[SecuritySolution] Add SecuritySolution sample data

[angorayc]

Summary

• Test environment: https://p.elstc.co/paste/wPDsxkBY#4icff2HWTA784+qCm7q1p-Ct3SVF4WhiM7VdZojwjpJ

Steps to verify:
Try sample data > Security Solution data > Add data

• It should populate sample data: auditbeat, logs, and alerts
• It shouldn't affect existing auditbeat, logs or alerts data
• It should install relevant saved objects and ingest pipelines

Try sample data > Security Solution data > Remove data

• It should remove sample data

• It shouldn't affect existing auditbeat, logs or alerts data

• It should remove relevant saved objects and ingest pipelines

• Add Security Solution sample data:

• Install sample data

Uploading Screen Recording 2023-09-20 at 20.48.28.mov…

• Remove sample data

remove_sample_data.mov

• Update fields with ingest pipeline:

• Create kibana_sample_data_securitysolution_alerts index
• Add sample alert index to security solution alerts alias (and the alerts alias should not be deleted when sample data removed)

• Create kibana_sample_data_securitysolution_auditbeat index
• Add Auditbeat sample index to an alias that matches auditbeat-* pattern:

Checklist

Delete any items that are not applicable to this PR.

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios

[angorayc]

The use of the 'body' key has been deprecated, so moving the nested keys to the top level object.

node_modules/@elastic/elasticsearch/lib/api/typesWithBodyKey.d.ts line 8755

[angorayc]

The use of the 'body' key has been deprecated, so moving the nested keys to the top level object.

node_modules/@elastic/elasticsearch/lib/api/typesWithBodyKey.d.ts line 8755

[angorayc]

Before - There were chances that new indices haven't refreshed before the next listing request:

incorrect_add_data_state.mov

After:

Screen.Recording.2023-09-12.at.11.41.42.mov

[angorayc]

I've tried to run in locally, just spun up your branch in stateful mode and clicked "Add data", and toast message with "Internal error" appears (the flights sample data gets installed as usual):

Thanks for pointing this out, I messed up the dashboard references in 2c998fd#diff-c047af719d3de4f7878bbfabb1b9b22c1e56fddf51d9ca9c1fa97e48235b7704. It should work now.

[vadimkibana]

Great job 👍 !

[ferenrigue]

Reviewed!

[kertal]

I'm not sure, why @elastic/kibana-data-discovery team is assigned to review since there seems to be no code ownership here, but I just needed to test something in Security , and so I've been using this PR, and I works like expected. It's really nice to have this available with just a few clicks, thanks a lot 👍

[stephmilovic]

Resolves #124463

[stephmilovic]

@elasticmachine merge upstream

[stephmilovic]

I think we need to handle the sourcerer specially for this case. We can discuss in our meeting in 20 mins :)

[kibana-ci]

💔 Build Failed

• Buildkite Build
• Commit: 7b56e66
• Interpreting CI Failures
• Cloud Deployment

Failed CI Steps

• Check Types Commit Diff

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
home	109	110	+1

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id	before	after	diff
home	0	1	+1

Unknown metric groups

API count

id	before	after	diff
home	149	150	+1

ESLint disabled line counts

id	before	after	diff
securitySolution	454	456	+2

References to deprecated APIs

id	before	after	diff
home	71	70	-1

Total ESLint disabled count

id	before	after	diff
securitySolution	521	523	+2

History

• 💔 Build #161888 failed a1b14fd
• 💔 Build #161758 failed f169ac6
• 💚 Build #161466 succeeded 554d7b2
• 💔 Build #161317 failed d52fb4e

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @angorayc

[angorayc]

This PR will not make it in 8.11 as here are some more items to do:

1. Write an issues for onboarding sample data @paulewing
2. Confirm if we want to add Sample data view to alerts page data view @paulewing
3. Could tag sample alerts / events with a sample data tag to indicate it's a sample data @paulewing
4. Confirm with @james.spiteri if we should only install sample events and sample rules . Let it automatically generate alerts from sample events @paulewing
5. Check with @james.spiteri if we should modify any values in the sample data @paulewing
6. Investigate opening alert flyout automatically @angorayc