Merge branch 'main' into 135150/monitor-detail-flyout

Author: justinkambic

.github/relabel.yml

@@ -1,3 +1,3 @@
 issues:
   - missingLabel: needs-team
-    regex: ^(\:ml)|(Team:.*)$
+    regex: (^\:ml$)|(^Team:.+$)|(^EUI$)

.github/workflows/add-fleet-issues-to-ingest-project.yml

@@ -0,0 +1,51 @@
+name: Add Fleet issue to Platform Ingest project
+
+on:
+  issues:
+    types:
+      - labeled
+      
+env:
+  INGEST_PROJECT_ID: 'PVT_kwDOAGc3Zs4AEzn4'
+  FLEET_LABEL: 'Team:Fleet'
+  AREA_FIELD_ID: 'PVTSSF_lADOAGc3Zs4AEzn4zgEgZSo'
+  FLEET_UI_OPTION_ID: '411a7b86'
+
+jobs:
+  add_to_ingest_project:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: octokit/graphql-action@v2.x
+        id: add_to_project
+        if: ${{ github.event.label.name == env.FLEET_LABEL }}
+        with:
+          query: |
+            # Variables have to be snake cased because of https://github.com/octokit/graphql-action/issues/164
+            mutation AddToIngestProject($project_id: ID!, $content_id: ID!) {
+              addProjectV2ItemById(input: { projectId: $project_id, contentId: $content_id }) {
+                  item {
+                    id
+                  }
+                }
+              }
+          project_id: ${{ env.INGEST_PROJECT_ID }}
+          content_id: ${{ github.event.issue.node_id }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.FLEET_TECH_KIBANA_USER_TOKEN }}
+      - uses: octokit/graphql-action@v2.x
+        id: set_fleet_ui_area
+        if: github.event.label.name == env.FLEET_LABEL
+        with:
+          query: |
+            mutation updateIngestArea($item_id: ID!, $project_id: ID!, $area_field_id: ID!, $area_id: String) {
+              updateProjectV2ItemFieldValue(
+                input: { itemId: $item_id, projectId: $project_id, fieldId: $area_field_id, value: { singleSelectOptionId: $area_id } }) {
+                  clientMutationId
+                }
+              }
+          item_id: ${{ fromJSON(steps.add_to_project.outputs.data).addProjectV2ItemById.item.id }}
+          project_id: ${{ env.INGEST_PROJECT_ID }}
+          area_field_id: ${{ env.AREA_FIELD_ID }}
+          area_id: ${{ env.FLEET_UI_OPTION_ID }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.FLEET_TECH_KIBANA_USER_TOKEN }}

.github/workflows/add-to-fleet-project.yml

@@ -43,7 +43,7 @@ then view the results.
 and you'll get suggestions for agents by name, ID, platform, and policy.
 . Specify the query or pack to run:
 ** *Query*: Select a saved query or enter a new one in the text box. After you enter the query, you can expand the **Advanced** section to view or set <<osquery-map-fields,mapped ECS fields>> included in the results from the live query. Mapping ECS fields is optional.
-** *Pack*: Select from query packs that have been loaded and activated. After you select a pack, all of the queries in the pack are displayed.
+** *Pack*: Select from available query packs. After you select a pack, all of the queries in the pack are displayed.
 +
 TIP: Refer to <<osquery-prebuilt-packs,prebuilt packs>> to learn about using and managing Elastic prebuilt packs.
 +
@@ -173,13 +173,14 @@ For information about the prebuilt packs that are available, refer to <<prebuilt
 [[load-prebuilt-packs]]
 ==== Load and activate prebuilt Elastic packs
 
-. Go to *Packs*, and then click *Load Elastic prebuilt packs*.
-+
-NOTE: This option is only available if new or updated prebuilt packs are available.
+Follow these steps to load and turn on new or updated prebuilt packs:
 
-. For each pack that you want to schedule:
+. Go to *Packs*, and then click *Load Elastic prebuilt packs*.
+. For each pack that you want to activate and schedule:
 
-* Enable the option to make the pack *Active*.
+* Turn on the *Active* toggle to ensure the pack runs continuously.
++
+NOTE: You must manually run inactive packs.
 
 * Click the pack name, then *Edit*.
 

docs/osquery/images/live-query-check-results.png

@@ -1319,7 +1319,7 @@
     "callsites": "^3.1.0",
     "chance": "1.0.18",
     "chokidar": "^3.5.3",
-    "chromedriver": "^105.0.1",
+    "chromedriver": "^107.0.0",
     "clean-webpack-plugin": "^3.0.0",
     "compression-webpack-plugin": "^4.0.0",
     "copy-webpack-plugin": "^6.0.2",
@@ -1328,13 +1328,13 @@
     "cssnano": "^5.1.12",
     "cssnano-preset-default": "^5.2.12",
     "csstype": "^3.0.2",
-    "cypress": "^10.9.0",
+    "cypress": "^10.10.0",
     "cypress-axe": "^1.0.0",
     "cypress-file-upload": "^5.0.8",
     "cypress-multi-reporters": "^1.6.1",
     "cypress-pipe": "^2.0.0",
     "cypress-react-selector": "^3.0.0",
-    "cypress-real-events": "^1.7.1",
+    "cypress-real-events": "^1.7.2",
     "cypress-recurse": "^1.23.0",
     "debug": "^2.6.9",
     "delete-empty": "^2.0.0",

docs/osquery/osquery.asciidoc

@@ -8,6 +8,7 @@
 
 export { timerange } from './src/lib/timerange';
 export { apm } from './src/lib/apm';
+export { dedot } from './src/lib/utils/dedot';
 export { stackMonitoring } from './src/lib/stack_monitoring';
 export { observer } from './src/lib/agent_config';
 export { cleanWriteTargets } from './src/lib/utils/clean_write_targets';

package.json

@@ -27,4 +27,10 @@ export class ApmError extends Serializable<ApmFields> {
     );
     return [data];
   }
+
+  timestamp(value: number) {
+    const ret = super.timestamp(value);
+    this.fields['timestamp.us'] = value * 1000;
+    return ret;
+  }
 }

packages/kbn-apm-synthtrace/index.ts

@@ -88,4 +88,10 @@ export class BaseSpan extends Serializable<ApmFields> {
     });
     return this;
   }
+
+  override timestamp(timestamp: number) {
+    const ret = super.timestamp(timestamp);
+    this.fields['timestamp.us'] = timestamp * 1000;
+    return ret;
+  }
 }

packages/kbn-apm-synthtrace/src/lib/apm/apm_error.ts

@@ -20,24 +20,49 @@ export type SpanParams = {
 } & ApmFields;
 
 export class Instance extends Entity<ApmFields> {
-  transaction({
-    transactionName,
-    transactionType = 'request',
-  }: {
-    transactionName: string;
-    transactionType?: string;
-  }) {
+  transaction(
+    ...options:
+      | [{ transactionName: string; transactionType?: string }]
+      | [string]
+      | [string, string]
+  ) {
+    let transactionName: string;
+    let transactionType: string | undefined;
+    if (options.length === 2) {
+      transactionName = options[0];
+      transactionType = options[1];
+    } else if (typeof options[0] === 'string') {
+      transactionName = options[0];
+    } else {
+      transactionName = options[0].transactionName;
+      transactionType = options[0].transactionType;
+    }
+
     return new Transaction({
       ...this.fields,
       'transaction.name': transactionName,
-      'transaction.type': transactionType,
+      'transaction.type': transactionType || 'request',
     });
   }
 
-  span({ spanName, spanType, spanSubtype, ...apmFields }: SpanParams) {
+  span(...options: [string, string] | [string, string, string] | [SpanParams]) {
+    let spanName: string;
+    let spanType: string;
+    let spanSubtype: string;
+    let fields: ApmFields;
+
+    if (options.length === 3 || options.length === 2) {
+      spanName = options[0];
+      spanType = options[1];
+      spanSubtype = options[2] || 'unknown';
+      fields = {};
+    } else {
+      ({ spanName, spanType, spanSubtype = 'unknown', ...fields } = options[0]);
+    }
+
     return new Span({
       ...this.fields,
-      ...apmFields,
+      ...fields,
       'span.name': spanName,
       'span.type': spanType,
       'span.subtype': spanSubtype,