Merge branch 'main' into RAM-142183-create-bulk-delete-on-rules-front

Author: kibanamachine

.github/CODEOWNERS

@@ -47,6 +47,8 @@
 /x-pack/test/functional/apps/lens @elastic/kibana-visualizations
 /x-pack/test/api_integration/apis/lens/ @elastic/kibana-visualizations
 /test/functional/apps/visualize/ @elastic/kibana-visualizations
+/src/plugins/expressions/ @elastic/kibana-visualizations
+/src/plugins/unified_search/ @elastic/kibana-visualizations
 
 # Application Services
 /examples/dashboard_embeddable_examples/ @elastic/kibana-app-services
@@ -57,10 +59,9 @@
 /examples/field_formats_example/ @elastic/kibana-app-services
 /examples/partial_results_example/ @elastic/kibana-app-services
 /examples/search_examples/ @elastic/kibana-app-services
-/src/plugins/data/ @elastic/kibana-app-services
+/src/plugins/data/ @elastic/kibana-visualizations  @elastic/kibana-data-discovery
 /src/plugins/data_views/ @elastic/kibana-app-services
 /src/plugins/embeddable/ @elastic/kibana-app-services
-/src/plugins/expressions/ @elastic/kibana-app-services
 /src/plugins/field_formats/ @elastic/kibana-app-services
 /src/plugins/data_view_editor/ @elastic/kibana-app-services
 /src/plugins/inspector/ @elastic/kibana-app-services
@@ -69,7 +70,6 @@
 /src/plugins/data_view_field_editor @elastic/kibana-app-services
 /src/plugins/data_view_management/ @elastic/kibana-app-services
 /src/plugins/inspector/ @elastic/kibana-app-services
-/src/plugins/unified_search/ @elastic/kibana-app-services
 /x-pack/plugins/embeddable_enhanced/ @elastic/kibana-app-services
 /x-pack/plugins/runtime_fields @elastic/kibana-app-services
 /src/plugins/dashboard/public/application/embeddable/viewport/print_media @elastic/kibana-app-services
@@ -937,7 +937,7 @@ packages/kbn-health-gateway-server @elastic/kibana-core
 packages/kbn-i18n @elastic/kibana-core
 packages/kbn-i18n-react @elastic/kibana-core
 packages/kbn-import-resolver @elastic/kibana-operations
-packages/kbn-interpreter @elastic/kibana-app-services
+packages/kbn-interpreter @elastic/kibana-visualizations
 packages/kbn-io-ts-utils @elastic/apm-ui
 packages/kbn-jest-serializers @elastic/kibana-operations
 packages/kbn-journeys @elastic/kibana-operations

docs/management/action-types.asciidoc

@@ -59,6 +59,10 @@ a| <<swimlane-action-type,{swimlane}>>
 
 | Create an incident in {swimlane}.
 
+a| <<tines-action-type,Tines>>
+
+| Send events to a Tines Story.
+
 a| <<webhook-action-type, {webhook}>>
 
 | Send a request to a web service.

docs/management/connectors/action-types/tines.asciidoc

@@ -0,0 +1,105 @@
+[role="xpack"]
+[[tines-action-type]]
+== Tines connector
+++++
+<titleabbrev>Tines</titleabbrev>
+++++
+
+The Tines connector uses Tines's https://www.tines.com/docs/actions/types/webhook[Webhook actions] to send events via POST request.
+
+[float]
+[[tines-connector-configuration]]
+=== Connector configuration
+
+Tines connectors have the following configuration properties.
+
+URL::        The Tines tenant URL. If you are using the <<action-settings, `xpack.actions.allowedHosts`>> setting, make sure the hostname is added to the allowed hosts.
+Email::      The email used to sign in to Tines.
+API Token::  A Tines API token created by the user. https://www.tines.com/api/authentication#generate-api-token[Docs]
+
+[role="screenshot"]
+image::../images/tines-connector.png[Tines connector]
+
+[float]
+[[Preconfigured-tines-configuration]]
+==== Preconfigured connector type
+
+[source,text]
+--
+ my-tines:
+   name: preconfigured-tines-connector-type
+   actionTypeId: .tines
+   config:
+     url: https://some-tenant-2345.tines.com
+   secrets:
+     email: some.address@test.com
+     token: ausergeneratedapitoken
+--
+
+Config defines information for the connector type.
+
+`url`:: A Tines tenant URL string that corresponds to *URL*.
+
+Secrets defines sensitive information for the connector type.
+
+`email`:: A string that corresponds to *Email*.
+`token`:: A string that corresponds to *API Token*.
+
+[float]
+[[tines-action-parameters]]
+=== Action parameters
+
+Tines action have the following parameters.
+
+Story::   The Story to send the events to.
+Webhook:: The Webhook action from the previous story that will receive the events, it is the data entry point. 
+
+Test Tines action parameters.
+
+[role="screenshot"]
+image::../images/tines-params-test.png[Tines params test]
+
+[float]
+[[tines-action-format]]
+=== Actions
+
+Once the Tines connector has been configured in an Alerting Rule.
+
+[role="screenshot"]
+image::../images/tines-alerting.png[Tines rule alert]
+
+It will send a POST request to the Tines webhook action on every action execution with at least one result.
+
+[float]
+[[webhookUrlFallback-tines-configuration]]
+==== Webhook URL fallback
+
+It is possible for the requests to the Tines API, to get the stories and webhooks for the selectors, to hit the 500 results limit; in this scenario, the webhook URL fallback text field will be displayed.
+Users can still use the selectors if the story or webhook exists in the 500 options loaded. Otherwise, users can paste the webhook URL in the test input field, it can be copied from the Tines webhook configuration. 
+
+When the webhook URL is defined, the connector will use it directly in the execution stage, and the story and webhook selectors will be disabled and ignored. To re-enable the story and webhook selectors, remove the webhook URL value.
+
+[role="screenshot"]
+image::../images/tines-webhook-url-fallback.png[Tines Webhook URL fallback]
+
+[float]
+[[tines-story-library]]
+=== Tines Story Libary
+
+In order to simplify the integration with Elastic, Tines offers a set of pre-defined Elastic stories in the Story library.
+They can be found by searching for "Elastic" in the Tines Story library:
+
+[role="screenshot"]
+image::../images/tines_elastic_stories.png[Tines Elastic stories]
+
+They can be imported directly into your Tines tenant.
+
+=== Format
+
+Tines connector will send the data in JSON format.
+
+The message contains execution specific fields, such as `alertId`, `date`, `_index`, `kibanaBaseUrl`, along with the `rule` and `params` objects. 
+
+The number of alerts (signals) can be found at `state.signals_count`.
+
+The alerts (signals) data is stored in the `context.alerts` array, following the https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html[ECS] format.

docs/management/connectors/images/tines-alerting.png

@@ -14,4 +14,5 @@ include::action-types/webhook.asciidoc[]
 include::action-types/cases-webhook.asciidoc[leveloffset=+1]
 include::action-types/opsgenie.asciidoc[]
 include::action-types/xmatters.asciidoc[]
+include::action-types/tines.asciidoc[]
 include::pre-configured-connectors.asciidoc[]

docs/management/connectors/images/tines-connector.png

@@ -131,7 +131,7 @@ A list of allowed email domains which can be used with the email connector. When
 WARNING: This feature is available in {kib} 7.17.4 and 8.3.0 onwards but is not supported in {kib} 8.0, 8.1 or 8.2. As such, this setting should be removed before upgrading from 7.17 to 8.0, 8.1 or 8.2. It is possible to configure the settings in 7.17.4 and then upgrade to 8.3.0 directly.
 
 `xpack.actions.enabledActionTypes` {ess-icon}::
-A list of action types that are enabled. It defaults to `[*]`, enabling all types. The names for built-in {kib} action types are prefixed with a `.` and include: `.email`, `.index`, `.jira`, `.opsgenie`, `.pagerduty`, `.resilient`, `.server-log`, `.servicenow`, .`servicenow-itom`, `.servicenow-sir`, `.slack`, `.swimlane`, `.teams`, `.xmatters`, and `.webhook`. An empty list `[]` will disable all action types.
+A list of action types that are enabled. It defaults to `[*]`, enabling all types. The names for built-in {kib} action types are prefixed with a `.` and include: `.email`, `.index`, `.jira`, `.opsgenie`, `.pagerduty`, `.resilient`, `.server-log`, `.servicenow`, .`servicenow-itom`, `.servicenow-sir`, `.slack`, `.swimlane`, `.teams`, `.tines`, `.xmatters`, and `.webhook`. An empty list `[]` will disable all action types.
 +
 Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in {kib} and will not function.