Merge branch 'master' into monaco-xjson

src/core/server/path/index.ts

@@ -28,7 +28,6 @@ const CONFIG_PATHS = [
   process.env.KIBANA_PATH_CONF && join(process.env.KIBANA_PATH_CONF, 'kibana.yml'),
   process.env.CONFIG_PATH, // deprecated
   fromRoot('config/kibana.yml'),
-  '/etc/kibana/kibana.yml',
 ].filter(isString);
 
 const DATA_PATHS = [

src/dev/build/tasks/os_packages/service_templates/sysv/etc/default/kibana

@@ -11,3 +11,5 @@ nice=""
 KILL_ON_STOP_TIMEOUT=0
 
 BABEL_CACHE_PATH="/var/lib/kibana/optimize/.babel_register_cache.json"
+
+KIBANA_PATH_CONF="/etc/kibana"

src/dev/build/tasks/os_packages/service_templates/sysv/etc/init.d/kibana

@@ -23,6 +23,7 @@ pidfile="/var/run/$name.pid"
 [ -r /etc/default/$name ] && . /etc/default/$name
 [ -r /etc/sysconfig/$name ] && . /etc/sysconfig/$name
 
+export KIBANA_PATH_CONF
 export NODE_OPTIONS
 
 [ -z "$nice" ] && nice=0

x-pack/plugins/siem/cypress/integration/signal_detection_rules_custom.spec.ts

@@ -41,7 +41,7 @@ import {
 import {
   createAndActivateRule,
   fillAboutRuleAndContinue,
-  fillDefineCustomRuleAndContinue,
+  fillDefineCustomRuleWithImportedQueryAndContinue,
 } from '../tasks/create_new_rule';
 import {
   goToManageSignalDetectionRules,
@@ -66,11 +66,11 @@ import { DETECTIONS } from '../urls/navigation';
 
 describe('Signal detection rules, custom', () => {
   before(() => {
-    esArchiverLoad('prebuilt_rules_loaded');
+    esArchiverLoad('custom_rule_with_timeline');
   });
 
   after(() => {
-    esArchiverUnload('prebuilt_rules_loaded');
+    esArchiverUnload('custom_rule_with_timeline');
   });
 
   it('Creates and activates a new custom rule', () => {
@@ -80,7 +80,7 @@ describe('Signal detection rules, custom', () => {
     goToManageSignalDetectionRules();
     waitForLoadElasticPrebuiltDetectionRulesTableToBeLoaded();
     goToCreateNewRule();
-    fillDefineCustomRuleAndContinue(newRule);
+    fillDefineCustomRuleWithImportedQueryAndContinue(newRule);
     fillAboutRuleAndContinue(newRule);
     createAndActivateRule();
 

x-pack/plugins/siem/cypress/objects/rule.ts

@@ -28,6 +28,7 @@ export interface CustomRule {
   falsePositivesExamples: string[];
   mitre: Mitre[];
   note: string;
+  timelineId: string;
 }
 
 export interface MachineLearningRule {
@@ -56,7 +57,7 @@ const mitre2: Mitre = {
 };
 
 export const newRule: CustomRule = {
-  customQuery: 'hosts.name: *',
+  customQuery: 'host.name: *',
   name: 'New Rule Test',
   description: 'The new rule description.',
   severity: 'High',
@@ -66,6 +67,7 @@ export const newRule: CustomRule = {
   falsePositivesExamples: ['False1', 'False2'],
   mitre: [mitre1, mitre2],
   note: '# test markdown',
+  timelineId: '352c6110-9ffb-11ea-b3d8-857d6042d9bd',
 };
 
 export const machineLearningRule: MachineLearningRule = {

x-pack/plugins/siem/cypress/screens/create_new_rule.ts

@@ -24,6 +24,9 @@ export const CUSTOM_QUERY_INPUT = '[data-test-subj="queryInput"]';
 
 export const DEFINE_CONTINUE_BUTTON = '[data-test-subj="define-continue"]';
 
+export const IMPORT_QUERY_FROM_SAVED_TIMELINE_LINK =
+  '[data-test-subj="importQueryFromSavedTimeline"]';
+
 export const INVESTIGATION_NOTES_TEXTAREA =
   '[data-test-subj="detectionEngineStepAboutRuleNote"] textarea';
 

x-pack/plugins/siem/cypress/screens/timeline.ts

@@ -21,6 +21,10 @@ export const SEARCH_OR_FILTER_CONTAINER =
 
 export const SERVER_SIDE_EVENT_COUNT = '[data-test-subj="server-side-event-count"]';
 
+export const TIMELINE = (id: string) => {
+  return `[data-test-subj="title-${id}"]`;
+};
+
 export const TIMELINE_DATA_PROVIDERS = '[data-test-subj="dataProviders"]';
 
 export const TIMELINE_DATA_PROVIDERS_EMPTY =

x-pack/plugins/siem/cypress/tasks/create_new_rule.ts

@@ -14,6 +14,7 @@ import {
   CUSTOM_QUERY_INPUT,
   DEFINE_CONTINUE_BUTTON,
   FALSE_POSITIVES_INPUT,
+  IMPORT_QUERY_FROM_SAVED_TIMELINE_LINK,
   INVESTIGATION_NOTES_TEXTAREA,
   MACHINE_LEARNING_DROPDOWN,
   MACHINE_LEARNING_LIST,
@@ -30,6 +31,7 @@ import {
   SEVERITY_DROPDOWN,
   TAGS_INPUT,
 } from '../screens/create_new_rule';
+import { TIMELINE } from '../screens/timeline';
 
 export const createAndActivateRule = () => {
   cy.get(SCHEDULE_CONTINUE_BUTTON).click({ force: true });
@@ -86,6 +88,15 @@ export const fillDefineCustomRuleAndContinue = (rule: CustomRule) => {
   cy.get(CUSTOM_QUERY_INPUT).should('not.exist');
 };
 
+export const fillDefineCustomRuleWithImportedQueryAndContinue = (rule: CustomRule) => {
+  cy.get(IMPORT_QUERY_FROM_SAVED_TIMELINE_LINK).click();
+  cy.get(TIMELINE(rule.timelineId)).click();
+  cy.get(CUSTOM_QUERY_INPUT).should('have.attr', 'value', rule.customQuery);
+  cy.get(DEFINE_CONTINUE_BUTTON).should('exist').click({ force: true });
+
+  cy.get(CUSTOM_QUERY_INPUT).should('not.exist');
+};
+
 export const fillDefineMachineLearningRuleAndContinue = (rule: MachineLearningRule) => {
   cy.get(MACHINE_LEARNING_DROPDOWN).click({ force: true });
   cy.contains(MACHINE_LEARNING_LIST, rule.machineLearningJob).click();

x-pack/plugins/siem/public/alerts/components/rules/step_define_rule/index.tsx

@@ -203,7 +203,10 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
                 config={{
                   ...schema.queryBar,
                   labelAppend: (
-                    <MyLabelButton onClick={handleOpenTimelineSearch}>
+                    <MyLabelButton
+                      data-test-subj="importQueryFromSavedTimeline"
+                      onClick={handleOpenTimelineSearch}
+                    >
                       {i18n.IMPORT_TIMELINE_QUERY}
                     </MyLabelButton>
                   ),