Skip to content

[8.14] [Security Solution] - Security solution ES|QL configurable via advanced setting (#181616)#182510

Closed
michaelolo24 wants to merge 1 commit intoelastic:8.14from
michaelolo24:backport/8.14/pr-181616
Closed

[8.14] [Security Solution] - Security solution ES|QL configurable via advanced setting (#181616)#182510
michaelolo24 wants to merge 1 commit intoelastic:8.14from
michaelolo24:backport/8.14/pr-181616

Conversation

@michaelolo24
Copy link
Copy Markdown
Contributor

@michaelolo24 michaelolo24 commented May 2, 2024

Backport

This will backport the following commits from main to 8.14:

Questions ?

Please refer to the Backport tool documentation

@michaelolo24 @vitaliidm @kibanamachine
[Security Solution] - Security solution ES|QL configurable via advanc…
924d51f 
…ed setting (elastic#181616)

## Summary

This PR links the ESQL functionality in security solution to the
`discover:enableESQL` advanced setting. The advanced setting will only
be present in ESS, but not serverless

The way this should work to maintain parity with the rest of Kibana such
as discover and stack rules:

- By default ES|QL will be enabled across all Kibana
- When the ES|QL advanced setting is disabled:
  - Timeline
    - ES|QL tab should not be accessible on any newly created timelines
- Existing Timelines with an ES|QL query should still have the tab
accessible
  - Rules
- New ES|QL rule should not be available to be created in the *Rule
Creation* workflow
    - Existing ES|QL rules should still run and be able to be edited

**Timeline Demo Video:**

https://github.com/elastic/kibana/assets/17211684/d5429be9-de37-43e2-882d-687b3371beb4

**Rules Demo Video:**

https://github.com/elastic/kibana/assets/17211684/7df2fd11-bd2b-4e50-ad97-b6e1d0f7867a

---------

Co-authored-by: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
(cherry picked from commit 963391e)
@michaelolo24 michaelolo24 added the backport This PR is a backport of another PR label May 2, 2024
@michaelolo24 michaelolo24 enabled auto-merge (squash) May 2, 2024 19:16
@michaelolo24 michaelolo24 mentioned this pull request May 2, 2024
Merged
@michaelolo24 michaelolo24 disabled auto-merge May 2, 2024 19:18
@elastic elastic deleted a comment from kibana-ci May 2, 2024
@michaelolo24 michaelolo24 deleted the backport/8.14/pr-181616 branch May 2, 2024 19:58
@kibana-ci
Copy link
Copy Markdown

kibana-ci commented May 2, 2024
edited
Loading

⏳ Build in-progress, with failures

Failed CI Steps

Test Failures

  • [job] [logs] Defend Workflows Cypress Tests on Serverless #8 / Agent Policy Settings - Complete Agent Tamper Protection is available with no upselling component present "before all" hook for "should display upselling section for protections" "before all" hook for "should display upselling section for protections"
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #8 / Response actions history page "before all" hook for "retains expanded action details on page reload" "before all" hook for "retains expanded action details on page reload"
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #12 / Response console File operations: "before all" hook for ""get-file --path" - should retrieve a file" "before all" hook for ""get-file --path" - should retrieve a file"
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #13 / Response console Host Isolation: "before all" hook for "should isolate a host from response console" "before all" hook for "should isolate a host from response console"
  • [job] [logs] Defend Workflows Cypress Tests #2 / Response console Processes operations: "before all" hook for ""processes" - should obtain a list of processes" "before all" hook for ""processes" - should obtain a list of processes"
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #14 / Response console Processes operations: "before all" hook for ""processes" - should obtain a list of processes" "before all" hook for ""processes" - should obtain a list of processes"
  • [job] [logs] Defend Workflows Cypress Tests #2 / When defining a kibana role for Endpoint security access "before all" hook for "should display RBAC entries with expected controls" "before all" hook for "should display RBAC entries with expected controls"

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@michaelolo24 @kibana-ci