Merge branch 'master' into eql-rules

docs/api/saved-objects/create.asciidoc

@@ -13,7 +13,7 @@ experimental[] Create {kib} saved objects.
 
 `POST <kibana host>:<port>/api/saved_objects/<type>/<id>`
 
-`POST <kibana host>:<port>/s/<space_id>/api/saved_objects/<type>`
+`POST <kibana host>:<port>/s/<space_id>/saved_objects/<type>`
 
 [[saved-objects-api-create-path-params]]
 ==== Path parameters

docs/developer/getting-started/development-plugin-resources.asciidoc

@@ -33,7 +33,7 @@ To enable TypeScript support, create a `tsconfig.json` file at the root of your
 ["source","js"]
 -----------
 {
-  // extend {kib}'s tsconfig, or use your own settings
+  // extend Kibana's tsconfig, or use your own settings
   "extends": "../../kibana/tsconfig.json",
 
   // tell the TypeScript compiler where to find your source files

docs/user/alerting/action-types.asciidoc

@@ -11,10 +11,19 @@ a| <<email-action-type, Email>>
 
 | Send email from your server.
 
+a| <<resilient-action-type, IBM Resilient>>
+
+| Create an incident in IBM Resilient.
+
 a| <<index-action-type, Index>>
 
 | Index data into Elasticsearch.
 
+a| <<jira-action-type, Jira>>
+
+| Create an incident in Jira.
+
+
 a| <<pagerduty-action-type, PagerDuty>>
 
 | Send an event in PagerDuty.
@@ -53,10 +62,12 @@ before {kib} starts.
 If you preconfigure a connector, you can also <<preconfigured-action-type-example, preconfigure its action type>>.
 
 include::action-types/email.asciidoc[]
+include::action-types/resilient.asciidoc[]
 include::action-types/index.asciidoc[]
+include::action-types/jira.asciidoc[]
 include::action-types/pagerduty.asciidoc[]
 include::action-types/server-log.asciidoc[]
+include::action-types/servicenow.asciidoc[]
 include::action-types/slack.asciidoc[]
 include::action-types/webhook.asciidoc[]
 include::action-types/pre-configured-connectors.asciidoc[]
-include::action-types/servicenow.asciidoc[]

docs/user/alerting/action-types/jira.asciidoc

@@ -0,0 +1,77 @@
+[role="xpack"]
+[[jira-action-type]]
+=== Jira action
+
+The Jira action type uses the https://developer.atlassian.com/cloud/jira/platform/rest/v2/[REST API v2] to create Jira issues.
+
+[float]
+[[jira-connector-configuration]]
+==== Connector configuration
+
+Jira connectors have the following configuration properties:
+
+Name::      The name of the connector. The name is used to identify a  connector in the **Stack Management** UI connector listing, and in the connector list when configuring an action.
+URL::       Jira instance URL.
+Project key:: Jira project key.
+Email (or username)::  The account email (or username) for HTTP Basic authentication.
+API token (or password)::  Jira API authentication token (or password) for HTTP Basic authentication.
+
+[float]
+[[Preconfigured-jira-configuration]]
+==== Preconfigured action type
+
+[source,text]
+--
+ my-jira:
+   name: preconfigured-jira-action-type
+   actionTypeId: .jira
+   config:
+     apiUrl: https://elastic.atlassian.net
+     projectKey: ES
+   secrets:
+     email: testuser
+     apiToken: tokenkeystorevalue
+--
+
+`config` defines the action type specific to the configuration and contains the following properties:
+
+[cols="2*<"]
+|===
+
+| `apiUrl`
+| An address that corresponds to *URL*.
+
+| `projectKey`
+| A key that corresponds to *Project Key*.
+
+|===
+
+`secrets` defines sensitive information for the action type:
+
+[cols="2*<"]
+|===
+
+| `email`
+| A string that corresponds to *Email*.
+
+| `apiToken`
+| A string that corresponds to *API Token*. Should be stored in the <<creating-keystore, {kib} keystore>>.
+
+|===
+
+[[jira-action-configuration]]
+==== Action configuration
+
+Jira actions have the following configuration properties:
+
+Issue type::              The type of the issue.
+Priority::              The priority of the incident.
+Labels::              The labels of the incident.
+Title::    A title for the issue, used for searching the contents of the knowledge base. 
+Description::          The details about the incident.
+Additional comments::  Additional information for the client, such as how to troubleshoot the issue.
+
+[[configuring-jira]]
+==== Configuring and testing Jira
+
+Jira offers free https://www.atlassian.com/software/jira/free[Instances], which you can use to test incidents.

docs/user/alerting/action-types/pagerduty.asciidoc

@@ -36,7 +36,7 @@ This is required to encrypt parameters that must be secured, for example PagerDu
 If you have security enabled:
 
 * You must have
-application privileges to access Metrics, APM, Uptime, or SIEM.
+application privileges to access Metrics, APM, Uptime, or Security.
 * If you are using a self-managed deployment with security, you must have
 Transport Security Layer (TLS) enabled for communication <<configuring-tls-kib-es, between Elasticsearch and Kibana>>.
 Alerts uses API keys to secure background alert checks and actions,

docs/user/alerting/action-types/resilient.asciidoc

@@ -0,0 +1,76 @@
+[role="xpack"]
+[[resilient-action-type]]
+=== IBM Resilient action
+
+The IBM Resilient action type uses the https://developer.ibm.com/security/resilient/rest/[RESILIENT REST v2] to create IBM Resilient incidents.
+
+[float]
+[[resilient-connector-configuration]]
+==== Connector configuration
+
+IBM Resilient connectors have the following configuration properties:
+
+Name::      The name of the connector. The name is used to identify a  connector in the **Stack Management** UI connector listing, and in the connector list when configuring an action.
+URL::       IBM Resilient instance URL.
+Organization ID:: IBM Resilient organization ID.
+API key ID::  The authentication key ID for HTTP Basic authentication.
+API key secret::  The authentication key secret for HTTP Basic authentication.
+
+[float]
+[[Preconfigured-resilient-configuration]]
+==== Preconfigured action type
+
+[source,text]
+--
+ my-resilient:
+   name: preconfigured-resilient-action-type
+   actionTypeId: .resilient
+   config:
+     apiUrl: https://elastic.resilient.net
+     orgId: ES
+   secrets:
+     apiKeyId: testuser
+     apiKeySecret: tokenkeystorevalue
+--
+
+`config` defines the action type specific to the configuration and contains the following properties:
+
+[cols="2*<"]
+|===
+
+| `apiUrl`
+| An address that corresponds to *URL*.
+
+| `orgId`
+| An ID that corresponds to *Organization ID*.
+
+|===
+
+`secrets` defines sensitive information for the action type:
+
+[cols="2*<"]
+|===
+
+| `apiKeyId`
+| A string that corresponds to *API key ID*.
+
+| `apiKeySecret`
+| A string that corresponds to *API Key secret*. Should be stored in the <<creating-keystore, {kib} keystore>>.
+
+|===
+
+[[resilient-action-configuration]]
+==== Action configuration
+
+IBM Resilient actions have the following configuration properties:
+
+Incident types::              The incident types of the incident.
+Severity code::              The severity of the incident.
+Name::    A name for the issue, used for searching the contents of the knowledge base. 
+Description::          The details about the incident.
+Additional comments::  Additional information for the client, such as how to troubleshoot the issue.
+
+[[configuring-resilient]]
+==== Configuring and testing IBM Resilient
+
+IBM Resilient offers https://www.ibm.com/security/intelligent-orchestration/resilient[Instances], which you can use to test incidents.

docs/user/alerting/action-types/servicenow.asciidoc

@@ -10,7 +10,7 @@ The ServiceNow action type uses the https://developer.servicenow.com/app.do#!/re
 
 ServiceNow connectors have the following configuration properties:
 
-Name::      The name of the connector. The name is used to identify a  connector in the management UI connector listing, or in the connector list when configuring an action.
+Name::      The name of the connector. The name is used to identify a  connector in the **Stack Management** UI connector listing, and in the connector list when configuring an action.
 URL::       ServiceNow instance URL.
 Username::  Username for HTTP Basic authentication.
 Password::  Password for HTTP Basic authentication.
@@ -37,7 +37,7 @@ Password::  Password for HTTP Basic authentication.
 |===
 
 | `apiUrl`
-| An address that corresponds to *Sender*.
+| An address that corresponds to *URL*.
 
 |===
 
@@ -47,7 +47,7 @@ Password::  Password for HTTP Basic authentication.
 |===
 
 | `username`
-| A string that corresponds to *User*.
+| A string that corresponds to *Username*.
 
 | `password`
 | A string that corresponds to *Password*. Should be stored in the <<creating-keystore, {kib} keystore>>.
@@ -62,7 +62,7 @@ ServiceNow actions have the following configuration properties:
 Urgency::              The extent to which the incident resolution can delay.
 Severity::             The severity of the incident.
 Impact::               The effect an incident has on business. Can be measured by the number of affected users or by how critical it is to the business in question.
-Short description::    A short description of the incident, used for searching the contents of the knowledge base. 
+Short description::    A short description for the incident, used for searching the contents of the knowledge base. 
 Description::          The details about the incident.
 Additional comments::  Additional information for the client, such as how to troubleshoot the issue.
 

docs/user/alerting/alerting-getting-started.asciidoc

@@ -6,7 +6,7 @@ beta[]
 
 --
 
-Alerting allows you to detect complex conditions within different {kib} apps and trigger actions when those conditions are met. Alerting is integrated with <<xpack-apm,*APM*>>, <<xpack-infra,*Metrics*>>, <<xpack-siem,*SIEM*>>, <<xpack-uptime,*Uptime*>>, can be centrally managed from the <<management,*Management*>> UI, and provides a set of built-in <<action-types, actions>> and <<alert-types, alerts>> for you to use.
+Alerting allows you to detect complex conditions within different {kib} apps and trigger actions when those conditions are met. Alerting is integrated with <<xpack-apm,*APM*>>, <<xpack-infra,*Metrics*>>, <<xpack-siem,*Security*>>, <<xpack-uptime,*Uptime*>>, can be centrally managed from the <<management,*Management*>> UI, and provides a set of built-in <<action-types, actions>> and <<alert-types, alerts>> for you to use.
 
 image::images/alerting-overview.png[Alerts and actions UI]
 
@@ -148,7 +148,7 @@ Functionally, {kib} alerting differs in that:
 * {kib} alerts tracks and persists the state of each detected condition through *alert instances*. This makes it possible to mute and throttle individual instances, and detect changes in state such as resolution. 
 * Actions are linked to *alert instances* in {kib} alerting. Actions are fired for each occurrence of a detected condition, rather than for the entire alert. 
 
-At a higher level, {kib} alerts allow rich integrations across use cases like <<xpack-apm,*APM*>>, <<xpack-infra,*Metrics*>>, <<xpack-siem,*SIEM*>>, and <<xpack-uptime,*Uptime*>>.
+At a higher level, {kib} alerts allow rich integrations across use cases like <<xpack-apm,*APM*>>, <<xpack-infra,*Metrics*>>, <<xpack-siem,*Security*>>, and <<xpack-uptime,*Uptime*>>.
 Pre-packaged *alert types* simplify setup, hide the details complex domain-specific detections, while providing a consistent interface across {kib}.
 
 [float]
@@ -171,7 +171,7 @@ To access alerting in a space, a user must have access to one of the following f
 
 * <<xpack-apm,*APM*>>
 * <<xpack-infra,*Metrics*>>
-* <<xpack-siem,*SIEM*>>
+* <<xpack-siem,*Security*>>
 * <<xpack-uptime,*Uptime*>>
 
 See <<kibana-feature-privileges, feature privileges>> for more information on configuring roles that provide access to these features. 

docs/user/alerting/defining-alerts.asciidoc

@@ -2,7 +2,7 @@
 [[defining-alerts]]
 == Defining alerts
 
-{kib} alerts can be created in a variety of apps including <<xpack-apm,*APM*>>, <<xpack-infra,*Metrics*>>, <<xpack-siem,*SIEM*>>, <<xpack-uptime,*Uptime*>> and from <<management,*Management*>> UI. While alerting details may differ from app to app, they share a common interface for defining and configuring alerts that this section describes in more detail.
+{kib} alerts can be created in a variety of apps including <<xpack-apm,*APM*>>, <<xpack-infra,*Metrics*>>, <<xpack-siem,*Security*>>, <<xpack-uptime,*Uptime*>> and from <<management,*Management*>> UI. While alerting details may differ from app to app, they share a common interface for defining and configuring alerts that this section describes in more detail.
 
 [float]
 === Alert flyout

package.json

@@ -227,9 +227,9 @@
   "devDependencies": {
     "@babel/parser": "^7.11.2",
     "@babel/types": "^7.11.0",
-    "@elastic/apm-rum": "^5.5.0",
+    "@elastic/apm-rum": "^5.6.0",
     "@elastic/charts": "21.1.2",
-    "@elastic/ems-client": "7.9.3",
+    "@elastic/ems-client": "7.10.0",
     "@elastic/eslint-config-kibana": "0.15.0",
     "@elastic/eslint-plugin-eui": "0.0.2",
     "@elastic/filesaver": "1.1.2",

renovate.json5

@@ -53,7 +53,7 @@
       {
         groupName: 'vega related modules',
         packageNames: ['vega', 'vega-lite', 'vega-schema-url-parser', 'vega-tooltip'],
-        reviewers: ['team:elastic/kibana-app'],
+        reviewers: ['team:kibana-app'],
         labels: ['Feature:Lens', 'Team:KibanaApp'],
         enabled: true,
       },

src/core/server/capabilities/capabilities_service.mock.ts

@@ -18,6 +18,7 @@
  */
 import type { PublicMethodsOf } from '@kbn/utility-types';
 import { CapabilitiesService, CapabilitiesSetup, CapabilitiesStart } from './capabilities_service';
+import { Capabilities } from './types';
 
 const createSetupContractMock = () => {
   const setupContract: jest.Mocked<CapabilitiesSetup> = {
@@ -34,6 +35,14 @@ const createStartContractMock = () => {
   return setupContract;
 };
 
+const createCapabilitiesMock = (): Capabilities => {
+  return {
+    navLinks: {},
+    management: {},
+    catalogue: {},
+  };
+};
+
 type CapabilitiesServiceContract = PublicMethodsOf<CapabilitiesService>;
 const createMock = () => {
   const mocked: jest.Mocked<CapabilitiesServiceContract> = {
@@ -47,4 +56,5 @@ export const capabilitiesServiceMock = {
   create: createMock,
   createSetupContract: createSetupContractMock,
   createStartContract: createStartContractMock,
+  createCapabilities: createCapabilitiesMock,
 };

src/core/server/mocks.ts

@@ -54,6 +54,7 @@ export { metricsServiceMock } from './metrics/metrics_service.mock';
 export { renderingMock } from './rendering/rendering_service.mock';
 export { statusServiceMock } from './status/status_service.mock';
 export { contextServiceMock } from './context/context_service.mock';
+export { capabilitiesServiceMock } from './capabilities/capabilities_service.mock';
 
 export function pluginInitializerContextConfigMock<T>(config: T) {
   const globalConfig: SharedGlobalConfig = {

src/plugins/data/server/server.api.md

@@ -44,6 +44,7 @@ import { DeleteDocumentParams } from 'elasticsearch';
 import { DeleteScriptParams } from 'elasticsearch';
 import { DeleteTemplateParams } from 'elasticsearch';
 import { Duration } from 'moment';
+import { ElasticsearchClient as ElasticsearchClient_2 } from 'kibana/server';
 import { Ensure } from '@kbn/utility-types';
 import { EnvironmentMode } from '@kbn/config';
 import { ErrorToastOptions } from 'src/core/public/notifications';