Merge branch 'main' into fix-cypress-exc-rule-interval

.github/CODEOWNERS

@@ -608,20 +608,19 @@
 /x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions @elastic/security-solution-platform @elastic/security-detections-response-rules
 /x-pack/plugins/security_solution/server/routes @elastic/security-detections-response @elastic/security-threat-hunting
 
-
-## Security Solution sub teams - security-onboarding-and-lifecycle-mgt
-/x-pack/plugins/security_solution/public/management/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/plugins/security_solution/public/common/lib/endpoint*/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/plugins/security_solution/public/common/components/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/plugins/security_solution/common/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/plugins/security_solution/server/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/plugins/security_solution/server/lists_integration/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/plugins/security_solution/server/lib/license/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/plugins/security_solution/server/fleet_integration/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/plugins/security_solution/scripts/endpoint/event_filters/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/plugins/security_solution/scripts/endpoint/trusted_apps/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/test/security_solution_endpoint/apps/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
-/x-pack/test/security_solution_endpoint_api_int/ @elastic/security-onboarding-and-lifecycle-mgt
+## Security Solution sub teams - security-defend-workflows
+/x-pack/plugins/security_solution/public/management/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/public/common/lib/endpoint*/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/public/common/components/endpoint/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/common/endpoint/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/server/endpoint/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/server/lists_integration/endpoint/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/server/lib/license/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/server/fleet_integration/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/scripts/endpoint/event_filters/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/scripts/endpoint/trusted_apps/ @elastic/security-defend-workflows
+/x-pack/test/security_solution_endpoint/apps/endpoint/ @elastic/security-defend-workflows
+/x-pack/test/security_solution_endpoint_api_int/ @elastic/security-defend-workflows
 
 ## Security Solution sub teams - security-telemetry (Data Engineering)
 x-pack/plugins/security_solution/server/usage/ @elastic/security-data-analytics
@@ -644,11 +643,11 @@ x-pack/plugins/threat_intelligence @elastic/protections-experience
 x-pack/plugins/security_solution/public/threat_intelligence @elastic/protections-experience
 x-pack/test/threat_intelligence_cypress @elastic/protections-experience
 
-# Security Asset Management
-/x-pack/plugins/osquery @elastic/security-asset-management
-/x-pack/plugins/security_solution/common/detection_engine/rule_response_actions @elastic/security-asset-management
-/x-pack/plugins/security_solution/public/detection_engine/rule_response_actions @elastic/security-asset-management
-/x-pack/plugins/security_solution/server/lib/detection_engine/rule_response_actions @elastic/security-asset-management
+# Security Defend Workflows - OSQuery Ownership
+/x-pack/plugins/osquery @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/common/detection_engine/rule_response_actions @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/public/detection_engine/rule_response_actions @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/server/lib/detection_engine/rule_response_actions @elastic/security-defend-workflows
 
 # Cloud Security Posture
 /x-pack/plugins/cloud_security_posture/ @elastic/kibana-cloud-security-posture

.gitignore

@@ -113,3 +113,4 @@ fleet-server.yml
 /packages/kbn-package-map/package-map.json
 /packages/kbn-synthetic-package-map/
 **/.synthetics/
+**/.journeys/

docs/settings/fleet-settings.asciidoc

@@ -197,3 +197,6 @@ xpack.fleet.agentPolicies:
           - type: winlog
             enabled: false
 ----
+
+`xpack.fleet.enableExperimental`::
+List of experimental feature flag to enable in Fleet.

docs/setup/install/targz.asciidoc

@@ -50,7 +50,7 @@ endif::[]
 .macOS Gatekeeper warnings
 ====
 Apple's rollout of stricter notarization requirements affected the notarization
-of the {version} {kib} artifacts. If macOS Catalina displays a dialog when you
+of the {version} {kib} artifacts. If macOS displays a dialog when you
 first run {kib} that interrupts it, you will need to take an action to allow it
 to run.
 

src/plugins/home/public/application/components/guided_onboarding/getting_started.tsx

@@ -95,16 +95,18 @@ export const GettingStarted = () => {
     }
   }, [cloud, history]);
 
+  useEffect(() => {
+    // disable welcome screen on the home page
+    localStorage.setItem(KEY_ENABLE_WELCOME, JSON.stringify(false));
+  }, []);
+
   const onSkip = async () => {
     try {
       await guidedOnboardingService?.skipGuidedOnboarding();
     } catch (error) {
       // if the state update fails, it's safe to ignore the error
     }
-
     trackUiMetric(METRIC_TYPE.CLICK, 'guided_onboarding__skipped');
-    // disable welcome screen on the home page
-    localStorage.setItem(KEY_ENABLE_WELCOME, JSON.stringify(false));
     application.navigateToApp('home');
   };
   const { euiTheme } = useEuiTheme();

src/plugins/kibana_react/public/markdown/_markdown.scss

@@ -143,6 +143,7 @@ $kbnDefaultFontSize: 14px;
     max-width: 100%;
     box-sizing: content-box;
     border-style: none;
+    pointer-events: auto;
   }
 
   // 4. Blockquotes

test/functional/apps/home/_breadcrumbs.ts

@@ -24,23 +24,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       expect(breadcrumb).to.be('Home');
     });
 
-    it('Getting started page should render breadcrumbs', async () => {
-      const isCloud = await deployment.isCloud();
-
-      if (isCloud) {
-        await PageObjects.common.navigateToUrl('home', '/getting_started', {
-          useActualUrl: true,
-        });
-        await PageObjects.header.waitUntilLoadingHasFinished();
-
-        const firstBreadcrumb = await testSubjects.getVisibleText('breadcrumb first');
-        const lastBreadcrumb = await testSubjects.getVisibleText('breadcrumb last');
-
-        expect(firstBreadcrumb).to.be('Home');
-        expect(lastBreadcrumb).to.be('Setup guides');
-      }
-    });
-
     it('Tutorials directory page should render breadcrumbs', async () => {
       await PageObjects.common.navigateToUrl('home', '/tutorial_directory/sampleData', {
         useActualUrl: true,
@@ -68,5 +51,40 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       expect(firstBreadcrumb).to.be('Integrations');
       expect(lastBreadcrumb).to.be(tutorialId.toUpperCase());
     });
+
+    // The getting started page is only rendered on cloud, and therefore the tests are only run on cloud
+    describe('Getting started page', () => {
+      let isCloud: boolean;
+
+      before(async () => {
+        isCloud = await deployment.isCloud();
+      });
+
+      beforeEach(async () => {
+        if (isCloud) {
+          await PageObjects.common.navigateToUrl('home', '/getting_started', {
+            useActualUrl: true,
+          });
+          await PageObjects.header.waitUntilLoadingHasFinished();
+        }
+      });
+
+      it('Getting started page should render breadcrumbs', async () => {
+        if (isCloud) {
+          const firstBreadcrumb = await testSubjects.getVisibleText('breadcrumb first');
+          const lastBreadcrumb = await testSubjects.getVisibleText('breadcrumb last');
+
+          expect(firstBreadcrumb).to.be('Home');
+          expect(lastBreadcrumb).to.be('Setup guides');
+        }
+      });
+
+      it('Home page breadcrumb should navigate to home', async () => {
+        if (isCloud) {
+          await PageObjects.home.clickHomeBreadcrumb();
+          expect(await PageObjects.home.isHomePageDisplayed()).to.be(true);
+        }
+      });
+    });
   });
 }

test/functional/page_objects/home_page.ts

@@ -60,6 +60,10 @@ export class HomePageObject extends FtrService {
     return await this.testSubjects.isDisplayed('onboarding--landing-page');
   }
 
+  async isHomePageDisplayed() {
+    return await this.testSubjects.isDisplayed('homeApp');
+  }
+
   async getVisibileSolutions() {
     const solutionPanels = await this.testSubjects.findAll('~homSolutionPanel', 2000);
     const panelAttributes = await Promise.all(
@@ -212,6 +216,10 @@ export class HomePageObject extends FtrService {
     await this.testSubjects.click('homeLink');
   }
 
+  async clickHomeBreadcrumb() {
+    await this.testSubjects.click('breadcrumb first');
+  }
+
   // open global nav if it's closed
   async openCollapsibleNav() {
     if (!(await this.testSubjects.exists('collapsibleNav'))) {

x-pack/plugins/cloud_security_posture/common/constants.ts

@@ -6,7 +6,7 @@
  */
 
 export const STATUS_ROUTE_PATH = '/internal/cloud_security_posture/status';
-export const STATS_ROUTE_PATH = '/internal/cloud_security_posture/stats';
+export const STATS_ROUTE_PATH = '/internal/cloud_security_posture/stats/{policy_template}';
 export const BENCHMARKS_ROUTE_PATH = '/internal/cloud_security_posture/benchmarks';
 
 export const CLOUD_SECURITY_POSTURE_PACKAGE_NAME = 'cloud_security_posture';

x-pack/plugins/cloud_security_posture/common/types.ts

@@ -76,6 +76,7 @@ interface BaseCspSetupStatus {
   installedPackagePolicies: number;
   healthyAgents: number;
   isPluginInitialized: boolean;
+  installedPolicyTemplates: PosturePolicyTemplate[];
 }
 
 interface CspSetupNotInstalledStatus extends BaseCspSetupStatus {

x-pack/plugins/cloud_security_posture/common/utils/helpers.ts

@@ -64,7 +64,8 @@ const getInputType = (inputType: string): string => {
   // Get the last part of the input type, input type structure: cloudbeat/<benchmark_id>
   return inputType.split('/')[1];
 };
-export const getCSPKuery = `${PACKAGE_POLICY_SAVED_OBJECT_TYPE}.package.name:${CLOUD_SECURITY_POSTURE_PACKAGE_NAME}`;
+
+export const CSP_FLEET_PACKAGE_KUERY = `${PACKAGE_POLICY_SAVED_OBJECT_TYPE}.package.name:${CLOUD_SECURITY_POSTURE_PACKAGE_NAME}`;
 
 export function assert(condition: any, msg?: string): asserts condition {
   if (!condition) {

x-pack/plugins/cloud_security_posture/public/common/api/index.ts

@@ -5,4 +5,4 @@
  * 2.0.
  */
 
-export * from './use_compliance_dashboard_data_api';
+export * from './use_stats_api';

x-pack/plugins/cloud_security_posture/public/common/api/use_stats_api.ts

@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useQuery, UseQueryOptions } from '@tanstack/react-query';
+import { useKibana } from '../hooks/use_kibana';
+import { PosturePolicyTemplate, ComplianceDashboardData } from '../../../common/types';
+import { STATS_ROUTE_PATH } from '../../../common/constants';
+
+// TODO: consolidate both hooks into one hook with a dynamic key
+const getCspmStatsKey = ['csp_cspm_dashboard_stats'];
+const getKspmStatsKey = ['csp_kspm_dashboard_stats'];
+
+export const getStatsRoute = (policyTemplate: PosturePolicyTemplate) => {
+  return STATS_ROUTE_PATH.replace('{policy_template}', policyTemplate);
+};
+
+export const useCspmStatsApi = (
+  options: UseQueryOptions<unknown, unknown, ComplianceDashboardData, string[]>
+) => {
+  const { http } = useKibana().services;
+  return useQuery(
+    getCspmStatsKey,
+    // TODO: CIS AWS - remove casting and use actual policy template instead of benchmark_id
+    () => http.get<ComplianceDashboardData>(getStatsRoute('cis_aws' as PosturePolicyTemplate)),
+    options
+  );
+};
+
+export const useKspmStatsApi = (
+  options: UseQueryOptions<unknown, unknown, ComplianceDashboardData, string[]>
+) => {
+  const { http } = useKibana().services;
+  return useQuery(
+    getKspmStatsKey,
+    // TODO: CIS AWS - remove casting and use actual policy template
+    () => http.get<ComplianceDashboardData>(getStatsRoute('cis_k8s' as PosturePolicyTemplate)),
+    options
+  );
+};

x-pack/plugins/cloud_security_posture/public/common/navigation/use_navigate_to_cis_integration.ts → x-pack/plugins/cloud_security_posture/public/common/navigation/use_csp_integration_link.ts

@@ -6,19 +6,21 @@
  */
 
 import { pagePathGetters, pkgKeyFromPackageInfo } from '@kbn/fleet-plugin/public';
-import { CLOUD_SECURITY_POSTURE_PACKAGE_NAME } from '../../../common/constants';
+import type { PosturePolicyTemplate } from '../../../common/types';
 import { useCisKubernetesIntegration } from '../api/use_cis_kubernetes_integration';
 import { useKibana } from '../hooks/use_kibana';
 
-export const useCISIntegrationLink = (): string | undefined => {
+export const useCspIntegrationLink = (
+  policyTemplate: PosturePolicyTemplate
+): string | undefined => {
   const { http } = useKibana().services;
   const cisIntegration = useCisKubernetesIntegration();
 
   if (!cisIntegration.isSuccess) return;
 
   const path = pagePathGetters
     .add_integration_to_policy({
-      integration: CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
+      integration: policyTemplate,
       pkgkey: pkgKeyFromPackageInfo({
         name: cisIntegration.data.item.name,
         version: cisIntegration.data.item.version,

x-pack/plugins/cloud_security_posture/public/components/cloud_posture_page.test.tsx

@@ -24,12 +24,13 @@ import { UseQueryResult } from '@tanstack/react-query';
 import { CloudPosturePage } from './cloud_posture_page';
 import { NoDataPage } from '@kbn/kibana-react-plugin/public';
 import { useCspSetupStatusApi } from '../common/api/use_setup_status_api';
-import { useCISIntegrationLink } from '../common/navigation/use_navigate_to_cis_integration';
+import { useCspIntegrationLink } from '../common/navigation/use_csp_integration_link';
 
 const chance = new Chance();
+
 jest.mock('../common/api/use_setup_status_api');
-jest.mock('../common/navigation/use_navigate_to_cis_integration');
 jest.mock('../common/hooks/use_subscription_status');
+jest.mock('../common/navigation/use_csp_integration_link');
 
 describe('<CloudPosturePage />', () => {
   beforeEach(() => {
@@ -146,7 +147,7 @@ describe('<CloudPosturePage />', () => {
         data: { status: 'not-installed' },
       })
     );
-    (useCISIntegrationLink as jest.Mock).mockImplementation(() => chance.url());
+    (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url());
 
     const children = chance.sentence();
     renderCloudPosturePage({ children });