[Security Solution][Endpoint] Updated kibana docs to include xpack.securitySolution.maxEndpointScriptFileSize as configurable in cloud#260568
Merged
natasha-moore-elastic merged 10 commits intoelastic:mainfrom Apr 1, 2026
Conversation
…iptFileSize` as configurable in cloud
Contributor
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
Contributor
natasha-moore-elastic
left a comment
There was a problem hiding this comment.
Thanks for the updates!
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
natasha-moore-elastic
approved these changes
Apr 1, 2026
Contributor
💚 Build Succeeded
History
|
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Contributor
📝 WalkthroughWalkthroughThe PR adds documentation for a new X-Pack Kibana configuration setting ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
docs/reference/cloud/elastic-cloud-kibana-settings.md (1)
99-99:⚠️ Potential issue | 🔴 CriticalUndefined substitution key (duplicate issue).
Same
{{elastic-defend}}undefined substitution issue as flagged in the other file.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/reference/cloud/elastic-cloud-kibana-settings.md` at line 99, The docs contain an undefined substitution key "{{elastic-defend}}" used in the sentence describing script library max file size; fix by either adding the missing substitution definition for "elastic-defend" in the Sphinx/Docs substitutions file (so the token is resolved) or replace "{{elastic-defend}}" inline with the correct literal product name (e.g., "Elastic Defend" or the appropriate canonical term) so the substitution is no longer undefined.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/reference/configuration-reference/general-settings.md`:
- Line 592: Replace the undefined template key "{{elastic-defend}}" with the
correct key "{{edefend}}" wherever it appears in the docs; search for the
literal string "{{elastic-defend}}" and update each occurrence to "{{edefend}}"
so the substitution resolves (the problematic occurrences are in the project's
Markdown docs that reference general settings and cloud Kibana settings).
---
Duplicate comments:
In `@docs/reference/cloud/elastic-cloud-kibana-settings.md`:
- Line 99: The docs contain an undefined substitution key "{{elastic-defend}}"
used in the sentence describing script library max file size; fix by either
adding the missing substitution definition for "elastic-defend" in the
Sphinx/Docs substitutions file (so the token is resolved) or replace
"{{elastic-defend}}" inline with the correct literal product name (e.g.,
"Elastic Defend" or the appropriate canonical term) so the substitution is no
longer undefined.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 85145b33-b16d-41cb-9ed3-c2c8e2c0d2d3
📒 Files selected for processing (2)
docs/reference/cloud/elastic-cloud-kibana-settings.mddocs/reference/configuration-reference/general-settings.md
| : Set to `true` to disable the automatic installation of Elastic Defend SIEM rules when a new Endpoint integration policy is created. Introduced with v9.2.4. Default is `false`. | ||
|
|
||
| `xpack.securitySolution.maxEndpointScriptFileSize`  {applies_to}`stack: ga 9.4+` | ||
| : The maximum file size in bytes for scripts uploaded to the {{elastic-defend}} script library. Default is `26214400` (25MB). |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Search for the correct substitution key definition or similar usage patterns
rg -n "elastic-defend" --type=md -C2
rg -n "{{elastic" --type=md | head -20Repository: elastic/kibana
Length of output: 7916
🏁 Script executed:
#!/bin/bash
# Search for where substitution keys are defined
fd -e "json" -e "yml" -e "yaml" -e "config" | xargs rg -l "elastic-defend|ech|substitution|variables" 2>/dev/null | head -20
# Look for similar patterns in the docs with double braces
rg "\\{\\{" docs/reference/configuration-reference/general-settings.md | head -30
# Check for any reference to "defend" in the docs with different casing
rg -i "elastic.{0,5}defend" docs/ --type=md | head -20Repository: elastic/kibana
Length of output: 8030
🏁 Script executed:
#!/bin/bash
# Search for how ech is defined or any other substitution keys
rg "ech|elastic-cloud" docs/ -t md | grep -E "(define|key|substitution|{{)" | head -20
# Look for any markdown attributes or front matter that might define these
find docs -name "*.md" -exec head -50 {} + | grep -E "({{|substitution|key|variable)" | head -20Repository: elastic/kibana
Length of output: 2063
🏁 Script executed:
#!/bin/bash
# Check if there's a docs build config or variable definition file
fd -i "attribute|variable|config|glossary" -e "adoc" -e "asciidoc" -e "json" docs/ | head -20
# Look for AsciiDoc style attribute definitions
rg -n "^:[a-z].*:" docs/reference/configuration-reference/general-settings.md | head -20Repository: elastic/kibana
Length of output: 40
🏁 Script executed:
#!/bin/bash
# Look for attributes or variable definitions in the docs
find docs -type f \( -name "*.adoc" -o -name "*.md" -o -name "*.asciidoc" \) -exec grep -l "^:.*:" {} \; | head -5
# Check for any definitions that might map these keys
rg -n "elastic-defend|edefend|defend" docs/ -t md --type-add "md:include:*.md" | grep -i "define\|attr\|variable\|key" | head -20
# Look for build or docs configuration
find . -maxdepth 3 -type f \( -name ".buildkite*" -o -name "*.config*" -o -name "*docs*config*" -o -name "attributes*" \) 2>/dev/nullRepository: elastic/kibana
Length of output: 7866
🏁 Script executed:
#!/bin/bash
# Search for where these template variables are actually processed/defined
find docs -name "*.md" -exec head -100 {} + | grep -B5 -A5 "{{" | head -50
# Look specifically at the markdown processing - check if there's a config for variable substitution
rg -n "substitut|variable|attribute|{{" docs/ -t md | grep -E "define|config|map" | head -20
# Check build files for docs processing
find . -maxdepth 3 \( -name "Makefile" -o -name "*.sh" -o -name "*.yml" -o -name "*.yaml" \) -exec grep -l "docs\|build" {} \; 2>/dev/null | head -10Repository: elastic/kibana
Length of output: 3156
🏁 Script executed:
#!/bin/bash
# Let's check if there's an AsciiDoc attributes file or similar that defines these
fd -i "attribute" . --type f | head -20
# Look for recent additions of {{elastic-defend}} - check git history might show us what was intended
git log --all -S "elastic-defend" --oneline -- "*.md" 2>/dev/null | head -10
# Check if this might be in a main attributes file
find docs -name "attributes.adoc" -o -name "attributes.md" -o -name "*attributes*" | head -10Repository: elastic/kibana
Length of output: 144
🏁 Script executed:
#!/bin/bash
# Look for docs build configuration specifically
find . -path ./node_modules -prune -o -type f \( -name "*.ts" -o -name "*.js" -o -name "*.mjs" \) -print | xargs grep -l "{{.*}}" 2>/dev/null | grep -E "(docs|build)" | head -20
# Search for files that process markdown substitutions
rg "kib|elastic-cloud|ecloud" --type ts --type js -l | xargs grep -l "substitut\|replace\|template" 2>/dev/null | head -10Repository: elastic/kibana
Length of output: 2991
🏁 Script executed:
#!/bin/bash
# Check the docs utils package directly
ls -la packages/kbn-docs-utils/
# Look for any validation or processing of these template keys
cat packages/kbn-docs-utils/package.json 2>/dev/null | head -30Repository: elastic/kibana
Length of output: 873
🏁 Script executed:
#!/bin/bash
# Search for where the actual error/validation happens - build failures usually point to validation
rg "elastic-defend" . --type ts --type js 2>/dev/null | head -20
# Look at what other product shorthand keys exist to infer the pattern
rg "{{[a-z]" docs/ -o | sort | uniq | head -50Repository: elastic/kibana
Length of output: 4007
🏁 Script executed:
#!/bin/bash
# Look for all template variables used in the docs
rg "{{[a-zA-Z]" docs/ -o | sed 's/{{//;s/}}//' | sort | uniq
# Check if there's any config file in the docs build that defines these
find . -path ./node_modules -prune -o -name "*.ts" -type f -exec grep -l "kib.*elastic\|substitut.*key\|replace.*template" {} \; 2>/dev/null | head -10
# Look specifically at kbn-docs-utils to see how it processes these
ls -la packages/kbn-docs-utils/src/Repository: elastic/kibana
Length of output: 144
🏁 Script executed:
#!/bin/bash
# Check the actual docs-utils source to understand how template variables are processed
find packages/kbn-docs-utils/src -name "*.ts" | head -20
cat packages/kbn-docs-utils/src/index.tsRepository: elastic/kibana
Length of output: 2118
Replace undefined substitution key {{elastic-defend}}.
The template key {{elastic-defend}} is undefined and causes the build to fail. Based on the naming pattern used in the codebase (e.g., {{kib}}, {{es}}, {{ecloud}}), this should likely be {{edefend}}. Update this key in both locations:
docs/reference/configuration-reference/general-settings.md(line 592)docs/reference/cloud/elastic-cloud-kibana-settings.md(line 99)
🧰 Tools
🪛 GitHub Check: docs-preview / build
[failure] 592-592:
Substitution key {elastic-defend} is undefined
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@docs/reference/configuration-reference/general-settings.md` at line 592,
Replace the undefined template key "{{elastic-defend}}" with the correct key
"{{edefend}}" wherever it appears in the docs; search for the literal string
"{{elastic-defend}}" and update each occurrence to "{{edefend}}" so the
substitution resolves (the problematic occurrences are in the project's Markdown
docs that reference general settings and cloud Kibana settings).
Contributor
Author
|
Thanks @natasha-moore-elastic . can you just give the files another look - the file diff now seem to be showing the entire file as changed rather than just the edits we made. Just want to make sure its still ok |
This reverts commit 746b664.
Contributor
Sorry @paul-tavares, not sure why that happened but I've reverted the commit that did that, and the diff should be back to normal now. |
mbondyra
added a commit
to mbondyra/kibana
that referenced
this pull request
Apr 1, 2026
…heck * commit '6f040b29a5220ce12886a9731f656613e50aff06': (34 commits) [Entity Analytics] Add entity resolution UI to service flyout (elastic#260504) [Dashboard] Fix setState in embeddables (elastic#260082) [EDR Workflows] Unskip FTR tests that failed due to transient Fleet service unavailability (elastic#260519) [Observability:Streams] Fix query streams error handling test (elastic#260777) [Alerting v2] Dispatcher grouping modes, throttle strategies, and matcher autosuggestion (elastic#260249) [Dashboard] State extraction as a consistent override (elastic#259839) [Alerting v2] [Rule authoring] Fix rule name validation and error visibility in create/edit flow (elastic#260337) [Fix] re-introduce sln breadcrumbs to unified rules (elastic#260289) [Security Solution][Endpoint] Updated kibana docs to include `xpack.securitySolution.maxEndpointScriptFileSize` as configurable in cloud (elastic#260568) [Alerting v2] updated the alerting-v2-constants package with artifacts constants, fix to the runbook max characters (elastic#260342) [Automatic Import V2] Provide user tooltips (elastic#260725) [One Workflow] Deduplicate step types by base type in workflow list (elastic#260763) [Security Solution] Execution results UI: Enable the feature flag (elastic#260711) [Metrics][Discover] internal/search/esql_async returns 200 but METRICS_INFO responds with error (elastic#260746) Collapse redundant anyOf/oneOf array unions in OAS query params (elastic#260585) [Unified rules] Hide stack rules from global search (elastic#260088) [Agent Builder] Sidebar navigation updates (elastic#260728) [* As Code] Use PUT for upserts (elastic#260318) Update EUI to v114.0.0 (elastic#259497) [Entity Resolution] Add contextual-security-apps as co-owner of resolution paths (elastic#260659) ... # Conflicts: # src/platform/plugins/shared/dashboard/public/index.ts
paulinashakirova
pushed a commit
to paulinashakirova/kibana
that referenced
this pull request
Apr 2, 2026
…ecuritySolution.maxEndpointScriptFileSize` as configurable in cloud (elastic#260568) ## Summary - Adds docs that indicate `xpack.securitySolution.maxEndpointScriptFileSize` is available for configuration on cloud environments - Feature (Script Library + `runscript` response action) will be available with `v9.4.0` of the stack --------- Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Co-authored-by: natasha-moore-elastic <natasha.moore@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
xpack.securitySolution.maxEndpointScriptFileSizeis available for configuration on cloud environmentsrunscriptresponse action) will be available withv9.4.0of the stack