Merge branch 'master' into feat/olm-any_policy_specific_trusted_apps_…

…should_no_longer_reference_the_policy_when_removed-767

.github/CODEOWNERS

@@ -107,6 +107,8 @@
 /x-pack/plugins/observability/public/components/shared/exploratory_view @elastic/uptime
 /x-pack/test/functional_with_es_ssl/apps/uptime  @elastic/uptime
 /x-pack/test/functional/apps/uptime @elastic/uptime
+/x-pack/test/functional/es_archives/uptime @elastic/uptime
+/x-pack/test/functional/services/uptime @elastic/uptime
 /x-pack/test/api_integration/apis/uptime @elastic/uptime
 
 # Client Side Monitoring / Uptime (lives in APM directories but owned by Uptime)

x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx

@@ -31,7 +31,6 @@ import { SiemSearchBar } from '../../../common/components/search_bar';
 import { SecuritySolutionPageWrapper } from '../../../common/components/page_wrapper';
 import { inputsSelectors } from '../../../common/store/inputs';
 import { setAbsoluteRangeDatePicker } from '../../../common/store/inputs/actions';
-import { useAlertInfo } from '../../components/alerts_info';
 import { AlertsTable } from '../../components/alerts_table';
 import { NoApiIntegrationKeyCallOut } from '../../components/callouts/no_api_integration_callout';
 import { AlertsHistogramPanel } from '../../components/alerts_kpis/alerts_histogram_panel';
@@ -42,7 +41,7 @@ import { DetectionEngineHeaderPage } from '../../components/detection_engine_hea
 import { useListsConfig } from '../../containers/detection_engine/lists/use_lists_config';
 import { DetectionEngineUserUnauthenticated } from './detection_engine_user_unauthenticated';
 import * as i18n from './translations';
-import { LinkButton } from '../../../common/components/links';
+import { LinkAnchor } from '../../../common/components/links';
 import { useFormatUrl } from '../../../common/components/link_to';
 import { useGlobalFullScreen } from '../../../common/containers/use_full_screen';
 import { Display } from '../../../hosts/pages/display';
@@ -122,7 +121,6 @@ const DetectionEnginePageComponent: React.FC<DetectionEngineComponentProps> = ({
     loading: listsConfigLoading,
     needsConfiguration: needsListsConfiguration,
   } = useListsConfig();
-  const [lastAlerts] = useAlertInfo({});
   const { formatUrl } = useFormatUrl(SecurityPageName.rules);
   const [showBuildingBlockAlerts, setShowBuildingBlockAlerts] = useState(false);
   const [showOnlyThreatIndicatorAlerts, setShowOnlyThreatIndicatorAlerts] = useState(false);
@@ -281,27 +279,14 @@ const DetectionEnginePageComponent: React.FC<DetectionEngineComponentProps> = ({
             data-test-subj="detectionsAlertsPage"
           >
             <Display show={!globalFullScreen}>
-              <DetectionEngineHeaderPage
-                subtitle={
-                  lastAlerts != null && (
-                    <>
-                      {i18n.LAST_ALERT}
-                      {': '}
-                      {lastAlerts}
-                    </>
-                  )
-                }
-                title={i18n.PAGE_TITLE}
-              >
-                <LinkButton
-                  fill
+              <DetectionEngineHeaderPage title={i18n.PAGE_TITLE}>
+                <LinkAnchor
                   onClick={goToRules}
                   href={formatUrl(getRulesUrl())}
-                  iconType="gear"
                   data-test-subj="manage-alert-detection-rules"
                 >
                   {i18n.BUTTON_MANAGE_RULES}
-                </LinkButton>
+                </LinkAnchor>
               </DetectionEngineHeaderPage>
               <EuiHorizontalRule margin="m" />
               <AlertsTableFilterGroup onFilterGroupChanged={onFilterGroupChangedCallback} />

x-pack/plugins/security_solution/public/detections/pages/detection_engine/translations.ts

@@ -43,7 +43,7 @@ export const ALERT = i18n.translate('xpack.securitySolution.detectionEngine.aler
 export const BUTTON_MANAGE_RULES = i18n.translate(
   'xpack.securitySolution.detectionEngine.buttonManageRules',
   {
-    defaultMessage: 'Manage detection rules',
+    defaultMessage: 'Manage rules',
   }
 );
 

x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/rule.ts

@@ -5,7 +5,9 @@
  * 2.0.
  */
 
-export const createRuleMock = () => ({
+import { RuleParams } from '../../schemas/rule_schemas';
+
+export const createRuleMock = (params: Partial<RuleParams>) => ({
   actions: [],
   author: [],
   buildingBlockType: undefined,
@@ -49,4 +51,5 @@ export const createRuleMock = () => ({
   updatedAt: '2020-01-10T21:11:45.839Z',
   updatedBy: 'elastic',
   version: 1,
+  ...params,
 });

x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/rule_type.ts

@@ -18,8 +18,12 @@ import { AlertAttributes } from '../../signals/types';
 import { createRuleMock } from './rule';
 import { listMock } from '../../../../../../lists/server/mocks';
 import { ruleRegistryMocks } from '../../../../../../rule_registry/server/mocks';
+import { RuleParams } from '../../schemas/rule_schemas';
 
-export const createRuleTypeMocks = () => {
+export const createRuleTypeMocks = (
+  ruleType: string = 'query',
+  ruleParams: Partial<RuleParams> = {}
+) => {
   /* eslint-disable @typescript-eslint/no-explicit-any */
   let alertExecutor: (...args: any[]) => Promise<any>;
 
@@ -43,7 +47,7 @@ export const createRuleTypeMocks = () => {
   const mockSavedObjectsClient = savedObjectsClientMock.create();
   mockSavedObjectsClient.get.mockResolvedValue({
     id: 'de2f6a49-28a3-4794-bad7-0e9482e075f8',
-    type: 'query',
+    type: ruleType,
     references: [],
     attributes: {
       actions: [],
@@ -57,7 +61,7 @@ export const createRuleTypeMocks = () => {
         interval: '30m',
       },
       throttle: '',
-      params: createRuleMock(),
+      params: createRuleMock(ruleParams),
     },
   } as SavedObject<AlertAttributes>);
 

x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/field_maps/cti.ts

@@ -0,0 +1,154 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const ctiFieldMap = {
+  'threat.indicator': {
+    type: 'nested',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.as.number': {
+    type: 'long',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.as.organization.name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.confidence': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.dataset': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.description': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.domain': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.email.address': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.first_seen': {
+    type: 'date',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.city_name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.continent_name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.country_iso_code': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.country_name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.location': {
+    type: 'geo_point',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.region_iso_code': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.geo.region_name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.ip': {
+    type: 'ip',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.last_seen': {
+    type: 'date',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.marking.tlp': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.matched.atomic': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.matched.field': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.matched.type': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.module': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.port': {
+    type: 'long',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.provider': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.scanner_stats': {
+    type: 'long',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.sightings': {
+    type: 'long',
+    array: false,
+    required: false,
+  },
+  'threat.indicator.type': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+};

x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/index.ts

@@ -6,3 +6,4 @@
  */
 
 export { createQueryAlertType } from './query/create_query_alert_type';
+export { createIndicatorMatchAlertType } from './indicator_match/create_indicator_match_alert_type';