Merge branch 'master' of github.com:elastic/kibana into siem-keep-rel…

…ative-date-real

.github/PULL_REQUEST_TEMPLATE.md

@@ -4,16 +4,15 @@ Summarize your PR. If it involves visual changes include a screenshot or gif.
 
 ### Checklist
 
-Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR.
+Delete any items that are not applicable to this PR.
 
-- [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)
 - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)
 - [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials
 - [ ] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
 - [ ] This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)
+- [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)
+- [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)
 
 ### For maintainers
 
 - [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
-- [ ] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
-

NOTICE.txt

@@ -162,8 +162,6 @@ which is available under a "MIT" license. The files based on this license are:
 - windows_priv_escalation_via_accessibility_features.json
 - windows_persistence_via_application_shimming.json
 - windows_execution_via_trusted_developer_utilities.json
-- windows_execution_via_net_com_assemblies.json
-- windows_execution_via_connection_manager.json
 
 MIT License
 

docs/siem/siem-ui.asciidoc

@@ -33,6 +33,23 @@ investigation.
 [role="screenshot"]
 image::siem/images/network-ui.png[]
 
+[float]
+[[detections-ui]]
+=== Detections
+
+The Detections feature automatically searches for threats and creates 
+signals when they are detected. Signal detection rules define the conditions 
+for creating signals. The SIEM app comes with prebuilt rules that search for 
+suspicious activity on your network and hosts. Additionally, you can
+create your own rules.
+
+See {siem-guide}/detection-engine-overview.html[Detections] in the SIEM 
+Guide for information on managing detection rules and signals via the UI 
+or the Detections API.
+
+[role="screenshot"]
+image::siem/images/detections-ui.png[]
+
 [float]
 [[timelines-ui]]
 === Timeline

package.json

@@ -144,7 +144,7 @@
     "@types/react-grid-layout": "^0.16.7",
     "@types/recompose": "^0.30.5",
     "JSONStream": "1.3.5",
-    "abortcontroller-polyfill": "^1.3.0",
+    "abort-controller": "^3.0.0",
     "angular": "^1.7.9",
     "angular-aria": "^1.7.8",
     "angular-elastic": "^2.5.1",
@@ -476,7 +476,7 @@
     "strip-ansi": "^3.0.1",
     "supertest": "^3.1.0",
     "supertest-as-promised": "^4.0.2",
-    "tree-kill": "^1.2.1",
+    "tree-kill": "^1.2.2",
     "typescript": "3.7.2",
     "typings-tester": "^0.3.2",
     "vinyl-fs": "^3.0.3",

packages/kbn-dev-utils/package.json

@@ -18,7 +18,7 @@
     "load-json-file": "^6.2.0",
     "moment": "^2.24.0",
     "rxjs": "^6.5.3",
-    "tree-kill": "^1.2.1",
+    "tree-kill": "^1.2.2",
     "tslib": "^1.9.3"
   },
   "devDependencies": {

packages/kbn-es/package.json

@@ -17,7 +17,7 @@
     "node-fetch": "^2.6.0",
     "simple-git": "^1.91.0",
     "tar-fs": "^1.16.3",
-    "tree-kill": "^1.2.1",
+    "tree-kill": "^1.2.2",
     "yauzl": "^2.10.0"
   }
 }

packages/kbn-pm/dist/index.js

@@ -36382,15 +36382,24 @@ var spawn = childProcess.spawn;
 var exec = childProcess.exec;
 
 module.exports = function (pid, signal, callback) {
+    if (typeof signal === 'function' && callback === undefined) {
+        callback = signal;
+        signal = undefined;
+    }
+
+    pid = parseInt(pid);
+    if (Number.isNaN(pid)) {
+        if (callback) {
+            return callback(new Error("pid must be a number"));
+        } else {
+            throw new Error("pid must be a number");
+        }
+    }
+
     var tree = {};
     var pidsToProcess = {};
     tree[pid] = [];
     pidsToProcess[pid] = 1;
-
-    if (typeof signal === 'function' && callback === undefined) {
-      callback = signal;
-      signal = undefined;
-    }
 
     switch (process.platform) {
     case 'win32':
@@ -56572,12 +56581,18 @@ function runScriptInPackageStreaming(script, args, pkg) {
   });
 }
 async function yarnWorkspacesInfo(directory) {
-  const workspacesInfo = await Object(_child_process__WEBPACK_IMPORTED_MODULE_0__["spawn"])('yarn', ['workspaces', 'info', '--json'], {
+  const {
+    stdout
+  } = await Object(_child_process__WEBPACK_IMPORTED_MODULE_0__["spawn"])('yarn', ['--json', 'workspaces', 'info'], {
     cwd: directory,
     stdio: 'pipe'
   });
-  const stdout = JSON.parse(workspacesInfo.stdout);
-  return JSON.parse(stdout.data);
+
+  try {
+    return JSON.parse(JSON.parse(stdout).data);
+  } catch (error) {
+    throw new Error(`'yarn workspaces info --json' produced unexpected output: \n${stdout}`);
+  }
 }
 
 /***/ }),

packages/kbn-pm/src/utils/scripts.ts

@@ -67,11 +67,14 @@ export function runScriptInPackageStreaming(script: string, args: string[], pkg:
 }
 
 export async function yarnWorkspacesInfo(directory: string): Promise<WorkspacesInfo> {
-  const workspacesInfo = await spawn('yarn', ['workspaces', 'info', '--json'], {
+  const { stdout } = await spawn('yarn', ['--json', 'workspaces', 'info'], {
     cwd: directory,
     stdio: 'pipe',
   });
 
-  const stdout = JSON.parse(workspacesInfo.stdout);
-  return JSON.parse(stdout.data);
+  try {
+    return JSON.parse(JSON.parse(stdout).data);
+  } catch (error) {
+    throw new Error(`'yarn workspaces info --json' produced unexpected output: \n${stdout}`);
+  }
 }

packages/kbn-ui-shared-deps/package.json

@@ -9,12 +9,12 @@
     "kbn:watch": "node scripts/build --watch"
   },
   "devDependencies": {
+    "abort-controller": "^3.0.0",
     "@elastic/eui": "18.3.0",
     "@elastic/charts": "^16.1.0",
     "@kbn/dev-utils": "1.0.0",
     "@kbn/i18n": "1.0.0",
     "@yarnpkg/lockfile": "^1.1.0",
-    "abortcontroller-polyfill": "^1.3.0",
     "angular": "^1.7.9",
     "core-js": "^3.2.1",
     "css-loader": "^2.1.1",
@@ -24,13 +24,13 @@
     "mini-css-extract-plugin": "0.8.0",
     "moment": "^2.24.0",
     "moment-timezone": "^0.5.27",
+    "react": "^16.12.0",
     "react-dom": "^16.12.0",
     "react-intl": "^2.8.0",
-    "react": "^16.12.0",
     "read-pkg": "^5.2.0",
     "regenerator-runtime": "^0.13.3",
     "symbol-observable": "^1.2.0",
     "webpack": "4.41.0",
     "whatwg-fetch": "^3.0.0"
   }
-}
+}

packages/kbn-ui-shared-deps/polyfills.js

@@ -21,6 +21,6 @@ require('core-js/stable');
 require('regenerator-runtime/runtime');
 require('custom-event-polyfill');
 require('whatwg-fetch');
-require('abortcontroller-polyfill/dist/polyfill-patch-fetch');
+require('abort-controller/polyfill');
 require('./vendor/childnode_remove_polyfill');
 require('symbol-observable');

src/legacy/core_plugins/data/public/actions/filters/brush_event.test.js

@@ -21,7 +21,7 @@ import _ from 'lodash';
 import moment from 'moment';
 import expect from '@kbn/expect';
 
-jest.mock('../../../../../ui/public/agg_types/agg_configs', () => ({
+jest.mock('../../search/aggs', () => ({
   AggConfigs: function AggConfigs() {
     return {
       createAggConfig: ({ params }) => ({

src/legacy/core_plugins/data/public/index.ts

@@ -18,7 +18,7 @@
  */
 
 // /// Define plugin function
-import { DataPlugin as Plugin, DataStart } from './plugin';
+import { DataPlugin as Plugin } from './plugin';
 
 export function plugin() {
   return new Plugin();
@@ -27,14 +27,58 @@ export function plugin() {
 // /// Export types & static code
 
 /** @public types */
-export { DataStart };
+export { DataSetup, DataStart } from './plugin';
 export {
   SavedQueryAttributes,
   SavedQuery,
   SavedQueryTimeFilter,
 } from '../../../../plugins/data/public';
+export {
+  // agg_types
+  AggParam,
+  AggParamOption,
+  DateRangeKey,
+  IAggConfig,
+  IAggConfigs,
+  IAggType,
+  IFieldParamType,
+  IMetricAggType,
+  IpRangeKey,
+  ISchemas,
+  OptionedParamEditorProps,
+  OptionedValueProp,
+} from './search/types';
 
 /** @public static code */
 export * from '../common';
 export { FilterStateManager } from './filter/filter_manager';
-export { getRequestInspectorStats, getResponseInspectorStats } from './search';
+export {
+  // agg_types TODO need to group these under a namespace or prefix
+  AggParamType,
+  AggTypeFilters, // TODO convert to interface
+  aggTypeFilters,
+  AggTypeFieldFilters, // TODO convert to interface
+  AggGroupNames,
+  aggGroupNamesMap,
+  BUCKET_TYPES,
+  CidrMask,
+  convertDateRangeToString,
+  convertIPRangeToString,
+  intervalOptions, // only used in Discover
+  isDateHistogramBucketAggConfig,
+  isStringType,
+  isType,
+  isValidInterval,
+  isValidJson,
+  METRIC_TYPES,
+  OptionedParamType,
+  parentPipelineType,
+  propFilter,
+  Schema,
+  Schemas,
+  siblingPipelineType,
+  termsAggFilter,
+  // search_source
+  getRequestInspectorStats,
+  getResponseInspectorStats,
+} from './search';

src/legacy/core_plugins/data/public/plugin.ts

@@ -45,6 +45,8 @@ import {
 } from '../../../../plugins/embeddable/public/lib/triggers';
 import { IUiActionsSetup, IUiActionsStart } from '../../../../plugins/ui_actions/public';
 
+import { SearchSetup, SearchStart, SearchService } from './search/search_service';
+
 export interface DataPluginSetupDependencies {
   data: DataPublicPluginSetup;
   expressions: ExpressionsSetup;
@@ -56,12 +58,23 @@ export interface DataPluginStartDependencies {
   uiActions: IUiActionsStart;
 }
 
+/**
+ * Interface for this plugin's returned `setup` contract.
+ *
+ * @public
+ */
+export interface DataSetup {
+  search: SearchSetup;
+}
+
 /**
  * Interface for this plugin's returned `start` contract.
  *
  * @public
  */
-export interface DataStart {} // eslint-disable-line @typescript-eslint/no-empty-interface
+export interface DataStart {
+  search: SearchStart;
+}
 
 /**
  * Data Plugin - public
@@ -76,7 +89,10 @@ export interface DataStart {} // eslint-disable-line @typescript-eslint/no-empty
  */
 
 export class DataPlugin
-  implements Plugin<void, DataStart, DataPluginSetupDependencies, DataPluginStartDependencies> {
+  implements
+    Plugin<DataSetup, DataStart, DataPluginSetupDependencies, DataPluginStartDependencies> {
+  private readonly search = new SearchService();
+
   public setup(core: CoreSetup, { data, uiActions }: DataPluginSetupDependencies) {
     setInjectedMetadata(core.injectedMetadata);
 
@@ -89,6 +105,10 @@ export class DataPlugin
     uiActions.registerAction(
       valueClickAction(data.query.filterManager, data.query.timefilter.timefilter)
     );
+
+    return {
+      search: this.search.setup(core),
+    };
   }
 
   public start(core: CoreStart, { data, uiActions }: DataPluginStartDependencies): DataStart {
@@ -102,7 +122,9 @@ export class DataPlugin
     uiActions.attachAction(SELECT_RANGE_TRIGGER, SELECT_RANGE_ACTION);
     uiActions.attachAction(VALUE_CLICK_TRIGGER, VALUE_CLICK_ACTION);
 
-    return {};
+    return {
+      search: this.search.start(core),
+    };
   }
 
   public stop() {}

src/legacy/ui/public/agg_types/__tests__/buckets/_terms_other_bucket_helper.js → src/legacy/core_plugins/data/public/search/aggs/__tests__/buckets/_terms_other_bucket_helper.js

@@ -24,7 +24,7 @@ import {
   mergeOtherBucketAggResponse,
   updateMissingBucket,
 } from '../../buckets/_terms_other_bucket_helper';
-import { Vis } from '../../../../../core_plugins/visualizations/public';
+import { Vis } from '../../../../../../../core_plugins/visualizations/public';
 import FixturesStubbedLogstashIndexPatternProvider from 'fixtures/stubbed_logstash_index_pattern';
 
 const visConfigSingleTerm = {