elastic
diff --git a/‎.buildkite/ftr_security_serverless_configs.yml‎
Lines changed: 1 addition & 0 deletions b/‎.buildkite/ftr_security_serverless_configs.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.buildkite/ftr_security_stateful_configs.yml‎
Lines changed: 1 addition & 0 deletions b/‎.buildkite/ftr_security_stateful_configs.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml‎
Lines changed: 18 additions & 0 deletions b/‎packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml‎
Lines changed: 18 additions & 0 deletions b/‎packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_bundle.js‎
Lines changed: 14 additions & 0 deletions b/‎packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_bundle.js‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎x-pack/plugins/cases/server/telemetry/collect_telemetry_data.ts‎
Lines changed: 1 addition & 1 deletion b/‎x-pack/plugins/cases/server/telemetry/collect_telemetry_data.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎x-pack/plugins/cases/server/telemetry/index.ts‎
Lines changed: 9 additions & 8 deletions b/‎x-pack/plugins/cases/server/telemetry/index.ts‎
Lines changed: 9 additions & 8 deletions
diff --git a/‎x-pack/plugins/cases/server/telemetry/queries/alerts.test.ts‎
Lines changed: 9 additions & 2 deletions b/‎x-pack/plugins/cases/server/telemetry/queries/alerts.test.ts‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎x-pack/plugins/cases/server/telemetry/queries/case_system_action.test.ts‎
Lines changed: 48 additions & 2 deletions b/‎x-pack/plugins/cases/server/telemetry/queries/case_system_action.test.ts‎
Lines changed: 48 additions & 2 deletions
diff --git a/‎x-pack/plugins/cases/server/telemetry/queries/case_system_action.ts‎
Lines changed: 1 addition & 0 deletions b/‎x-pack/plugins/cases/server/telemetry/queries/case_system_action.ts‎
Lines changed: 1 addition & 0 deletions
@@ -81,6 +81,7 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/basic_license_essentials_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/explore/hosts/trial_license_complete_tier/configs/serverless.config.ts
 
@@ -62,6 +62,7 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/user_roles/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/basic_license_essentials_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/explore/hosts/trial_license_complete_tier/configs/ess.config.ts
 
@@ -52,6 +52,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Create an endpoint exception list
+      tags:
+        - Security Solution Endpoint Exceptions API
   /api/endpoint_list/items:
     delete:
       description: >-
@@ -111,6 +113,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Delete an endpoint exception list item
+      tags:
+        - Security Solution Endpoint Exceptions API
     get:
       description: >-
         Get the details of an endpoint exception list item using the `id` or
@@ -171,6 +175,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Get an endpoint exception list item
+      tags:
+        - Security Solution Endpoint Exceptions API
     post:
       description: >-
         Create an endpoint exception list item, and associate it with the
@@ -250,6 +256,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Create an endpoint exception list item
+      tags:
+        - Security Solution Endpoint Exceptions API
     put:
       description: >-
         Update an endpoint exception list item using the `id` or `item_id`
@@ -334,6 +342,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Update an endpoint exception list item
+      tags:
+        - Security Solution Endpoint Exceptions API
   /api/endpoint_list/items/_find:
     get:
       description: Get a list of all endpoint exception list items.
@@ -439,6 +449,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Get endpoint exception list items
+      tags:
+        - Security Solution Endpoint Exceptions API
 components:
   schemas:
     EndpointList:
@@ -867,3 +879,9 @@ components:
       type: http
 security:
   - BasicAuth: []
+tags:
+  - description: >-
+      Endpoint Exceptions API allows you to manage detection rule endpoint
+      exceptions to prevent a rule from generating an alert from incoming events
+      even when the rule's other criteria are met.
+    name: Security Solution Endpoint Exceptions API
@@ -52,6 +52,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Create an endpoint exception list
+      tags:
+        - Security Solution Endpoint Exceptions API
   /api/endpoint_list/items:
     delete:
       description: >-
@@ -111,6 +113,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Delete an endpoint exception list item
+      tags:
+        - Security Solution Endpoint Exceptions API
     get:
       description: >-
         Get the details of an endpoint exception list item using the `id` or
@@ -171,6 +175,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Get an endpoint exception list item
+      tags:
+        - Security Solution Endpoint Exceptions API
     post:
       description: >-
         Create an endpoint exception list item, and associate it with the
@@ -250,6 +256,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Create an endpoint exception list item
+      tags:
+        - Security Solution Endpoint Exceptions API
     put:
       description: >-
         Update an endpoint exception list item using the `id` or `item_id`
@@ -334,6 +342,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Update an endpoint exception list item
+      tags:
+        - Security Solution Endpoint Exceptions API
   /api/endpoint_list/items/_find:
     get:
       description: Get a list of all endpoint exception list items.
@@ -439,6 +449,8 @@ paths:
                 $ref: '#/components/schemas/SiemErrorResponse'
           description: Internal server error
       summary: Get endpoint exception list items
+      tags:
+        - Security Solution Endpoint Exceptions API
 components:
   schemas:
     EndpointList:
@@ -867,3 +879,9 @@ components:
       type: http
 security:
   - BasicAuth: []
+tags:
+  - description: >-
+      Endpoint Exceptions API allows you to manage detection rule endpoint
+      exceptions to prevent a rule from generating an alert from incoming events
+      even when the rule's other criteria are met.
+    name: Security Solution Endpoint Exceptions API
@@ -27,6 +27,13 @@ const ROOT = resolve(__dirname, '..');
           title: 'Security Solution Endpoint Exceptions API (Elastic Cloud Serverless)',
           description: 'Endpoint Exceptions API allow you to manage Endpoint lists.',
         },
+        tags: [
+          {
+            name: 'Security Solution Endpoint Exceptions API',
+            description:
+              "Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.",
+          },
+        ],
       },
     },
   });
@@ -44,6 +51,13 @@ const ROOT = resolve(__dirname, '..');
           title: 'Security Solution Endpoint Exceptions API (Elastic Cloud and self-hosted)',
           description: 'Endpoint Exceptions API allow you to manage Endpoint lists.',
         },
+        tags: [
+          {
+            name: 'Security Solution Endpoint Exceptions API',
+            description:
+              "Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.",
+          },
+        ],
       },
     },
   });
 
@@ -11,7 +11,7 @@ import { getCasesSystemActionData } from './queries/case_system_action';
 import { getUserCommentsTelemetryData } from './queries/comments';
 import { getConfigurationTelemetryData } from './queries/configuration';
 import { getConnectorsTelemetryData } from './queries/connectors';
-import { getPushedTelemetryData } from './queries/pushes';
+import { getPushedTelemetryData } from './queries/push';
 import { getUserActionsTelemetryData } from './queries/user_actions';
 import type { CasesTelemetry, CollectTelemetryDataParams } from './types';
 
 
@@ -5,12 +5,7 @@
  * 2.0.
  */
 
-import type {
-  CoreSetup,
-  ISavedObjectsRepository,
-  Logger,
-  PluginInitializerContext,
-} from '@kbn/core/server';
+import type { CoreSetup, Logger, PluginInitializerContext } from '@kbn/core/server';
 import { SavedObjectsErrorHelpers } from '@kbn/core/server';
 import type { TaskManagerSetupContract } from '@kbn/task-manager-plugin/server';
 import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
@@ -25,6 +20,7 @@ import {
 } from '../../common/constants';
 import type { CasesTelemetry } from './types';
 import { casesSchema } from './schema';
+import { TelemetrySavedObjectsClient } from './telemetry_saved_objects_client';
 
 export { scheduleCasesTelemetryTask } from './schedule_telemetry_task';
 
@@ -42,13 +38,18 @@ export const createCasesTelemetry = ({
   usageCollection,
   logger,
 }: CreateCasesTelemetryArgs) => {
-  const getInternalSavedObjectClient = async (): Promise<ISavedObjectsRepository> => {
+  const getInternalSavedObjectClient = async (): Promise<TelemetrySavedObjectsClient> => {
     const [coreStart] = await core.getStartServices();
-    return coreStart.savedObjects.createInternalRepository([
+    const soClient = coreStart.savedObjects.createInternalRepository([
       ...SAVED_OBJECT_TYPES,
       FILE_SO_TYPE,
       CASE_RULES_SAVED_OBJECT,
     ]);
+
+    // Wrapping the internalRepository with the `TelemetrySavedObjectsClient`
+    // to ensure some best practices when collecting "all the telemetry"
+    // (i.e.: `.find` requests should query all spaces)
+    return new TelemetrySavedObjectsClient(soClient);
   };
 
   taskManager.registerTaskDefinitions({
 
@@ -7,12 +7,15 @@
 
 import { loggingSystemMock, savedObjectsRepositoryMock } from '@kbn/core/server/mocks';
 import { getAlertsTelemetryData } from './alerts';
+import { TelemetrySavedObjectsClient } from '../telemetry_saved_objects_client';
 
 describe('alerts', () => {
   const logger = loggingSystemMock.createLogger();
 
   describe('getAlertsTelemetryData', () => {
     const savedObjectsClient = savedObjectsRepositoryMock.create();
+    const telemetrySavedObjectsClient = new TelemetrySavedObjectsClient(savedObjectsClient);
+
     savedObjectsClient.find.mockResolvedValue({
       total: 5,
       saved_objects: [],
@@ -35,7 +38,10 @@ describe('alerts', () => {
     });
 
     it('it returns the correct res', async () => {
-      const res = await getAlertsTelemetryData({ savedObjectsClient, logger });
+      const res = await getAlertsTelemetryData({
+        savedObjectsClient: telemetrySavedObjectsClient,
+        logger,
+      });
       expect(res).toEqual({
         all: {
           total: 5,
@@ -48,7 +54,7 @@ describe('alerts', () => {
     });
 
     it('should call find with correct arguments', async () => {
-      await getAlertsTelemetryData({ savedObjectsClient, logger });
+      await getAlertsTelemetryData({ savedObjectsClient: telemetrySavedObjectsClient, logger });
       expect(savedObjectsClient.find).toBeCalledWith({
         aggs: {
           counts: {
@@ -117,6 +123,7 @@ describe('alerts', () => {
         page: 0,
         perPage: 0,
         type: 'cases-comments',
+        namespaces: ['*'],
       });
     });
   });
 
@@ -7,12 +7,14 @@
 
 import { loggingSystemMock, savedObjectsRepositoryMock } from '@kbn/core/server/mocks';
 import { getCasesSystemActionData } from './case_system_action';
+import { TelemetrySavedObjectsClient } from '../telemetry_saved_objects_client';
 
 describe('casesSystemAction', () => {
   const logger = loggingSystemMock.createLogger();
 
   describe('getCasesSystemActionData', () => {
     const savedObjectsClient = savedObjectsRepositoryMock.create();
+    const telemetrySavedObjectsClient = new TelemetrySavedObjectsClient(savedObjectsClient);
 
     beforeEach(() => {
       jest.clearAllMocks();
@@ -26,7 +28,10 @@ describe('casesSystemAction', () => {
     });
 
     it('calculates the metrics correctly', async () => {
-      const res = await getCasesSystemActionData({ savedObjectsClient, logger });
+      const res = await getCasesSystemActionData({
+        savedObjectsClient: telemetrySavedObjectsClient,
+        logger,
+      });
       expect(res).toEqual({ totalCasesCreated: 4, totalRules: 2 });
     });
 
@@ -38,8 +43,49 @@ describe('casesSystemAction', () => {
         page: 1,
       });
 
-      const res = await getCasesSystemActionData({ savedObjectsClient, logger });
+      const res = await getCasesSystemActionData({
+        savedObjectsClient: telemetrySavedObjectsClient,
+        logger,
+      });
+
       expect(res).toEqual({ totalCasesCreated: 0, totalRules: 0 });
     });
+
+    it('should call find with correct arguments', async () => {
+      savedObjectsClient.find.mockResolvedValue({
+        total: 1,
+        saved_objects: [],
+        per_page: 1,
+        page: 1,
+      });
+
+      await getCasesSystemActionData({
+        savedObjectsClient: telemetrySavedObjectsClient,
+        logger,
+      });
+
+      expect(savedObjectsClient.find.mock.calls[0][0]).toMatchInlineSnapshot(`
+        Object {
+          "aggs": Object {
+            "counterSum": Object {
+              "sum": Object {
+                "field": "cases-rules.attributes.counter",
+              },
+            },
+            "totalRules": Object {
+              "cardinality": Object {
+                "field": "cases-rules.attributes.rules.id",
+              },
+            },
+          },
+          "namespaces": Array [
+            "*",
+          ],
+          "page": 1,
+          "perPage": 1,
+          "type": "cases-rules",
+        }
+      `);
+    });
   });
 });
@@ -26,6 +26,7 @@ export const getCasesSystemActionData = async ({
         cardinality: { field: `${CASE_RULES_SAVED_OBJECT}.attributes.rules.id` },
       },
     },
+    namespaces: ['*'],
   });
 
   return {