefs(savedObjectsClient, pkgName, installedKibanaRefs);
+    }
+  }
+
+  // install the new assets and save installation references
+  const kibanaAssetTypes = Object.values(KibanaAssetType);
+  const installationPromises = kibanaAssetTypes.map((assetType) =>
+    installKibanaSavedObjects({ savedObjectsClient, assetType, paths })
+  );
+  // installKibanaSavedObjects returns AssetReference[], so .map creates AssetReference[][]
+  // call .flat to flatten into one dimensional array
+  const newInstalledKibanaAssets = await Promise.all(installationPromises).then((results) =>
+    results.flat()
+  );
+  await saveInstalledKibanaRefs(savedObjectsClient, pkgName, newInstalledKibanaAssets);
+  return newInstalledKibanaAssets;
+}
+export const deleteKibanaInstalledRefs = async (
+  savedObjectsClient: SavedObjectsClientContract,
+  pkgName: string,
+  installedKibanaRefs: AssetReference[]
+) => {
+  const installedAssetsToSave = installedKibanaRefs.filter(({ id, type }) => {
+    const assetType = type as AssetType;
+    return !savedObjectTypes.includes(assetType);
+  });
+
+  return savedObjectsClient.update(PACKAGES_SAVED_OBJECT_TYPE, pkgName, {
+    installed_kibana: installedAssetsToSave,
+  });
+};
+
+async function installKibanaSavedObjects({
+  savedObjectsClient,
+  assetType,
+  paths,
+}: {
+  savedObjectsClient: SavedObjectsClientContract;
+  assetType: KibanaAssetType;
+  paths: string[];
+}) {
+  const isSameType = (path: string) => assetType === Registry.pathParts(path).type;
+  const pathsOfType = paths.filter((path) => isSameType(path));
+  const kibanaAssets = await Promise.all(pathsOfType.map((path) => getKibanaAsset(path)));
+  const toBeSavedObjects = await Promise.all(
+    kibanaAssets.map((asset) => createSavedObjectKibanaAsset(asset))
+  );
+
+  if (toBeSavedObjects.length === 0) {
+    return [];
+  } else {
+    const createResults = await savedObjectsClient.bulkCreate(toBeSavedObjects, {
+      overwrite: true,
+    });
+    const createdObjects = createResults.saved_objects;
+    const installed = createdObjects.map(toAssetReference);
+    return installed;
+  }
+}
+
+function toAssetReference({ id, type }: SavedObject) {
+  const reference: AssetReference = { id, type: type as KibanaAssetType };
+
+  return reference;
+}
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/packages/get_objects.ts b/x-pack/plugins/ingest_manager/server/services/epm/packages/get_objects.ts
deleted file mode 100644
index b623295c5e060..0000000000000
--- a/x-pack/plugins/ingest_manager/server/services/epm/packages/get_objects.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-
-import { SavedObject, SavedObjectsBulkCreateObject } from 'src/core/server';
-import { AssetType } from '../../../types';
-import * as Registry from '../registry';
-
-type ArchiveAsset = Pick<SavedObject, 'attributes' | 'migrationVersion' | 'references'>;
-type SavedObjectToBe = Required<SavedObjectsBulkCreateObject> & { type: AssetType };
-
-export async function getObject(key: string) {
-  const buffer = Registry.getAsset(key);
-
-  // cache values are buffers. convert to string / JSON
-  const json = buffer.toString('utf8');
-  // convert that to an object
-  const asset: ArchiveAsset = JSON.parse(json);
-
-  const { type, file } = Registry.pathParts(key);
-  const savedObject: SavedObjectToBe = {
-    type,
-    id: file.replace('.json', ''),
-    attributes: asset.attributes,
-    references: asset.references || [],
-    migrationVersion: asset.migrationVersion || {},
-  };
-
-  return savedObject;
-}
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/packages/index.ts b/x-pack/plugins/ingest_manager/server/services/epm/packages/index.ts
index 4bb803dfaf912..57c4f77432455 100644
--- a/x-pack/plugins/ingest_manager/server/services/epm/packages/index.ts
+++ b/x-pack/plugins/ingest_manager/server/services/epm/packages/index.ts
@@ -23,7 +23,7 @@ export {
   SearchParams,
 } from './get';
 
-export { installKibanaAssets, installPackage, ensureInstalledPackage } from './install';
+export { installPackage, ensureInstalledPackage } from './install';
 export { removeInstallation } from './remove';
 
 type RequiredPackage = 'system' | 'endpoint';
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/packages/install.ts b/x-pack/plugins/ingest_manager/server/services/epm/packages/install.ts
index 910283549abdf..35c5b58a93710 100644
--- a/x-pack/plugins/ingest_manager/server/services/epm/packages/install.ts
+++ b/x-pack/plugins/ingest_manager/server/services/epm/packages/install.ts
@@ -4,27 +4,27 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { SavedObject, SavedObjectsClientContract } from 'src/core/server';
+import { SavedObjectsClientContract } from 'src/core/server';
 import Boom from 'boom';
 import { PACKAGES_SAVED_OBJECT_TYPE } from '../../../constants';
 import {
   AssetReference,
   Installation,
-  KibanaAssetType,
   CallESAsCurrentUser,
   DefaultPackages,
+  AssetType,
+  KibanaAssetReference,
+  EsAssetReference,
   ElasticsearchAssetType,
-  IngestAssetType,
 } from '../../../types';
 import { installIndexPatterns } from '../kibana/index_pattern/install';
 import * as Registry from '../registry';
-import { getObject } from './get_objects';
 import { getInstallation, getInstallationObject, isRequiredPackage } from './index';
 import { installTemplates } from '../elasticsearch/template/install';
 import { generateESIndexPatterns } from '../elasticsearch/template/template';
-import { installPipelines } from '../elasticsearch/ingest_pipeline/install';
+import { installPipelines, deletePipelines } from '../elasticsearch/ingest_pipeline/';
 import { installILMPolicy } from '../elasticsearch/ilm/install';
-import { deleteAssetsByType, deleteKibanaSavedObjectsAssets } from './remove';
+import { installKibanaAssets } from '../kibana/assets/install';
 import { updateCurrentWriteIndices } from '../elasticsearch/template/template';
 
 export async function installLatestPackage(options: {
@@ -92,127 +92,113 @@ export async function installPackage(options: {
   const { savedObjectsClient, pkgkey, callCluster } = options;
   // TODO: change epm API to /packageName/version so we don't need to do this
   const [pkgName, pkgVersion] = pkgkey.split('-');
-  const paths = await Registry.getArchiveInfo(pkgName, pkgVersion);
-  // see if some version of this package is already installed
   // TODO: calls to getInstallationObject, Registry.fetchInfo, and Registry.fetchFindLatestPackge
   // and be replaced by getPackageInfo after adjusting for it to not group/use archive assets
-  const installedPkg = await getInstallationObject({ savedObjectsClient, pkgName });
-  const registryPackageInfo = await Registry.fetchInfo(pkgName, pkgVersion);
   const latestPackage = await Registry.fetchFindLatestPackage(pkgName);
 
   if (pkgVersion < latestPackage.version)
     throw Boom.badRequest('Cannot install or update to an out-of-date package');
 
+  const paths = await Registry.getArchiveInfo(pkgName, pkgVersion);
+  const registryPackageInfo = await Registry.fetchInfo(pkgName, pkgVersion);
+
+  // get the currently installed package
+  const installedPkg = await getInstallationObject({ savedObjectsClient, pkgName });
+  const isUpdate = installedPkg && installedPkg.attributes.version < pkgVersion ? true : false;
+
   const reinstall = pkgVersion === installedPkg?.attributes.version;
   const removable = !isRequiredPackage(pkgName);
   const { internal = false } = registryPackageInfo;
+  const toSaveESIndexPatterns = generateESIndexPatterns(registryPackageInfo.datasets);
 
-  // delete the previous version's installation's SO kibana assets before installing new ones
-  // in case some assets were removed in the new version
-  if (installedPkg) {
-    try {
-      await deleteKibanaSavedObjectsAssets(savedObjectsClient, installedPkg.attributes.installed);
-    } catch (err) {
-      // log these errors, some assets may not exist if deleted during a failed update
-    }
-  }
-
-  const [installedKibanaAssets, installedPipelines] = await Promise.all([
-    installKibanaAssets({
+  // add the package installation to the saved object
+  if (!installedPkg) {
+    await createInstallation({
       savedObjectsClient,
       pkgName,
       pkgVersion,
-      paths,
-    }),
-    installPipelines(registryPackageInfo, paths, callCluster),
-    // index patterns and ilm policies are not currently associated with a particular package
-    // so we do not save them in the package saved object state.
-    installIndexPatterns(savedObjectsClient, pkgName, pkgVersion),
-    // currenly only the base package has an ILM policy
-    // at some point ILM policies can be installed/modified
-    // per dataset and we should then save them
-    installILMPolicy(paths, callCluster),
-  ]);
+      internal,
+      removable,
+      installed_kibana: [],
+      installed_es: [],
+      toSaveESIndexPatterns,
+    });
+  }
 
-  // install or update the templates
+  const installIndexPatternPromise = installIndexPatterns(savedObjectsClient, pkgName, pkgVersion);
+  const installKibanaAssetsPromise = installKibanaAssets({
+    savedObjectsClient,
+    pkgName,
+    paths,
+    isUpdate,
+  });
+
+  // the rest of the installation must happen in sequential order
+
+  // currently only the base package has an ILM policy
+  // at some point ILM policies can be installed/modified
+  // per dataset and we should then save them
+  await installILMPolicy(paths, callCluster);
+
+  // installs versionized pipelines without removing currently installed ones
+  const installedPipelines = await installPipelines(
+    registryPackageInfo,
+    paths,
+    callCluster,
+    savedObjectsClient
+  );
+  // install or update the templates referencing the newly installed pipelines
   const installedTemplates = await installTemplates(
     registryPackageInfo,
+    isUpdate,
     callCluster,
-    pkgName,
-    pkgVersion,
-    paths
+    paths,
+    savedObjectsClient
   );
-  const toSaveESIndexPatterns = generateESIndexPatterns(registryPackageInfo.datasets);
 
+  // update current backing indices of each data stream
+  await updateCurrentWriteIndices(callCluster, installedTemplates);
+
+  // if this is an update, delete the previous version's pipelines
+  if (installedPkg && !reinstall) {
+    await deletePipelines(
+      callCluster,
+      savedObjectsClient,
+      pkgName,
+      installedPkg.attributes.version
+    );
+  }
+
+  // update to newly installed version when all assets are successfully installed
+  if (isUpdate) await updateVersion(savedObjectsClient, pkgName, pkgVersion);
   // get template refs to save
   const installedTemplateRefs = installedTemplates.map((template) => ({
     id: template.templateName,
-    type: IngestAssetType.IndexTemplate,
+    type: ElasticsearchAssetType.indexTemplate,
   }));
-
-  if (installedPkg) {
-    // update current index for every index template created
-    await updateCurrentWriteIndices(callCluster, installedTemplates);
-    if (!reinstall) {
-      try {
-        // delete the previous version's installation's pipelines
-        // this must happen after the template is updated
-        await deleteAssetsByType({
-          savedObjectsClient,
-          callCluster,
-          installedObjects: installedPkg.attributes.installed,
-          assetType: ElasticsearchAssetType.ingestPipeline,
-        });
-      } catch (err) {
-        throw new Error(err.message);
-      }
-    }
-  }
-  const toSaveAssetRefs: AssetReference[] = [
-    ...installedKibanaAssets,
-    ...installedPipelines,
-    ...installedTemplateRefs,
-  ];
-  // Save references to installed assets in the package's saved object state
-  return saveInstallationReferences({
-    savedObjectsClient,
-    pkgName,
-    pkgVersion,
-    internal,
-    removable,
-    toSaveAssetRefs,
-    toSaveESIndexPatterns,
-  });
-}
-
-// TODO: make it an exhaustive list
-// e.g. switch statement with cases for each enum key returning `never` for default case
-export async function installKibanaAssets(options: {
-  savedObjectsClient: SavedObjectsClientContract;
-  pkgName: string;
-  pkgVersion: string;
-  paths: string[];
-}) {
-  const { savedObjectsClient, paths } = options;
-
-  // Only install Kibana assets during package installation.
-  const kibanaAssetTypes = Object.values(KibanaAssetType);
-  const installationPromises = kibanaAssetTypes.map(async (assetType) =>
-    installKibanaSavedObjects({ savedObjectsClient, assetType, paths })
-  );
-
-  // installKibanaSavedObjects returns AssetReference[], so .map creates AssetReference[][]
-  // call .flat to flatten into one dimensional array
-  return Promise.all(installationPromises).then((results) => results.flat());
+  const [installedKibanaAssets] = await Promise.all([
+    installKibanaAssetsPromise,
+    installIndexPatternPromise,
+  ]);
+  return [...installedKibanaAssets, ...installedPipelines, ...installedTemplateRefs];
 }
-
-export async function saveInstallationReferences(options: {
+const updateVersion = async (
+  savedObjectsClient: SavedObjectsClientContract,
+  pkgName: string,
+  pkgVersion: string
+) => {
+  return savedObjectsClient.update(PACKAGES_SAVED_OBJECT_TYPE, pkgName, {
+    version: pkgVersion,
+  });
+};
+export async function createInstallation(options: {
   savedObjectsClient: SavedObjectsClientContract;
   pkgName: string;
   pkgVersion: string;
   internal: boolean;
   removable: boolean;
-  toSaveAssetRefs: AssetReference[];
+  installed_kibana: KibanaAssetReference[];
+  installed_es: EsAssetReference[];
   toSaveESIndexPatterns: Record<string, string>;
 }) {
   const {
@@ -221,14 +207,15 @@ export async function saveInstallationReferences(options: {
     pkgVersion,
     internal,
     removable,
-    toSaveAssetRefs,
+    installed_kibana: installedKibana,
+    installed_es: installedEs,
     toSaveESIndexPatterns,
   } = options;
-
   await savedObjectsClient.create<Installation>(
     PACKAGES_SAVED_OBJECT_TYPE,
     {
-      installed: toSaveAssetRefs,
+      installed_kibana: installedKibana,
+      installed_es: installedEs,
       es_index_patterns: toSaveESIndexPatterns,
       name: pkgName,
       version: pkgVersion,
@@ -237,37 +224,46 @@ export async function saveInstallationReferences(options: {
     },
     { id: pkgName, overwrite: true }
   );
-
-  return toSaveAssetRefs;
+  return [...installedKibana, ...installedEs];
 }
 
-async function installKibanaSavedObjects({
-  savedObjectsClient,
-  assetType,
-  paths,
-}: {
-  savedObjectsClient: SavedObjectsClientContract;
-  assetType: KibanaAssetType;
-  paths: string[];
-}) {
-  const isSameType = (path: string) => assetType === Registry.pathParts(path).type;
-  const pathsOfType = paths.filter((path) => isSameType(path));
-  const toBeSavedObjects = await Promise.all(pathsOfType.map(getObject));
+export const saveInstalledKibanaRefs = async (
+  savedObjectsClient: SavedObjectsClientContract,
+  pkgName: string,
+  installedAssets: AssetReference[]
+) => {
+  await savedObjectsClient.update(PACKAGES_SAVED_OBJECT_TYPE, pkgName, {
+    installed_kibana: installedAssets,
+  });
+  return installedAssets;
+};
 
-  if (toBeSavedObjects.length === 0) {
-    return [];
-  } else {
-    const createResults = await savedObjectsClient.bulkCreate(toBeSavedObjects, {
-      overwrite: true,
-    });
-    const createdObjects = createResults.saved_objects;
-    const installed = createdObjects.map(toAssetReference);
-    return installed;
-  }
-}
+export const saveInstalledEsRefs = async (
+  savedObjectsClient: SavedObjectsClientContract,
+  pkgName: string,
+  installedAssets: EsAssetReference[]
+) => {
+  const installedPkg = await getInstallationObject({ savedObjectsClient, pkgName });
+  const installedAssetsToSave = installedPkg?.attributes.installed_es.concat(installedAssets);
+  await savedObjectsClient.update(PACKAGES_SAVED_OBJECT_TYPE, pkgName, {
+    installed_es: installedAssetsToSave,
+  });
+  return installedAssets;
+};
 
-function toAssetReference({ id, type }: SavedObject) {
-  const reference: AssetReference = { id, type: type as KibanaAssetType };
+export const removeAssetsFromInstalledEsByType = async (
+  savedObjectsClient: SavedObjectsClientContract,
+  pkgName: string,
+  assetType: AssetType
+) => {
+  const installedPkg = await getInstallationObject({ savedObjectsClient, pkgName });
+  const installedAssets = installedPkg?.attributes.installed_es;
+  if (!installedAssets?.length) return;
+  const installedAssetsToSave = installedAssets?.filter(({ id, type }) => {
+    return type !== assetType;
+  });
 
-  return reference;
-}
+  return savedObjectsClient.update(PACKAGES_SAVED_OBJECT_TYPE, pkgName, {
+    installed_es: installedAssetsToSave,
+  });
+};
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/packages/remove.ts b/x-pack/plugins/ingest_manager/server/services/epm/packages/remove.ts
index 94af672d8e29f..81bc5847e6c0e 100644
--- a/x-pack/plugins/ingest_manager/server/services/epm/packages/remove.ts
+++ b/x-pack/plugins/ingest_manager/server/services/epm/packages/remove.ts
@@ -10,8 +10,9 @@ import { PACKAGES_SAVED_OBJECT_TYPE, PACKAGE_CONFIG_SAVED_OBJECT_TYPE } from '..
 import { AssetReference, AssetType, ElasticsearchAssetType } from '../../../types';
 import { CallESAsCurrentUser } from '../../../types';
 import { getInstallation, savedObjectTypes } from './index';
+import { deletePipeline } from '../elasticsearch/ingest_pipeline/';
 import { installIndexPatterns } from '../kibana/index_pattern/install';
-import { packageConfigService } from '../..';
+import { packageConfigService, appContextService } from '../..';
 
 export async function removeInstallation(options: {
   savedObjectsClient: SavedObjectsClientContract;
@@ -25,7 +26,6 @@ export async function removeInstallation(options: {
   if (!installation) throw Boom.badRequest(`${pkgName} is not installed`);
   if (installation.removable === false)
     throw Boom.badRequest(`${pkgName} is installed by default and cannot be removed`);
-  const installedObjects = installation.installed || [];
 
   const { total } = await packageConfigService.list(savedObjectsClient, {
     kuery: `${PACKAGE_CONFIG_SAVED_OBJECT_TYPE}.package.name:${pkgName}`,
@@ -38,48 +38,40 @@ export async function removeInstallation(options: {
       `unable to remove package with existing package config(s) in use by agent(s)`
     );
 
-  // Delete the manager saved object with references to the asset objects
-  // could also update with [] or some other state
-  await savedObjectsClient.delete(PACKAGES_SAVED_OBJECT_TYPE, pkgName);
-
   // recreate or delete index patterns when a package is uninstalled
   await installIndexPatterns(savedObjectsClient);
 
-  // Delete the installed asset
-  await deleteAssets(installedObjects, savedObjectsClient, callCluster);
+  // Delete the installed assets
+  const installedAssets = [...installation.installed_kibana, ...installation.installed_es];
+  await deleteAssets(installedAssets, savedObjectsClient, callCluster);
+
+  // Delete the manager saved object with references to the asset objects
+  // could also update with [] or some other state
+  await savedObjectsClient.delete(PACKAGES_SAVED_OBJECT_TYPE, pkgName);
 
   // successful delete's in SO client return {}. return something more useful
-  return installedObjects;
+  return installedAssets;
 }
 async function deleteAssets(
   installedObjects: AssetReference[],
   savedObjectsClient: SavedObjectsClientContract,
   callCluster: CallESAsCurrentUser
 ) {
+  const logger = appContextService.getLogger();
   const deletePromises = installedObjects.map(async ({ id, type }) => {
     const assetType = type as AssetType;
     if (savedObjectTypes.includes(assetType)) {
-      savedObjectsClient.delete(assetType, id);
+      return savedObjectsClient.delete(assetType, id);
     } else if (assetType === ElasticsearchAssetType.ingestPipeline) {
-      deletePipeline(callCluster, id);
+      return deletePipeline(callCluster, id);
     } else if (assetType === ElasticsearchAssetType.indexTemplate) {
-      deleteTemplate(callCluster, id);
+      return deleteTemplate(callCluster, id);
     }
   });
   try {
     await Promise.all([...deletePromises]);
   } catch (err) {
-    throw new Error(err.message);
-  }
-}
-async function deletePipeline(callCluster: CallESAsCurrentUser, id: string): Promise<void> {
-  // '*' shouldn't ever appear here, but it still would delete all ingest pipelines
-  if (id && id !== '*') {
-    try {
-      await callCluster('ingest.deletePipeline', { id });
-    } catch (err) {
-      throw new Error(`error deleting pipeline ${id}`);
-    }
+    logger.error(err);
   }
 }
 
@@ -108,31 +100,14 @@ async function deleteTemplate(callCluster: CallESAsCurrentUser, name: string): P
   }
 }
 
-export async function deleteAssetsByType({
-  savedObjectsClient,
-  callCluster,
-  installedObjects,
-  assetType,
-}: {
-  savedObjectsClient: SavedObjectsClientContract;
-  callCluster: CallESAsCurrentUser;
-  installedObjects: AssetReference[];
-  assetType: ElasticsearchAssetType;
-}) {
-  const toDelete = installedObjects.filter((asset) => asset.type === assetType);
-  try {
-    await deleteAssets(toDelete, savedObjectsClient, callCluster);
-  } catch (err) {
-    throw new Error(err.message);
-  }
-}
-
 export async function deleteKibanaSavedObjectsAssets(
   savedObjectsClient: SavedObjectsClientContract,
   installedObjects: AssetReference[]
 ) {
+  const logger = appContextService.getLogger();
   const deletePromises = installedObjects.map(({ id, type }) => {
     const assetType = type as AssetType;
+
     if (savedObjectTypes.includes(assetType)) {
       return savedObjectsClient.delete(assetType, id);
     }
@@ -140,6 +115,6 @@ export async function deleteKibanaSavedObjectsAssets(
   try {
     await Promise.all(deletePromises);
   } catch (err) {
-    throw new Error('error deleting saved object asset');
+    logger.warn(err);
   }
 }
diff --git a/x-pack/plugins/ingest_manager/server/types/index.tsx b/x-pack/plugins/ingest_manager/server/types/index.tsx
index a559ca18cfede..5d0683a37dc5e 100644
--- a/x-pack/plugins/ingest_manager/server/types/index.tsx
+++ b/x-pack/plugins/ingest_manager/server/types/index.tsx
@@ -43,8 +43,9 @@ export {
   Dataset,
   RegistryElasticsearch,
   AssetReference,
+  EsAssetReference,
+  KibanaAssetReference,
   ElasticsearchAssetType,
-  IngestAssetType,
   RegistryPackage,
   AssetType,
   Installable,
diff --git a/x-pack/plugins/lists/server/routes/create_exception_list_item_route.ts b/x-pack/plugins/lists/server/routes/create_exception_list_item_route.ts
index 375d25c6fa5f8..c331eeb4bd2d0 100644
--- a/x-pack/plugins/lists/server/routes/create_exception_list_item_route.ts
+++ b/x-pack/plugins/lists/server/routes/create_exception_list_item_route.ts
@@ -16,6 +16,7 @@ import {
 } from '../../common/schemas';
 
 import { getExceptionListClient } from './utils/get_exception_list_client';
+import { endpointDisallowedFields } from './endpoint_disallowed_fields';
 
 export const createExceptionListItemRoute = (router: IRouter): void => {
   router.post(
@@ -70,6 +71,22 @@ export const createExceptionListItemRoute = (router: IRouter): void => {
               statusCode: 409,
             });
           } else {
+            if (exceptionList.type === 'endpoint') {
+              for (const entry of entries) {
+                if (entry.type === 'list') {
+                  return siemResponse.error({
+                    body: `cannot add exception item with entry of type "list" to endpoint exception list`,
+                    statusCode: 400,
+                  });
+                }
+                if (endpointDisallowedFields.includes(entry.field)) {
+                  return siemResponse.error({
+                    body: `cannot add endpoint exception item on field ${entry.field}`,
+                    statusCode: 400,
+                  });
+                }
+              }
+            }
             const createdList = await exceptionLists.createExceptionListItem({
               _tags,
               comments,
diff --git a/x-pack/plugins/lists/server/routes/endpoint_disallowed_fields.ts b/x-pack/plugins/lists/server/routes/endpoint_disallowed_fields.ts
new file mode 100644
index 0000000000000..cf3389351f61d
--- /dev/null
+++ b/x-pack/plugins/lists/server/routes/endpoint_disallowed_fields.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export const endpointDisallowedFields = [
+  'file.Ext.quarantine_path',
+  'file.Ext.quarantine_result',
+  'process.entity_id',
+  'process.parent.entity_id',
+  'process.ancestry',
+];
diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_export.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_export.spec.ts
index eb8448233c624..adc09cc96b24c 100644
--- a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_export.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_export.spec.ts
@@ -17,7 +17,7 @@ import { DETECTIONS_URL } from '../urls/navigation';
 
 const EXPECTED_EXPORTED_RULE_FILE_PATH = 'cypress/test_files/expected_rules_export.ndjson';
 
-describe('Export rules', () => {
+describe.skip('Export rules', () => {
   before(() => {
     esArchiverLoad('export_rule');
     cy.server();
diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_prebuilt.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_prebuilt.spec.ts
index 986a7c7177a79..00ddc85a73650 100644
--- a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_prebuilt.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_prebuilt.spec.ts
@@ -67,7 +67,8 @@ describe('Alerts rules, prebuilt rules', () => {
   });
 });
 
-describe('Deleting prebuilt rules', () => {
+// https://github.com/elastic/kibana/issues/71814
+describe.skip('Deleting prebuilt rules', () => {
   beforeEach(() => {
     const expectedNumberOfRules = totalNumberOfPrebuiltRules;
     const expectedElasticRulesBtnText = `Elastic rules (${expectedNumberOfRules})`;
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/test_mock_utils.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/test_mock_utils.ts
index 963b7922a7bff..b5c67cc2c2014 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/test_mock_utils.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/test_mock_utils.ts
@@ -9,7 +9,8 @@ import { INGEST_API_PACKAGE_CONFIGS, INGEST_API_EPM_PACKAGES } from './services/
 import { EndpointDocGenerator } from '../../../../../../common/endpoint/generate_data';
 import { GetPolicyListResponse } from '../../types';
 import {
-  AssetReference,
+  KibanaAssetReference,
+  EsAssetReference,
   GetPackagesResponse,
   InstallationStatus,
 } from '../../../../../../../ingest_manager/common';
@@ -43,26 +44,28 @@ export const apiPathMockResponseProviders = {
             type: 'epm-packages',
             id: 'endpoint',
             attributes: {
-              installed: [
+              installed_kibana: [
                 { id: '826759f0-7074-11ea-9bc8-6b38f4d29a16', type: 'dashboard' },
                 { id: '1cfceda0-728b-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
                 { id: '1e525190-7074-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
                 { id: '55387750-729c-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
                 { id: '92b1edc0-706a-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
                 { id: 'a3a3bd10-706b-11ea-9bc8-6b38f4d29a16', type: 'map' },
-                { id: 'logs-endpoint.alerts', type: 'index-template' },
-                { id: 'events-endpoint', type: 'index-template' },
-                { id: 'logs-endpoint.events.file', type: 'index-template' },
-                { id: 'logs-endpoint.events.library', type: 'index-template' },
-                { id: 'metrics-endpoint.metadata', type: 'index-template' },
-                { id: 'metrics-endpoint.metadata_mirror', type: 'index-template' },
-                { id: 'logs-endpoint.events.network', type: 'index-template' },
-                { id: 'metrics-endpoint.policy', type: 'index-template' },
-                { id: 'logs-endpoint.events.process', type: 'index-template' },
-                { id: 'logs-endpoint.events.registry', type: 'index-template' },
-                { id: 'logs-endpoint.events.security', type: 'index-template' },
-                { id: 'metrics-endpoint.telemetry', type: 'index-template' },
-              ] as AssetReference[],
+              ] as KibanaAssetReference[],
+              installed_es: [
+                { id: 'logs-endpoint.alerts', type: 'index_template' },
+                { id: 'events-endpoint', type: 'index_template' },
+                { id: 'logs-endpoint.events.file', type: 'index_template' },
+                { id: 'logs-endpoint.events.library', type: 'index_template' },
+                { id: 'metrics-endpoint.metadata', type: 'index_template' },
+                { id: 'metrics-endpoint.metadata_mirror', type: 'index_template' },
+                { id: 'logs-endpoint.events.network', type: 'index_template' },
+                { id: 'metrics-endpoint.policy', type: 'index_template' },
+                { id: 'logs-endpoint.events.process', type: 'index_template' },
+                { id: 'logs-endpoint.events.registry', type: 'index_template' },
+                { id: 'logs-endpoint.events.security', type: 'index_template' },
+                { id: 'metrics-endpoint.telemetry', type: 'index_template' },
+              ] as EsAssetReference[],
               es_index_patterns: {
                 alerts: 'logs-endpoint.alerts-*',
                 events: 'events-endpoint-*',
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 88a809d533821..09ca1c9494e25 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -8363,8 +8363,6 @@
     "xpack.ingestManager.setupPage.enableFleet": "ユーザーを作成してフリートを有効にます",
     "xpack.ingestManager.setupPage.enableText": "フリートを使用するには、Elasticユーザーを作成する必要があります。このユーザーは、APIキーを作成して、logs-*およびmetrics-*に書き込むことができます。",
     "xpack.ingestManager.setupPage.enableTitle": "フリートを有効にする",
-    "xpack.ingestManager.setupPage.missingRequirementsDescription": "Fleetを使用するには、次の機能を有効にする必要があります。{space}- Elasticsearch APIキーを有効にします。{space}- TLSを有効にして、エージェントKibanaの間の通信を保護します。 ",
-    "xpack.ingestManager.setupPage.missingRequirementsTitle": "見つからない要件",
     "xpack.ingestManager.unenrollAgents.confirmModal.cancelButtonLabel": "キャンセル",
     "xpack.ingestManager.unenrollAgents.confirmModal.confirmButtonLabel": "登録解除",
     "xpack.ingestManager.unenrollAgents.confirmModal.deleteMultipleTitle": "{count, plural, one {# エージェント} other {# エージェント}}の登録を解除しますか？",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 4bf30f6742a03..1e7eba38d4b4c 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -8367,8 +8367,6 @@
     "xpack.ingestManager.setupPage.enableFleet": "创建用户并启用 Fleet",
     "xpack.ingestManager.setupPage.enableText": "要使用 Fleet，必须创建 Elastic 用户。此用户可以创建 API 密钥并写入到 logs-* and metrics-*。",
     "xpack.ingestManager.setupPage.enableTitle": "启用 Fleet",
-    "xpack.ingestManager.setupPage.missingRequirementsDescription": "要使用 Fleet，必须启用以下功能：{space}- 启用 Elasticsearch API 密钥。{space}- 启用 TLS 以保护代理和 Kibana 之间的通信。 ",
-    "xpack.ingestManager.setupPage.missingRequirementsTitle": "缺失的要求",
     "xpack.ingestManager.unenrollAgents.confirmModal.cancelButtonLabel": "取消",
     "xpack.ingestManager.unenrollAgents.confirmModal.confirmButtonLabel": "取消注册",
     "xpack.ingestManager.unenrollAgents.confirmModal.deleteMultipleTitle": "取消注册 {count, plural, one {# 个代理} other {# 个代理}}？",
diff --git a/x-pack/test/api_integration/apis/index.js b/x-pack/test/api_integration/apis/index.js
index 3f3294c85d6df..aeea062bdb85d 100644
--- a/x-pack/test/api_integration/apis/index.js
+++ b/x-pack/test/api_integration/apis/index.js
@@ -31,5 +31,6 @@ export default function ({ loadTestFile }) {
     loadTestFile(require.resolve('./transform'));
     loadTestFile(require.resolve('./endpoint'));
     loadTestFile(require.resolve('./ingest_manager'));
+    loadTestFile(require.resolve('./lists'));
   });
 }
diff --git a/x-pack/test/api_integration/apis/lists/create_exception_list_item.ts b/x-pack/test/api_integration/apis/lists/create_exception_list_item.ts
new file mode 100644
index 0000000000000..41f2a2dd2e3f5
--- /dev/null
+++ b/x-pack/test/api_integration/apis/lists/create_exception_list_item.ts
@@ -0,0 +1,72 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import expect from '@kbn/expect/expect.js';
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function ({ getService }: FtrProviderContext) {
+  const esArchiver = getService('esArchiver');
+  const supertest = getService('supertest');
+  describe('Lists API', () => {
+    before(async () => await esArchiver.load('lists'));
+
+    after(async () => await esArchiver.unload('lists'));
+
+    it('should return a 400 if an endpoint exception item with a list-based entry is provided', async () => {
+      const badItem = {
+        namespace_type: 'agnostic',
+        description: 'bad endpoint item for testing',
+        name: 'bad endpoint item',
+        list_id: 'endpoint_list',
+        type: 'simple',
+        entries: [
+          {
+            type: 'list',
+            field: 'some.field',
+            operator: 'included',
+            list: {
+              id: 'somelist',
+              type: 'keyword',
+            },
+          },
+        ],
+      };
+      const { body } = await supertest
+        .post(`/api/exception_lists/items`)
+        .set('kbn-xsrf', 'xxx')
+        .send(badItem)
+        .expect(400);
+      expect(body.message).to.eql(
+        'cannot add exception item with entry of type "list" to endpoint exception list'
+      );
+    });
+
+    it('should return a 400 if endpoint exception entry has disallowed field', async () => {
+      const fieldName = 'file.Ext.quarantine_path';
+      const badItem = {
+        namespace_type: 'agnostic',
+        description: 'bad endpoint item for testing',
+        name: 'bad endpoint item',
+        list_id: 'endpoint_list',
+        type: 'simple',
+        entries: [
+          {
+            type: 'match',
+            field: fieldName,
+            operator: 'included',
+            value: 'doesnt matter',
+          },
+        ],
+      };
+      const { body } = await supertest
+        .post(`/api/exception_lists/items`)
+        .set('kbn-xsrf', 'xxx')
+        .send(badItem)
+        .expect(400);
+      expect(body.message).to.eql(`cannot add endpoint exception item on field ${fieldName}`);
+    });
+  });
+}
diff --git a/x-pack/test/api_integration/apis/lists/index.ts b/x-pack/test/api_integration/apis/lists/index.ts
new file mode 100644
index 0000000000000..73523c13bfc0a
--- /dev/null
+++ b/x-pack/test/api_integration/apis/lists/index.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function listsAPIIntegrationTests({ loadTestFile }: FtrProviderContext) {
+  describe('Lists plugin', function () {
+    this.tags(['lists']);
+    loadTestFile(require.resolve('./create_exception_list_item'));
+  });
+}
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/add_prepackaged_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/add_prepackaged_rules.ts
index 04564fc00ec2f..16218aef5f0f0 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/add_prepackaged_rules.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/add_prepackaged_rules.ts
@@ -15,7 +15,8 @@ export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const es = getService('es');
 
-  describe('add_prepackaged_rules', () => {
+  // https://github.com/elastic/kibana/issues/71814
+  describe.skip('add_prepackaged_rules', () => {
     describe('validation errors', () => {
       it('should give an error that the index must exist first if it does not exist before adding prepackaged rules', async () => {
         const { body } = await supertest
diff --git a/x-pack/test/functional/es_archives/lists/data.json b/x-pack/test/functional/es_archives/lists/data.json
new file mode 100644
index 0000000000000..eabc721f4887e
--- /dev/null
+++ b/x-pack/test/functional/es_archives/lists/data.json
@@ -0,0 +1,85 @@
+{
+  "type": "doc",
+  "value": {
+    "id": "exception-list-agnostic:1",
+    "index": ".kibana",
+    "source": {
+      "type": "exception-list-agnostic",
+      "exception-list-agnostic": {
+        "_tags": [
+          "endpoint",
+          "process",
+          "malware",
+          "os:linux"
+        ],
+        "created_at": "2020-04-23T00:19:13.289Z",
+        "created_by": "user_name",
+        "description": "This is a sample endpoint type exception list",
+        "list_id": "endpoint_list",
+        "list_type": "list",
+        "name": "Sample Endpoint Exception List",
+        "tags": [
+          "user added string for a tag",
+          "malware"
+        ],
+        "tie_breaker_id": "77fd1909-6786-428a-a671-30229a719c1f",
+        "type": "endpoint",
+        "updated_by": "user_name"
+      }
+    }
+  }
+}
+
+{
+  "type": "doc",
+  "value": {
+    "id": "exception-list-agnostic:2",
+    "index": ".kibana",
+    "source": {
+      "type": "exception-list-agnostic",
+      "exception-list-agnostic": {
+        "_tags": [
+          "endpoint",
+          "process",
+          "malware",
+          "os:linux"
+        ],
+        "comments": [],
+        "created_at": "2020-04-23T00:19:13.289Z",
+        "created_by": "user_name",
+        "description": "This is a sample endpoint type exception",
+        "entries": [
+          {
+            "entries": [
+              {
+                "field": "nested.field",
+                "operator": "included",
+                "type": "match",
+                "value": "some value"
+              }
+            ],
+            "field": "some.parentField",
+            "type": "nested"
+          },
+          {
+            "field": "some.not.nested.field",
+            "operator": "included",
+            "type": "match",
+            "value": "some value"
+          }
+        ],
+        "item_id": "endpoint_list_item",
+        "list_id": "endpoint_list",
+        "list_type": "item",
+        "name": "Sample Endpoint Exception List",
+        "tags": [
+          "user added string for a tag",
+          "malware"
+        ],
+        "tie_breaker_id": "77fd1909-6786-428a-a671-30229a719c1f",
+        "type": "simple",
+        "updated_by": "user_name"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/x-pack/test/functional/es_archives/lists/mappings.json b/x-pack/test/functional/es_archives/lists/mappings.json
new file mode 100644
index 0000000000000..c1b277b8183a3
--- /dev/null
+++ b/x-pack/test/functional/es_archives/lists/mappings.json
@@ -0,0 +1,2491 @@
+{
+  "type": "index",
+  "value": {
+    "aliases": {
+      ".kibana": {}
+    },
+    "index": ".kibana_1",
+    "mappings": {
+      "dynamic": "strict",
+      "_meta": {
+        "migrationMappingPropertyHashes": {
+          "ml-telemetry": "257fd1d4b4fdbb9cb4b8a3b27da201e9",
+          "visualization": "52d7a13ad68a150c4525b292d23e12cc",
+          "endpoint:user-artifact": "4a11183eee21e6fbad864f7a30b39ad0",
+          "references": "7997cf5a56cc02bdc9c93361bde732b0",
+          "graph-workspace": "cd7ba1330e6682e9cc00b78850874be1",
+          "epm-packages": "04696e7dba1b9597f7d6ed78a4a76658",
+          "type": "2f4316de49999235636386fe51dc06c1",
+          "space": "c5ca8acafa0beaa4d08d014a97b6bc6b",
+          "infrastructure-ui-source": "2b2809653635caf490c93f090502d04c",
+          "ingest_manager_settings": "012cf278ec84579495110bb827d1ed09",
+          "application_usage_totals": "3d1b76c39bfb2cc8296b024d73854724",
+          "action": "6e96ac5e648f57523879661ea72525b7",
+          "dashboard": "d00f614b29a80360e1190193fd333bab",
+          "metrics-explorer-view": "a8df1d270ee48c969d22d23812d08187",
+          "siem-detection-engine-rule-actions": "6569b288c169539db10cb262bf79de18",
+          "query": "11aaeb7f5f7fa5bb43f25e18ce26e7d9",
+          "file-upload-telemetry": "0ed4d3e1983d1217a30982630897092e",
+          "application_usage_transactional": "43b8830d5d0df85a6823d290885fc9fd",
+          "action_task_params": "a9d49f184ee89641044be0ca2950fa3a",
+          "fleet-agent-events": "3231653fafe4ef3196fe3b32ab774bf2",
+          "apm-indices": "9bb9b2bf1fa636ed8619cbab5ce6a1dd",
+          "inventory-view": "88fc7e12fd1b45b6f0787323ce4f18d2",
+          "upgrade-assistant-reindex-operation": "296a89039fc4260292be36b1b005d8f2",
+          "canvas-workpad-template": "ae2673f678281e2c055d764b153e9715",
+          "cases-comments": "c2061fb929f585df57425102fa928b4b",
+          "fleet-enrollment-api-keys": "28b91e20b105b6f928e2012600085d8f",
+          "canvas-element": "7390014e1091044523666d97247392fc",
+          "ingest-outputs": "8aa988c376e65443fefc26f1075e93a3",
+          "telemetry": "36a616f7026dfa617d6655df850fe16d",
+          "upgrade-assistant-telemetry": "56702cec857e0a9dacfb696655b4ff7b",
+          "lens-ui-telemetry": "509bfa5978586998e05f9e303c07a327",
+          "namespaces": "2f4316de49999235636386fe51dc06c1",
+          "siem-ui-timeline-note": "8874706eedc49059d4cf0f5094559084",
+          "lens": "d33c68a69ff1e78c9888dedd2164ac22",
+          "exception-list-agnostic": "4818e7dfc3e538562c80ec34eb6f841b",
+          "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4",
+          "fleet-agent-actions": "e520c855577170c24481be05c3ae14ec",
+          "exception-list": "4818e7dfc3e538562c80ec34eb6f841b",
+          "app_search_telemetry": "3d1b76c39bfb2cc8296b024d73854724",
+          "search": "5c4b9a6effceb17ae8a0ab22d0c49767",
+          "updated_at": "00da57df13e94e9d98437d13ace4bfe0",
+          "cases-configure": "42711cbb311976c0687853f4c1354572",
+          "canvas-workpad": "b0a1706d356228dbdcb4a17e6b9eb231",
+          "alert": "7b44fba6773e37c806ce290ea9b7024e",
+          "siem-detection-engine-rule-status": "ae783f41c6937db6b7a2ef5c93a9e9b0",
+          "map": "4a05b35c3a3a58fbc72dd0202dc3487f",
+          "uptime-dynamic-settings": "fcdb453a30092f022f2642db29523d80",
+          "cases": "32aa96a6d3855ddda53010ae2048ac22",
+          "apm-telemetry": "3d1b76c39bfb2cc8296b024d73854724",
+          "siem-ui-timeline": "94bc38c7a421d15fbfe8ea565370a421",
+          "kql-telemetry": "d12a98a6f19a2d273696597547e064ee",
+          "ui-metric": "0d409297dc5ebe1e3a1da691c6ee32e3",
+          "ingest-agent-configs": "9326f99c977fd2ef5ab24b6336a0675c",
+          "url": "c7f66a0df8b1b52f17c28c4adb111105",
+          "endpoint:user-artifact-manifest": "67c28185da541c1404e7852d30498cd6",
+          "migrationVersion": "4a1746014a75ade3a714e1db5763276f",
+          "index-pattern": "66eccb05066c5a89924f48a9e9736499",
+          "fleet-agents": "034346488514b7058a79140b19ddf631",
+          "maps-telemetry": "5ef305b18111b77789afefbd36b66171",
+          "namespace": "2f4316de49999235636386fe51dc06c1",
+          "cases-user-actions": "32277330ec6b721abe3b846cfd939a71",
+          "ingest-package-configs": "48e8bd97e488008e21c0b5a2367b83ad",
+          "timelion-sheet": "9a2a2748877c7a7b582fef201ab1d4cf",
+          "siem-ui-timeline-pinned-event": "20638091112f0e14f0e443d512301c29",
+          "config": "c63748b75f39d0c54de12d12c1ccbc20",
+          "tsvb-validation-telemetry": "3a37ef6c8700ae6fc97d5c7da00e9215",
+          "workplace_search_telemetry": "3d1b76c39bfb2cc8296b024d73854724"
+        }
+      },
+      "properties": {
+        "action": {
+          "properties": {
+            "actionTypeId": {
+              "type": "keyword"
+            },
+            "config": {
+              "type": "object",
+              "enabled": false
+            },
+            "name": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "secrets": {
+              "type": "binary"
+            }
+          }
+        },
+        "action_task_params": {
+          "properties": {
+            "actionId": {
+              "type": "keyword"
+            },
+            "apiKey": {
+              "type": "binary"
+            },
+            "params": {
+              "type": "object",
+              "enabled": false
+            }
+          }
+        },
+        "alert": {
+          "properties": {
+            "actions": {
+              "type": "nested",
+              "properties": {
+                "actionRef": {
+                  "type": "keyword"
+                },
+                "actionTypeId": {
+                  "type": "keyword"
+                },
+                "group": {
+                  "type": "keyword"
+                },
+                "params": {
+                  "type": "object",
+                  "enabled": false
+                }
+              }
+            },
+            "alertTypeId": {
+              "type": "keyword"
+            },
+            "apiKey": {
+              "type": "binary"
+            },
+            "apiKeyOwner": {
+              "type": "keyword"
+            },
+            "consumer": {
+              "type": "keyword"
+            },
+            "createdAt": {
+              "type": "date"
+            },
+            "createdBy": {
+              "type": "keyword"
+            },
+            "enabled": {
+              "type": "boolean"
+            },
+            "muteAll": {
+              "type": "boolean"
+            },
+            "mutedInstanceIds": {
+              "type": "keyword"
+            },
+            "name": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "params": {
+              "type": "object",
+              "enabled": false
+            },
+            "schedule": {
+              "properties": {
+                "interval": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "scheduledTaskId": {
+              "type": "keyword"
+            },
+            "tags": {
+              "type": "keyword"
+            },
+            "throttle": {
+              "type": "keyword"
+            },
+            "updatedBy": {
+              "type": "keyword"
+            }
+          }
+        },
+        "apm-indices": {
+          "properties": {
+            "apm_oss": {
+              "properties": {
+                "errorIndices": {
+                  "type": "keyword"
+                },
+                "metricsIndices": {
+                  "type": "keyword"
+                },
+                "onboardingIndices": {
+                  "type": "keyword"
+                },
+                "sourcemapIndices": {
+                  "type": "keyword"
+                },
+                "spanIndices": {
+                  "type": "keyword"
+                },
+                "transactionIndices": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "apm-telemetry": {
+          "type": "object",
+          "dynamic": "false"
+        },
+        "app_search_telemetry": {
+          "type": "object",
+          "dynamic": "false"
+        },
+        "application_usage_totals": {
+          "type": "object",
+          "dynamic": "false"
+        },
+        "application_usage_transactional": {
+          "dynamic": "false",
+          "properties": {
+            "timestamp": {
+              "type": "date"
+            }
+          }
+        },
+        "canvas-element": {
+          "dynamic": "false",
+          "properties": {
+            "@created": {
+              "type": "date"
+            },
+            "@timestamp": {
+              "type": "date"
+            },
+            "content": {
+              "type": "text"
+            },
+            "help": {
+              "type": "text"
+            },
+            "image": {
+              "type": "text"
+            },
+            "name": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "canvas-workpad": {
+          "dynamic": "false",
+          "properties": {
+            "@created": {
+              "type": "date"
+            },
+            "@timestamp": {
+              "type": "date"
+            },
+            "name": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "canvas-workpad-template": {
+          "dynamic": "false",
+          "properties": {
+            "help": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "name": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "tags": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "template_key": {
+              "type": "keyword"
+            }
+          }
+        },
+        "cases": {
+          "properties": {
+            "closed_at": {
+              "type": "date"
+            },
+            "closed_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "connector_id": {
+              "type": "keyword"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "created_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "description": {
+              "type": "text"
+            },
+            "external_service": {
+              "properties": {
+                "connector_id": {
+                  "type": "keyword"
+                },
+                "connector_name": {
+                  "type": "keyword"
+                },
+                "external_id": {
+                  "type": "keyword"
+                },
+                "external_title": {
+                  "type": "text"
+                },
+                "external_url": {
+                  "type": "text"
+                },
+                "pushed_at": {
+                  "type": "date"
+                },
+                "pushed_by": {
+                  "properties": {
+                    "email": {
+                      "type": "keyword"
+                    },
+                    "full_name": {
+                      "type": "keyword"
+                    },
+                    "username": {
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "status": {
+              "type": "keyword"
+            },
+            "tags": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "keyword"
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "cases-comments": {
+          "properties": {
+            "comment": {
+              "type": "text"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "created_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "pushed_at": {
+              "type": "date"
+            },
+            "pushed_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "cases-configure": {
+          "properties": {
+            "closure_type": {
+              "type": "keyword"
+            },
+            "connector_id": {
+              "type": "keyword"
+            },
+            "connector_name": {
+              "type": "keyword"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "created_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "cases-user-actions": {
+          "properties": {
+            "action": {
+              "type": "keyword"
+            },
+            "action_at": {
+              "type": "date"
+            },
+            "action_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "action_field": {
+              "type": "keyword"
+            },
+            "new_value": {
+              "type": "text"
+            },
+            "old_value": {
+              "type": "text"
+            }
+          }
+        },
+        "config": {
+          "dynamic": "false",
+          "properties": {
+            "buildNum": {
+              "type": "keyword"
+            }
+          }
+        },
+        "dashboard": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "hits": {
+              "type": "integer"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "optionsJSON": {
+              "type": "text"
+            },
+            "panelsJSON": {
+              "type": "text"
+            },
+            "refreshInterval": {
+              "properties": {
+                "display": {
+                  "type": "keyword"
+                },
+                "pause": {
+                  "type": "boolean"
+                },
+                "section": {
+                  "type": "integer"
+                },
+                "value": {
+                  "type": "integer"
+                }
+              }
+            },
+            "timeFrom": {
+              "type": "keyword"
+            },
+            "timeRestore": {
+              "type": "boolean"
+            },
+            "timeTo": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "endpoint:user-artifact": {
+          "properties": {
+            "body": {
+              "type": "binary"
+            },
+            "compressionAlgorithm": {
+              "type": "keyword",
+              "index": false
+            },
+            "created": {
+              "type": "date",
+              "index": false
+            },
+            "decodedSha256": {
+              "type": "keyword",
+              "index": false
+            },
+            "decodedSize": {
+              "type": "long",
+              "index": false
+            },
+            "encodedSha256": {
+              "type": "keyword"
+            },
+            "encodedSize": {
+              "type": "long",
+              "index": false
+            },
+            "encryptionAlgorithm": {
+              "type": "keyword",
+              "index": false
+            },
+            "identifier": {
+              "type": "keyword"
+            }
+          }
+        },
+        "endpoint:user-artifact-manifest": {
+          "properties": {
+            "created": {
+              "type": "date",
+              "index": false
+            },
+            "ids": {
+              "type": "keyword",
+              "index": false
+            }
+          }
+        },
+        "epm-packages": {
+          "properties": {
+            "es_index_patterns": {
+              "type": "object",
+              "enabled": false
+            },
+            "installed": {
+              "type": "nested",
+              "properties": {
+                "id": {
+                  "type": "keyword"
+                },
+                "type": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "internal": {
+              "type": "boolean"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "removable": {
+              "type": "boolean"
+            },
+            "version": {
+              "type": "keyword"
+            }
+          }
+        },
+        "exception-list": {
+          "properties": {
+            "_tags": {
+              "type": "keyword"
+            },
+            "comments": {
+              "properties": {
+                "comment": {
+                  "type": "keyword"
+                },
+                "created_at": {
+                  "type": "keyword"
+                },
+                "created_by": {
+                  "type": "keyword"
+                },
+                "updated_at": {
+                  "type": "keyword"
+                },
+                "updated_by": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "created_at": {
+              "type": "keyword"
+            },
+            "created_by": {
+              "type": "keyword"
+            },
+            "description": {
+              "type": "keyword"
+            },
+            "entries": {
+              "properties": {
+                "entries": {
+                  "properties": {
+                    "field": {
+                      "type": "keyword"
+                    },
+                    "operator": {
+                      "type": "keyword"
+                    },
+                    "type": {
+                      "type": "keyword"
+                    },
+                    "value": {
+                      "type": "keyword",
+                      "fields": {
+                        "text": {
+                          "type": "text"
+                        }
+                      }
+                    }
+                  }
+                },
+                "field": {
+                  "type": "keyword"
+                },
+                "list": {
+                  "properties": {
+                    "id": {
+                      "type": "keyword"
+                    },
+                    "type": {
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "operator": {
+                  "type": "keyword"
+                },
+                "type": {
+                  "type": "keyword"
+                },
+                "value": {
+                  "type": "keyword",
+                  "fields": {
+                    "text": {
+                      "type": "text"
+                    }
+                  }
+                }
+              }
+            },
+            "item_id": {
+              "type": "keyword"
+            },
+            "list_id": {
+              "type": "keyword"
+            },
+            "list_type": {
+              "type": "keyword"
+            },
+            "meta": {
+              "type": "keyword"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "tags": {
+              "type": "keyword"
+            },
+            "tie_breaker_id": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            },
+            "updated_by": {
+              "type": "keyword"
+            }
+          }
+        },
+        "exception-list-agnostic": {
+          "properties": {
+            "_tags": {
+              "type": "keyword"
+            },
+            "comments": {
+              "properties": {
+                "comment": {
+                  "type": "keyword"
+                },
+                "created_at": {
+                  "type": "keyword"
+                },
+                "created_by": {
+                  "type": "keyword"
+                },
+                "updated_at": {
+                  "type": "keyword"
+                },
+                "updated_by": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "created_at": {
+              "type": "keyword"
+            },
+            "created_by": {
+              "type": "keyword"
+            },
+            "description": {
+              "type": "keyword"
+            },
+            "entries": {
+              "properties": {
+                "entries": {
+                  "properties": {
+                    "field": {
+                      "type": "keyword"
+                    },
+                    "operator": {
+                      "type": "keyword"
+                    },
+                    "type": {
+                      "type": "keyword"
+                    },
+                    "value": {
+                      "type": "keyword",
+                      "fields": {
+                        "text": {
+                          "type": "text"
+                        }
+                      }
+                    }
+                  }
+                },
+                "field": {
+                  "type": "keyword"
+                },
+                "list": {
+                  "properties": {
+                    "id": {
+                      "type": "keyword"
+                    },
+                    "type": {
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "operator": {
+                  "type": "keyword"
+                },
+                "type": {
+                  "type": "keyword"
+                },
+                "value": {
+                  "type": "keyword",
+                  "fields": {
+                    "text": {
+                      "type": "text"
+                    }
+                  }
+                }
+              }
+            },
+            "item_id": {
+              "type": "keyword"
+            },
+            "list_id": {
+              "type": "keyword"
+            },
+            "list_type": {
+              "type": "keyword"
+            },
+            "meta": {
+              "type": "keyword"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "tags": {
+              "type": "keyword"
+            },
+            "tie_breaker_id": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            },
+            "updated_by": {
+              "type": "keyword"
+            }
+          }
+        },
+        "file-upload-telemetry": {
+          "properties": {
+            "filesUploadedTotalCount": {
+              "type": "long"
+            }
+          }
+        },
+        "fleet-agent-actions": {
+          "properties": {
+            "agent_id": {
+              "type": "keyword"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "data": {
+              "type": "binary"
+            },
+            "sent_at": {
+              "type": "date"
+            },
+            "type": {
+              "type": "keyword"
+            }
+          }
+        },
+        "fleet-agent-events": {
+          "properties": {
+            "action_id": {
+              "type": "keyword"
+            },
+            "agent_id": {
+              "type": "keyword"
+            },
+            "config_id": {
+              "type": "keyword"
+            },
+            "data": {
+              "type": "text"
+            },
+            "message": {
+              "type": "text"
+            },
+            "payload": {
+              "type": "text"
+            },
+            "stream_id": {
+              "type": "keyword"
+            },
+            "subtype": {
+              "type": "keyword"
+            },
+            "timestamp": {
+              "type": "date"
+            },
+            "type": {
+              "type": "keyword"
+            }
+          }
+        },
+        "fleet-agents": {
+          "properties": {
+            "access_api_key_id": {
+              "type": "keyword"
+            },
+            "active": {
+              "type": "boolean"
+            },
+            "config_id": {
+              "type": "keyword"
+            },
+            "config_revision": {
+              "type": "integer"
+            },
+            "current_error_events": {
+              "type": "text",
+              "index": false
+            },
+            "default_api_key": {
+              "type": "binary"
+            },
+            "default_api_key_id": {
+              "type": "keyword"
+            },
+            "enrolled_at": {
+              "type": "date"
+            },
+            "last_checkin": {
+              "type": "date"
+            },
+            "last_checkin_status": {
+              "type": "keyword"
+            },
+            "last_updated": {
+              "type": "date"
+            },
+            "local_metadata": {
+              "type": "flattened"
+            },
+            "packages": {
+              "type": "keyword"
+            },
+            "shared_id": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            },
+            "unenrolled_at": {
+              "type": "date"
+            },
+            "unenrollment_started_at": {
+              "type": "date"
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "user_provided_metadata": {
+              "type": "flattened"
+            },
+            "version": {
+              "type": "keyword"
+            }
+          }
+        },
+        "fleet-enrollment-api-keys": {
+          "properties": {
+            "active": {
+              "type": "boolean"
+            },
+            "api_key": {
+              "type": "binary"
+            },
+            "api_key_id": {
+              "type": "keyword"
+            },
+            "config_id": {
+              "type": "keyword"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "expire_at": {
+              "type": "date"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            },
+            "updated_at": {
+              "type": "date"
+            }
+          }
+        },
+        "graph-workspace": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "numLinks": {
+              "type": "integer"
+            },
+            "numVertices": {
+              "type": "integer"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            },
+            "wsState": {
+              "type": "text"
+            }
+          }
+        },
+        "index-pattern": {
+          "properties": {
+            "fieldFormatMap": {
+              "type": "text"
+            },
+            "fields": {
+              "type": "text"
+            },
+            "intervalName": {
+              "type": "keyword"
+            },
+            "notExpandable": {
+              "type": "boolean"
+            },
+            "sourceFilters": {
+              "type": "text"
+            },
+            "timeFieldName": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "type": {
+              "type": "keyword"
+            },
+            "typeMeta": {
+              "type": "keyword"
+            }
+          }
+        },
+        "infrastructure-ui-source": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "fields": {
+              "properties": {
+                "container": {
+                  "type": "keyword"
+                },
+                "host": {
+                  "type": "keyword"
+                },
+                "pod": {
+                  "type": "keyword"
+                },
+                "tiebreaker": {
+                  "type": "keyword"
+                },
+                "timestamp": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "inventoryDefaultView": {
+              "type": "keyword"
+            },
+            "logAlias": {
+              "type": "keyword"
+            },
+            "logColumns": {
+              "type": "nested",
+              "properties": {
+                "fieldColumn": {
+                  "properties": {
+                    "field": {
+                      "type": "keyword"
+                    },
+                    "id": {
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "messageColumn": {
+                  "properties": {
+                    "id": {
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "timestampColumn": {
+                  "properties": {
+                    "id": {
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "metricAlias": {
+              "type": "keyword"
+            },
+            "metricsExplorerDefaultView": {
+              "type": "keyword"
+            },
+            "name": {
+              "type": "text"
+            }
+          }
+        },
+        "ingest-agent-configs": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "is_default": {
+              "type": "boolean"
+            },
+            "monitoring_enabled": {
+              "type": "keyword",
+              "index": false
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "namespace": {
+              "type": "keyword"
+            },
+            "package_configs": {
+              "type": "keyword"
+            },
+            "revision": {
+              "type": "integer"
+            },
+            "status": {
+              "type": "keyword"
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "type": "keyword"
+            }
+          }
+        },
+        "ingest-outputs": {
+          "properties": {
+            "ca_sha256": {
+              "type": "keyword",
+              "index": false
+            },
+            "config": {
+              "type": "flattened"
+            },
+            "fleet_enroll_password": {
+              "type": "binary"
+            },
+            "fleet_enroll_username": {
+              "type": "binary"
+            },
+            "hosts": {
+              "type": "keyword"
+            },
+            "is_default": {
+              "type": "boolean"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            }
+          }
+        },
+        "ingest-package-configs": {
+          "properties": {
+            "config_id": {
+              "type": "keyword"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "created_by": {
+              "type": "keyword"
+            },
+            "description": {
+              "type": "text"
+            },
+            "enabled": {
+              "type": "boolean"
+            },
+            "inputs": {
+              "type": "nested",
+              "enabled": false,
+              "properties": {
+                "config": {
+                  "type": "flattened"
+                },
+                "enabled": {
+                  "type": "boolean"
+                },
+                "streams": {
+                  "type": "nested",
+                  "properties": {
+                    "compiled_stream": {
+                      "type": "flattened"
+                    },
+                    "config": {
+                      "type": "flattened"
+                    },
+                    "dataset": {
+                      "properties": {
+                        "name": {
+                          "type": "keyword"
+                        },
+                        "type": {
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "enabled": {
+                      "type": "boolean"
+                    },
+                    "id": {
+                      "type": "keyword"
+                    },
+                    "vars": {
+                      "type": "flattened"
+                    }
+                  }
+                },
+                "type": {
+                  "type": "keyword"
+                },
+                "vars": {
+                  "type": "flattened"
+                }
+              }
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "namespace": {
+              "type": "keyword"
+            },
+            "output_id": {
+              "type": "keyword"
+            },
+            "package": {
+              "properties": {
+                "name": {
+                  "type": "keyword"
+                },
+                "title": {
+                  "type": "keyword"
+                },
+                "version": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "revision": {
+              "type": "integer"
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "type": "keyword"
+            }
+          }
+        },
+        "ingest_manager_settings": {
+          "properties": {
+            "agent_auto_upgrade": {
+              "type": "keyword"
+            },
+            "has_seen_add_data_notice": {
+              "type": "boolean",
+              "index": false
+            },
+            "kibana_ca_sha256": {
+              "type": "keyword"
+            },
+            "kibana_url": {
+              "type": "keyword"
+            },
+            "package_auto_upgrade": {
+              "type": "keyword"
+            }
+          }
+        },
+        "inventory-view": {
+          "properties": {
+            "accountId": {
+              "type": "keyword"
+            },
+            "autoBounds": {
+              "type": "boolean"
+            },
+            "autoReload": {
+              "type": "boolean"
+            },
+            "boundsOverride": {
+              "properties": {
+                "max": {
+                  "type": "integer"
+                },
+                "min": {
+                  "type": "integer"
+                }
+              }
+            },
+            "customMetrics": {
+              "type": "nested",
+              "properties": {
+                "aggregation": {
+                  "type": "keyword"
+                },
+                "field": {
+                  "type": "keyword"
+                },
+                "id": {
+                  "type": "keyword"
+                },
+                "label": {
+                  "type": "keyword"
+                },
+                "type": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "customOptions": {
+              "type": "nested",
+              "properties": {
+                "field": {
+                  "type": "keyword"
+                },
+                "text": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "filterQuery": {
+              "properties": {
+                "expression": {
+                  "type": "keyword"
+                },
+                "kind": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "groupBy": {
+              "type": "nested",
+              "properties": {
+                "field": {
+                  "type": "keyword"
+                },
+                "label": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "legend": {
+              "properties": {
+                "palette": {
+                  "type": "keyword"
+                },
+                "reverseColors": {
+                  "type": "boolean"
+                },
+                "steps": {
+                  "type": "long"
+                }
+              }
+            },
+            "metric": {
+              "properties": {
+                "aggregation": {
+                  "type": "keyword"
+                },
+                "field": {
+                  "type": "keyword"
+                },
+                "id": {
+                  "type": "keyword"
+                },
+                "label": {
+                  "type": "keyword"
+                },
+                "type": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "nodeType": {
+              "type": "keyword"
+            },
+            "region": {
+              "type": "keyword"
+            },
+            "sort": {
+              "properties": {
+                "by": {
+                  "type": "keyword"
+                },
+                "direction": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "time": {
+              "type": "long"
+            },
+            "view": {
+              "type": "keyword"
+            }
+          }
+        },
+        "kql-telemetry": {
+          "properties": {
+            "optInCount": {
+              "type": "long"
+            },
+            "optOutCount": {
+              "type": "long"
+            }
+          }
+        },
+        "lens": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "expression": {
+              "type": "keyword",
+              "index": false
+            },
+            "state": {
+              "type": "flattened"
+            },
+            "title": {
+              "type": "text"
+            },
+            "visualizationType": {
+              "type": "keyword"
+            }
+          }
+        },
+        "lens-ui-telemetry": {
+          "properties": {
+            "count": {
+              "type": "integer"
+            },
+            "date": {
+              "type": "date"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            }
+          }
+        },
+        "map": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "layerListJSON": {
+              "type": "text"
+            },
+            "mapStateJSON": {
+              "type": "text"
+            },
+            "title": {
+              "type": "text"
+            },
+            "uiStateJSON": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "maps-telemetry": {
+          "type": "object",
+          "enabled": false
+        },
+        "metrics-explorer-view": {
+          "properties": {
+            "chartOptions": {
+              "properties": {
+                "stack": {
+                  "type": "boolean"
+                },
+                "type": {
+                  "type": "keyword"
+                },
+                "yAxisMode": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "currentTimerange": {
+              "properties": {
+                "from": {
+                  "type": "keyword"
+                },
+                "interval": {
+                  "type": "keyword"
+                },
+                "to": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "options": {
+              "properties": {
+                "aggregation": {
+                  "type": "keyword"
+                },
+                "filterQuery": {
+                  "type": "keyword"
+                },
+                "forceInterval": {
+                  "type": "boolean"
+                },
+                "groupBy": {
+                  "type": "keyword"
+                },
+                "limit": {
+                  "type": "integer"
+                },
+                "metrics": {
+                  "type": "nested",
+                  "properties": {
+                    "aggregation": {
+                      "type": "keyword"
+                    },
+                    "color": {
+                      "type": "keyword"
+                    },
+                    "field": {
+                      "type": "keyword"
+                    },
+                    "label": {
+                      "type": "keyword"
+                    }
+                  }
+                },
+                "source": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "migrationVersion": {
+          "dynamic": "true",
+          "properties": {
+            "config": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword",
+                  "ignore_above": 256
+                }
+              }
+            },
+            "space": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword",
+                  "ignore_above": 256
+                }
+              }
+            }
+          }
+        },
+        "ml-telemetry": {
+          "properties": {
+            "file_data_visualizer": {
+              "properties": {
+                "index_creation_count": {
+                  "type": "long"
+                }
+              }
+            }
+          }
+        },
+        "namespace": {
+          "type": "keyword"
+        },
+        "namespaces": {
+          "type": "keyword"
+        },
+        "query": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "filters": {
+              "type": "object",
+              "enabled": false
+            },
+            "query": {
+              "properties": {
+                "language": {
+                  "type": "keyword"
+                },
+                "query": {
+                  "type": "keyword",
+                  "index": false
+                }
+              }
+            },
+            "timefilter": {
+              "type": "object",
+              "enabled": false
+            },
+            "title": {
+              "type": "text"
+            }
+          }
+        },
+        "references": {
+          "type": "nested",
+          "properties": {
+            "id": {
+              "type": "keyword"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            }
+          }
+        },
+        "sample-data-telemetry": {
+          "properties": {
+            "installCount": {
+              "type": "long"
+            },
+            "unInstallCount": {
+              "type": "long"
+            }
+          }
+        },
+        "search": {
+          "properties": {
+            "columns": {
+              "type": "keyword",
+              "index": false
+            },
+            "description": {
+              "type": "text"
+            },
+            "hits": {
+              "type": "integer",
+              "index": false
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text",
+                  "index": false
+                }
+              }
+            },
+            "sort": {
+              "type": "keyword",
+              "index": false
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "siem-detection-engine-rule-actions": {
+          "properties": {
+            "actions": {
+              "properties": {
+                "action_type_id": {
+                  "type": "keyword"
+                },
+                "group": {
+                  "type": "keyword"
+                },
+                "id": {
+                  "type": "keyword"
+                },
+                "params": {
+                  "type": "object",
+                  "enabled": false
+                }
+              }
+            },
+            "alertThrottle": {
+              "type": "keyword"
+            },
+            "ruleAlertId": {
+              "type": "keyword"
+            },
+            "ruleThrottle": {
+              "type": "keyword"
+            }
+          }
+        },
+        "siem-detection-engine-rule-status": {
+          "properties": {
+            "alertId": {
+              "type": "keyword"
+            },
+            "bulkCreateTimeDurations": {
+              "type": "float"
+            },
+            "gap": {
+              "type": "text"
+            },
+            "lastFailureAt": {
+              "type": "date"
+            },
+            "lastFailureMessage": {
+              "type": "text"
+            },
+            "lastLookBackDate": {
+              "type": "date"
+            },
+            "lastSuccessAt": {
+              "type": "date"
+            },
+            "lastSuccessMessage": {
+              "type": "text"
+            },
+            "searchAfterTimeDurations": {
+              "type": "float"
+            },
+            "status": {
+              "type": "keyword"
+            },
+            "statusDate": {
+              "type": "date"
+            }
+          }
+        },
+        "siem-ui-timeline": {
+          "properties": {
+            "columns": {
+              "properties": {
+                "aggregatable": {
+                  "type": "boolean"
+                },
+                "category": {
+                  "type": "keyword"
+                },
+                "columnHeaderType": {
+                  "type": "keyword"
+                },
+                "description": {
+                  "type": "text"
+                },
+                "example": {
+                  "type": "text"
+                },
+                "id": {
+                  "type": "keyword"
+                },
+                "indexes": {
+                  "type": "keyword"
+                },
+                "name": {
+                  "type": "text"
+                },
+                "placeholder": {
+                  "type": "text"
+                },
+                "searchable": {
+                  "type": "boolean"
+                },
+                "type": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "created": {
+              "type": "date"
+            },
+            "createdBy": {
+              "type": "text"
+            },
+            "dataProviders": {
+              "properties": {
+                "and": {
+                  "properties": {
+                    "enabled": {
+                      "type": "boolean"
+                    },
+                    "excluded": {
+                      "type": "boolean"
+                    },
+                    "id": {
+                      "type": "keyword"
+                    },
+                    "kqlQuery": {
+                      "type": "text"
+                    },
+                    "name": {
+                      "type": "text"
+                    },
+                    "queryMatch": {
+                      "properties": {
+                        "displayField": {
+                          "type": "text"
+                        },
+                        "displayValue": {
+                          "type": "text"
+                        },
+                        "field": {
+                          "type": "text"
+                        },
+                        "operator": {
+                          "type": "text"
+                        },
+                        "value": {
+                          "type": "text"
+                        }
+                      }
+                    },
+                    "type": {
+                      "type": "text"
+                    }
+                  }
+                },
+                "enabled": {
+                  "type": "boolean"
+                },
+                "excluded": {
+                  "type": "boolean"
+                },
+                "id": {
+                  "type": "keyword"
+                },
+                "kqlQuery": {
+                  "type": "text"
+                },
+                "name": {
+                  "type": "text"
+                },
+                "queryMatch": {
+                  "properties": {
+                    "displayField": {
+                      "type": "text"
+                    },
+                    "displayValue": {
+                      "type": "text"
+                    },
+                    "field": {
+                      "type": "text"
+                    },
+                    "operator": {
+                      "type": "text"
+                    },
+                    "value": {
+                      "type": "text"
+                    }
+                  }
+                },
+                "type": {
+                  "type": "text"
+                }
+              }
+            },
+            "dateRange": {
+              "properties": {
+                "end": {
+                  "type": "date"
+                },
+                "start": {
+                  "type": "date"
+                }
+              }
+            },
+            "description": {
+              "type": "text"
+            },
+            "eventType": {
+              "type": "keyword"
+            },
+            "excludedRowRendererIds": {
+              "type": "text"
+            },
+            "favorite": {
+              "properties": {
+                "favoriteDate": {
+                  "type": "date"
+                },
+                "fullName": {
+                  "type": "text"
+                },
+                "keySearch": {
+                  "type": "text"
+                },
+                "userName": {
+                  "type": "text"
+                }
+              }
+            },
+            "filters": {
+              "properties": {
+                "exists": {
+                  "type": "text"
+                },
+                "match_all": {
+                  "type": "text"
+                },
+                "meta": {
+                  "properties": {
+                    "alias": {
+                      "type": "text"
+                    },
+                    "controlledBy": {
+                      "type": "text"
+                    },
+                    "disabled": {
+                      "type": "boolean"
+                    },
+                    "field": {
+                      "type": "text"
+                    },
+                    "formattedValue": {
+                      "type": "text"
+                    },
+                    "index": {
+                      "type": "keyword"
+                    },
+                    "key": {
+                      "type": "keyword"
+                    },
+                    "negate": {
+                      "type": "boolean"
+                    },
+                    "params": {
+                      "type": "text"
+                    },
+                    "type": {
+                      "type": "keyword"
+                    },
+                    "value": {
+                      "type": "text"
+                    }
+                  }
+                },
+                "missing": {
+                  "type": "text"
+                },
+                "query": {
+                  "type": "text"
+                },
+                "range": {
+                  "type": "text"
+                },
+                "script": {
+                  "type": "text"
+                }
+              }
+            },
+            "kqlMode": {
+              "type": "keyword"
+            },
+            "kqlQuery": {
+              "properties": {
+                "filterQuery": {
+                  "properties": {
+                    "kuery": {
+                      "properties": {
+                        "expression": {
+                          "type": "text"
+                        },
+                        "kind": {
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "serializedQuery": {
+                      "type": "text"
+                    }
+                  }
+                }
+              }
+            },
+            "savedQueryId": {
+              "type": "keyword"
+            },
+            "sort": {
+              "properties": {
+                "columnId": {
+                  "type": "keyword"
+                },
+                "sortDirection": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "status": {
+              "type": "keyword"
+            },
+            "templateTimelineId": {
+              "type": "text"
+            },
+            "templateTimelineVersion": {
+              "type": "integer"
+            },
+            "timelineType": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "updated": {
+              "type": "date"
+            },
+            "updatedBy": {
+              "type": "text"
+            }
+          }
+        },
+        "siem-ui-timeline-note": {
+          "properties": {
+            "created": {
+              "type": "date"
+            },
+            "createdBy": {
+              "type": "text"
+            },
+            "eventId": {
+              "type": "keyword"
+            },
+            "note": {
+              "type": "text"
+            },
+            "timelineId": {
+              "type": "keyword"
+            },
+            "updated": {
+              "type": "date"
+            },
+            "updatedBy": {
+              "type": "text"
+            }
+          }
+        },
+        "siem-ui-timeline-pinned-event": {
+          "properties": {
+            "created": {
+              "type": "date"
+            },
+            "createdBy": {
+              "type": "text"
+            },
+            "eventId": {
+              "type": "keyword"
+            },
+            "timelineId": {
+              "type": "keyword"
+            },
+            "updated": {
+              "type": "date"
+            },
+            "updatedBy": {
+              "type": "text"
+            }
+          }
+        },
+        "space": {
+          "properties": {
+            "_reserved": {
+              "type": "boolean"
+            },
+            "color": {
+              "type": "keyword"
+            },
+            "description": {
+              "type": "text"
+            },
+            "disabledFeatures": {
+              "type": "keyword"
+            },
+            "imageUrl": {
+              "type": "text",
+              "index": false
+            },
+            "initials": {
+              "type": "keyword"
+            },
+            "name": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword",
+                  "ignore_above": 2048
+                }
+              }
+            }
+          }
+        },
+        "telemetry": {
+          "properties": {
+            "allowChangingOptInStatus": {
+              "type": "boolean"
+            },
+            "enabled": {
+              "type": "boolean"
+            },
+            "lastReported": {
+              "type": "date"
+            },
+            "lastVersionChecked": {
+              "type": "keyword"
+            },
+            "reportFailureCount": {
+              "type": "integer"
+            },
+            "reportFailureVersion": {
+              "type": "keyword"
+            },
+            "sendUsageFrom": {
+              "type": "keyword"
+            },
+            "userHasSeenNotice": {
+              "type": "boolean"
+            }
+          }
+        },
+        "timelion-sheet": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "hits": {
+              "type": "integer"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "timelion_chart_height": {
+              "type": "integer"
+            },
+            "timelion_columns": {
+              "type": "integer"
+            },
+            "timelion_interval": {
+              "type": "keyword"
+            },
+            "timelion_other_interval": {
+              "type": "keyword"
+            },
+            "timelion_rows": {
+              "type": "integer"
+            },
+            "timelion_sheet": {
+              "type": "text"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "tsvb-validation-telemetry": {
+          "properties": {
+            "failedRequests": {
+              "type": "long"
+            }
+          }
+        },
+        "type": {
+          "type": "keyword"
+        },
+        "ui-metric": {
+          "properties": {
+            "count": {
+              "type": "integer"
+            }
+          }
+        },
+        "updated_at": {
+          "type": "date"
+        },
+        "upgrade-assistant-reindex-operation": {
+          "properties": {
+            "errorMessage": {
+              "type": "keyword"
+            },
+            "indexName": {
+              "type": "keyword"
+            },
+            "lastCompletedStep": {
+              "type": "integer"
+            },
+            "locked": {
+              "type": "date"
+            },
+            "newIndexName": {
+              "type": "keyword"
+            },
+            "reindexOptions": {
+              "properties": {
+                "openAndClose": {
+                  "type": "boolean"
+                },
+                "queueSettings": {
+                  "properties": {
+                    "queuedAt": {
+                      "type": "long"
+                    },
+                    "startedAt": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "reindexTaskId": {
+              "type": "keyword"
+            },
+            "reindexTaskPercComplete": {
+              "type": "float"
+            },
+            "runningReindexCount": {
+              "type": "integer"
+            },
+            "status": {
+              "type": "integer"
+            }
+          }
+        },
+        "upgrade-assistant-telemetry": {
+          "properties": {
+            "features": {
+              "properties": {
+                "deprecation_logging": {
+                  "properties": {
+                    "enabled": {
+                      "type": "boolean",
+                      "null_value": true
+                    }
+                  }
+                }
+              }
+            },
+            "ui_open": {
+              "properties": {
+                "cluster": {
+                  "type": "long",
+                  "null_value": 0
+                },
+                "indices": {
+                  "type": "long",
+                  "null_value": 0
+                },
+                "overview": {
+                  "type": "long",
+                  "null_value": 0
+                }
+              }
+            },
+            "ui_reindex": {
+              "properties": {
+                "close": {
+                  "type": "long",
+                  "null_value": 0
+                },
+                "open": {
+                  "type": "long",
+                  "null_value": 0
+                },
+                "start": {
+                  "type": "long",
+                  "null_value": 0
+                },
+                "stop": {
+                  "type": "long",
+                  "null_value": 0
+                }
+              }
+            }
+          }
+        },
+        "uptime-dynamic-settings": {
+          "properties": {
+            "certAgeThreshold": {
+              "type": "long"
+            },
+            "certExpirationThreshold": {
+              "type": "long"
+            },
+            "heartbeatIndices": {
+              "type": "keyword"
+            }
+          }
+        },
+        "url": {
+          "properties": {
+            "accessCount": {
+              "type": "long"
+            },
+            "accessDate": {
+              "type": "date"
+            },
+            "createDate": {
+              "type": "date"
+            },
+            "url": {
+              "type": "text",
+              "fields": {
+                "keyword": {
+                  "type": "keyword",
+                  "ignore_above": 2048
+                }
+              }
+            }
+          }
+        },
+        "visualization": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "savedSearchRefName": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "uiStateJSON": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            },
+            "visState": {
+              "type": "text"
+            }
+          }
+        },
+        "workplace_search_telemetry": {
+          "type": "object",
+          "dynamic": "false"
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "auto_expand_replicas": "0-1",
+        "number_of_replicas": "0",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/x-pack/test/ingest_manager_api_integration/apis/epm/install.ts b/x-pack/test/ingest_manager_api_integration/apis/epm/install.ts
index 54a7e0dcb9242..f2ca98ca39a0b 100644
--- a/x-pack/test/ingest_manager_api_integration/apis/epm/install.ts
+++ b/x-pack/test/ingest_manager_api_integration/apis/epm/install.ts
@@ -23,7 +23,7 @@ export default function ({ getService }: FtrProviderContext) {
 
   // Temporarily skipped to promote snapshot
   // Re-enabled in https://github.com/elastic/kibana/pull/71727
-  describe('installs packages that include settings and mappings overrides', async () => {
+  describe.skip('installs packages that include settings and mappings overrides', async () => {
     after(async () => {
       if (server.enabled) {
         // remove the package just in case it being installed will affect other tests
diff --git a/x-pack/test/stack_functional_integration/configs/config.stack_functional_integration_base.js b/x-pack/test/stack_functional_integration/configs/config.stack_functional_integration_base.js
index 96d338a04b01b..a34d158496ba0 100644
--- a/x-pack/test/stack_functional_integration/configs/config.stack_functional_integration_base.js
+++ b/x-pack/test/stack_functional_integration/configs/config.stack_functional_integration_base.js
@@ -12,16 +12,12 @@ import { esTestConfig, kbnTestConfig } from '@kbn/test';
 
 const reportName = 'Stack Functional Integration Tests';
 const testsFolder = '../test/functional/apps';
+const stateFilePath = '../../../../../integration-test/qa/envvars.sh';
+const prepend = (testFile) => require.resolve(`${testsFolder}/${testFile}`);
 const log = new ToolingLog({
   level: 'info',
   writeTo: process.stdout,
 });
-log.info(`WORKSPACE in config file ${process.env.WORKSPACE}`);
-const stateFilePath = process.env.WORKSPACE
-  ? `${process.env.WORKSPACE}/qa/envvars.sh`
-  : '../../../../../integration-test/qa/envvars.sh';
-
-const prepend = (testFile) => require.resolve(`${testsFolder}/${testFile}`);
 
 export default async ({ readConfigFile }) => {
   const defaultConfigs = await readConfigFile(require.resolve('../../functional/config'));
diff --git a/x-pack/test/stack_functional_integration/test/functional/apps/sample_data/e_commerce.js b/x-pack/test/stack_functional_integration/test/functional/apps/sample_data/e_commerce.js
index 0286f6984e89e..306f30133f6ee 100644
--- a/x-pack/test/stack_functional_integration/test/functional/apps/sample_data/e_commerce.js
+++ b/x-pack/test/stack_functional_integration/test/functional/apps/sample_data/e_commerce.js
@@ -12,7 +12,7 @@ export default function ({ getService, getPageObjects }) {
 
     before(async () => {
       await browser.setWindowSize(1200, 800);
-      await PageObjects.common.navigateToUrl('home', '/tutorial_directory/sampleData', {
+      await PageObjects.common.navigateToUrl('home', '/home/tutorial_directory/sampleData', {
         useActualUrl: true,
         insertTimestamp: false,
       });