/*! Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements.
 * Licensed under the Elastic License 2.0; you may not use this file except in compliance with the Elastic License 2.0. */
(window.securitySolution_bundle_jsonpfunction=window.securitySolution_bundle_jsonpfunction||[]).push([[13],Array(127).concat([function(e,t,a){"use strict";a.d(t,"a",(function(){return s})),a.d(t,"b",(function(){return l})),a.d(t,"c",(function(){return c})),a.d(t,"e",(function(){return u})),a.d(t,"d",(function(){return d})),a.d(t,"f",(function(){return p})),a.d(t,"g",(function(){return m}));var n=a(40),i=a(42),r=a(41),o=a.n(r);const s="details",l=o.a.div.attrs((()=>({className:s}))).withConfig({displayName:"Details",componentId:"sc-1ucey7j-0"})(["margin:5px 0 5px 10px;& .euiBadge{margin:2px 0 2px 0;}& .euiFlexGroup{justify-content:center;}"]);l.displayName="Details";const c=o()(n.EuiFlexItem).withConfig({displayName:"TokensFlexItem",componentId:"sc-1ucey7j-1"})(["margin-left:3px;"]);function u(e){return Object(i.isNumber)(e)?!isFinite(e):Object(i.isEmpty)(e)}c.displayName="TokensFlexItem";const d=({eventCategory:e,eventDataset:t})=>"file"===(null==e?void 0:e.toLowerCase())||"file"===(null==t?void 0:t.toLowerCase())||"endpoint.events.file"===(null==t?void 0:t.toLowerCase()),p=e=>["process_stopped","termination_event"].includes(`${e}`.toLowerCase()),m=e=>["created","creation","deleted","deletion","file_create_event","file_delete_event","files-encrypted","load","modification","overwrite","rename"].includes(`${e}`.toLowerCase())},,,,,,,,,,,,,,,,,,,,function(e,t,a){"use strict";e.exports=function(e){return e<-2}},,,,,,,function(e,t,a){"use strict";var n=a(237);e.exports=function(e,t,a,i){var r=i?i-1:1/0,o=0;return function(i){return n(i)?(e.enter(a),s(i)):t(i)};function s(i){return n(i)&&o++<r?(e.consume(i),s):(e.exit(a),t(i))}}},,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"e",(function(){return d})),a.d(t,"c",(function(){return p}));var n=a(104),i=a.n(n),r=a(247),o=a(2),s=a.n(o),l=a(289);a.d(t,"d",(function(){return l.b})),a.d(t,"b",(function(){return l.a}));var c=a(110),u=a(1034);a.d(t,"a",(function(){return r.b}));const d=r.j,p=({sourcererScopeId:e=c.SourcererScopeName.default,data:t,children:a,...n})=>{const l=Object(u.a)(e),d=JSON.stringify(t),p=Object(o.useMemo)((()=>(Array.isArray(t)?t:[t]).map((({field:e,value:t})=>({field:l(e),value:t}))).filter((e=>!!e.field))),[d,l]);return p.length>0?s.a.createElement(r.a,i()({data:p},n),a):s.a.createElement(s.a.Fragment,null,a)}},,,,,,,,,,,,,,,,,,,function(e,t,a){"use strict";let n,i,r;a.r(t),a.d(t,"UsersType",(function(){return n})),a.d(t,"UsersTableType",(function(){return i})),a.d(t,"UsersDetailsTableType",(function(){return r})),function(e){e.page="page",e.details="details"}(n||(n={})),function(e){e.allUsers="allUsers",e.authentications="authentications",e.anomalies="anomalies",e.risk="userRisk",e.events="events"}(i||(i={})),function(e){e.authentications="authentications",e.anomalies="anomalies",e.risk="userRisk",e.events="events"}(r||(r={}))},,function(e,t,a){"use strict";a.d(t,"b",(function(){return s})),a.d(t,"a",(function(){return l}));var n=a(42),i=a(2),r=a(350),o=a(4);const s=e=>{const t=Object(n.some)({category:"kibana",field:"kibana.alert.rule.uuid"},e),a=Object(i.useMemo)((()=>t?Object(r.a)({category:"kibana",field:"kibana.alert.rule.uuid"},e):Object(r.a)({category:"signal",field:"signal.rule.id"},e)),[t,e]),o=Object(i.useMemo)((()=>Object(r.a)({category:"kibana",field:"kibana.alert.rule.name"},e)),[e]),s=Object(i.useMemo)((()=>Object(r.a)({category:"kibana",field:"kibana.alert.rule.description"},e)),[e]),l=Object(i.useMemo)((()=>Object(r.a)({category:"_id",field:"_id"},e)),[e]),c=Object(i.useMemo)((()=>Object(r.a)({category:"_index",field:"_index"},e)),[e]),u=Object(i.useMemo)((()=>Object(r.a)({category:"kibana",field:"kibana.alert.url"},e)),[e]),d=Object(i.useMemo)((()=>Object(r.a)({category:"agent",field:"agent.id"},e)),[e]),p=Object(i.useMemo)((()=>Object(r.a)({category:"host",field:"host.name"},e)),[e]),m=Object(i.useMemo)((()=>Object(r.a)({category:"user",field:"user.name"},e)),[e]),g=Object(i.useMemo)((()=>Object(r.a)({category:"base",field:"@timestamp"},e)),[e]);return Object(i.useMemo)((()=>({agentId:d,alertId:l,alertUrl:u,data:e,hostName:p,indexName:c,isAlert:t,ruleDescription:s,ruleId:a,ruleName:o,timestamp:g,userName:m})),[d,l,u,e,p,c,t,s,a,o,g,m])},l=(e,t="default")=>e.startsWith(`.internal${o.v}`)?`${o.v}-${t}`:e.startsWith(`.internal${o.P}`)?`${o.P}-${t}`:void 0},,,,,,function(e,t,a){const n=a(157);e.exports=(e,t,a)=>new n(e,a).compare(new n(t,a))},,function(e,t,a){"use strict";a.d(t,"a",(function(){return b}));var n=a(60),i=a(42),r=a(2),o=a(141),s=a(13),l=a(85),c=a(5);const u=e=>c.i18n.translate("xpack.securitySolution.searchStrategy.error",{values:{factoryQueryType:e},defaultMessage:"Failed to run search: {factoryQueryType}"});var d=a(115),p=a(102),m=a(108),g=a(303),y=a(4);const f={dsl:[],response:[]},b=({factoryQueryType:e,initialResult:t,errorMessage:a,abort:b=!1,showErrorToast:h=!0})=>{const E=Object(r.useRef)(new AbortController),v=Object(r.useRef)(i.noop),{addError:x}=Object(m.a)(),k=(e=>{const{data:t}=Object(p.j)().services,{addWarning:a}=Object(m.a)(),{startTracking:i}=Object(g.a)();return Object(r.useCallback)((({abortSignal:r,request:o})=>{const{endTracking:l}=i({name:`${y.l} searchStrategy ${e}`,spanName:"batched search"}),u=t.search.search({...o,factoryQueryType:e},{strategy:"securitySolutionSearchStrategy",abortSignal:r}).pipe(Object(n.filter)((e=>Object(s.isErrorResponse)(e)||Object(s.isCompleteResponse)(e))));return u.subscribe({next:t=>{Object(s.isErrorResponse)(t)?(a((e=>c.i18n.translate("xpack.securitySolution.searchStrategy.warning",{values:{factoryQueryType:e},defaultMessage:"An error has occurred running search: {factoryQueryType}"}))(e)),l("invalid")):l("success")},error:()=>{l(r.aborted?"aborted":"error")}}),u}),[a,t.search,e,i])})(e),{start:S,error:w,result:j,loading:O}=Object(o.c)(k);Object(r.useEffect)((()=>{!h||null==w||w instanceof l.AbortError||x(w,{title:null!=a?a:u(e)})}),[x,w,a,e,h]);const I=Object(r.useCallback)((e=>{const t=()=>{E.current=new AbortController,S({request:e,abortSignal:E.current.signal})};E.current.abort(),t(),v.current=t}),[S]);Object(r.useEffect)((()=>()=>{E.current.abort()}),[]),Object(r.useEffect)((()=>{b&&E.current.abort()}),[b]);const[T,C]=Object(r.useMemo)((()=>Object(s.isErrorResponse)(j)?[t,f]:[Object(i.omit)("rawResponse",j),Object(d.getInspectResponse)(j,f)]),[j,t]);return{loading:O,result:T,error:w,search:I,refetch:v.current,inspect:C}}},,,function(e,t,a){"use strict";a.d(t,"a",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"g",(function(){return o})),a.d(t,"e",(function(){return s})),a.d(t,"f",(function(){return l})),a.d(t,"c",(function(){return c})),a.d(t,"d",(function(){return u})),a.d(t,"h",(function(){return d}));var n=a(8);a(210);const i=e=>{if(null!=e){const t=e.trim().split(/[ \t\r\n]+/);return"sequence"===t[0]&&"where"!==t[1]}return!1},r=e=>"eql"===e,o=e=>"threshold"===e,s=e=>"query"===e||"saved_query"===e,l=e=>"threat_match"===e,c=e=>"machine_learning"===e,u=e=>"new_terms"===e,d=e=>Array.isArray(e)?e:Object(n.isEmpty)(e)?[]:[e]},function(e,t,a){"use strict";a.d(t,"B",(function(){return i})),a.d(t,"y",(function(){return r})),a.d(t,"A",(function(){return o})),a.d(t,"z",(function(){return s})),a.d(t,"x",(function(){return l})),a.d(t,"w",(function(){return c})),a.d(t,"q",(function(){return u})),a.d(t,"p",(function(){return d})),a.d(t,"u",(function(){return p})),a.d(t,"t",(function(){return m})),a.d(t,"X",(function(){return g})),a.d(t,"Z",(function(){return y})),a.d(t,"V",(function(){return f})),a.d(t,"W",(function(){return b})),a.d(t,"Y",(function(){return h})),a.d(t,"j",(function(){return E})),a.d(t,"O",(function(){return v})),a.d(t,"E",(function(){return x})),a.d(t,"F",(function(){return k})),a.d(t,"s",(function(){return S})),a.d(t,"k",(function(){return w})),a.d(t,"o",(function(){return j})),a.d(t,"gb",(function(){return O.T})),a.d(t,"m",(function(){return O.p})),a.d(t,"C",(function(){return O.u})),a.d(t,"r",(function(){return O.s})),a.d(t,"v",(function(){return O.t})),a.d(t,"n",(function(){return O.r})),a.d(t,"nb",(function(){return O.cb})),a.d(t,"db",(function(){return O.Q})),a.d(t,"mb",(function(){return O.bb})),a.d(t,"bb",(function(){return O.O})),a.d(t,"cb",(function(){return O.P})),a.d(t,"pb",(function(){return O.eb})),a.d(t,"D",(function(){return O.v})),a.d(t,"eb",(function(){return O.R})),a.d(t,"jb",(function(){return O.X})),a.d(t,"lb",(function(){return O.Z})),a.d(t,"kb",(function(){return O.Y})),a.d(t,"R",(function(){return O.H})),a.d(t,"Q",(function(){return O.F})),a.d(t,"T",(function(){return O.J})),a.d(t,"S",(function(){return O.I})),a.d(t,"P",(function(){return O.E})),a.d(t,"ab",(function(){return O.N})),a.d(t,"a",(function(){return O.c})),a.d(t,"U",(function(){return O.K})),a.d(t,"fb",(function(){return O.S})),a.d(t,"b",(function(){return O.d})),a.d(t,"i",(function(){return O.m})),a.d(t,"l",(function(){return O.o})),a.d(t,"h",(function(){return O.l})),a.d(t,"f",(function(){return O.j})),a.d(t,"g",(function(){return O.k})),a.d(t,"d",(function(){return O.h})),a.d(t,"e",(function(){return O.i})),a.d(t,"c",(function(){return O.e})),a.d(t,"ob",(function(){return O.db})),a.d(t,"ib",(function(){return O.W})),a.d(t,"hb",(function(){return O.U})),a.d(t,"G",(function(){return O.w})),a.d(t,"M",(function(){return O.C})),a.d(t,"K",(function(){return O.A})),a.d(t,"J",(function(){return O.z})),a.d(t,"L",(function(){return O.B})),a.d(t,"N",(function(){return O.D})),a.d(t,"H",(function(){return O.x})),a.d(t,"I",(function(){return O.y}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.exception.list.empty.viewer_title",{defaultMessage:"Create exceptions to this list"}),r=e=>n.i18n.translate("xpack.securitySolution.exception.list.empty.viewer_body",{values:{listName:e},defaultMessage:"There is no exception in your [{listName}]. Create rule exceptions to this list."}),o=n.i18n.translate("xpack.securitySolution.exception.list.empty.viewer_button_endpoint",{defaultMessage:"Create endpoint exception"}),s=n.i18n.translate("xpack.securitySolution.exception.list.empty.viewer_button",{defaultMessage:"Create rule exception"}),l=n.i18n.translate("xpack.securitySolution.exception.list.search_bar_button_enpoint",{defaultMessage:"Add endpoint exception to list"}),c=n.i18n.translate("xpack.securitySolution.exception.list.search_bar_button",{defaultMessage:"Add rule exception to list"}),u=(n.i18n.translate("xpack.securitySolution.exceptions.list.exceptionItemSearchErrorTitle",{defaultMessage:"Error searching"}),n.i18n.translate("xpack.securitySolution.exceptions.list.exceptionItemSearchErrorBody",{defaultMessage:"An error occurred searching for exception items. Please try again."}),n.i18n.translate("xpack.securitySolution.exceptions.list.exceptionItemsFetchError",{defaultMessage:"Unable to load exception items"})),d=n.i18n.translate("xpack.securitySolution.exceptions.list.exceptionItemsFetchErrorDescription",{defaultMessage:"There was an error loading the exception items. Contact your administrator for help."}),p=n.i18n.translate("xpack.securitySolution.exceptions.list.exception.item.card.exceptionItemDeleteSuccessTitle",{defaultMessage:"Exception deleted"}),m=e=>n.i18n.translate("xpack.securitySolution.exceptions.list.exception.item.card.exceptionItemDeleteSuccessText",{values:{itemName:e},defaultMessage:'"{itemName}" deleted successfully.'}),g=n.i18n.translate("xpack.securitySolution.exceptions.list.manage_rules_cancel",{defaultMessage:"Cancel"}),y=n.i18n.translate("xpack.securitySolution.exceptions.list.manage_rules_save",{defaultMessage:"Save"}),f=n.i18n.translate("xpack.securitySolution.exceptions.list.link_rules_header",{defaultMessage:"Link rules"}),b=n.i18n.translate("xpack.securitySolution.exceptions.list.link_rules_overflow_button_title",{defaultMessage:"Link rules"}),h=n.i18n.translate("xpack.securitySolution.exceptions.list.manage_rules_description",{defaultMessage:"Link or unlink rules to this exception list."}),E=n.i18n.translate("xpack.securitySolution.exceptionsTable.deleteExceptionList",{defaultMessage:"Delete exception list"}),v=n.i18n.translate("xpack.securitySolution.exceptionsTable.exportExceptionList",{defaultMessage:"Export exception list"}),x=n.i18n.translate("xpack.securitySolution.exceptionsTable.manageRulesError",{defaultMessage:"Manage rules error"}),k=n.i18n.translate("xpack.securitySolution.exceptionsTable.manageRulesErrorDescription",{defaultMessage:"An error occurred linking or unlinking rules"}),S=n.i18n.translate("xpack.securitySolution.exceptionsTable.exportListDescription",{defaultMessage:"An error occurred exporting a list"}),w=n.i18n.translate("xpack.securitySolution.exceptionsTable.duplicateExceptionList",{defaultMessage:"Duplicate exception list"}),j=n.i18n.translate("xpack.securitySolution.exceptionsTable.duplicateListDescription",{defaultMessage:"An error occurred duplicating a list"});a(567);var O=a(729)},,,,,function(e,t,a){"use strict";a.d(t,"W",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"c",(function(){return o})),a.d(t,"g",(function(){return s})),a.d(t,"r",(function(){return l})),a.d(t,"A",(function(){return c})),a.d(t,"B",(function(){return u})),a.d(t,"H",(function(){return d})),a.d(t,"e",(function(){return p})),a.d(t,"f",(function(){return m})),a.d(t,"i",(function(){return g})),a.d(t,"n",(function(){return y})),a.d(t,"q",(function(){return f})),a.d(t,"s",(function(){return b})),a.d(t,"t",(function(){return h})),a.d(t,"u",(function(){return E})),a.d(t,"v",(function(){return v})),a.d(t,"E",(function(){return x})),a.d(t,"k",(function(){return k})),a.d(t,"G",(function(){return S})),a.d(t,"F",(function(){return w})),a.d(t,"m",(function(){return j})),a.d(t,"l",(function(){return O})),a.d(t,"j",(function(){return I})),a.d(t,"p",(function(){return T})),a.d(t,"J",(function(){return C})),a.d(t,"o",(function(){return M})),a.d(t,"I",(function(){return F})),a.d(t,"z",(function(){return D})),a.d(t,"h",(function(){return A})),a.d(t,"w",(function(){return _})),a.d(t,"d",(function(){return N})),a.d(t,"a",(function(){return R})),a.d(t,"y",(function(){return q})),a.d(t,"x",(function(){return P})),a.d(t,"K",(function(){return L})),a.d(t,"L",(function(){return B})),a.d(t,"M",(function(){return z})),a.d(t,"D",(function(){return $})),a.d(t,"C",(function(){return V})),a.d(t,"N",(function(){return G})),a.d(t,"R",(function(){return U})),a.d(t,"P",(function(){return H})),a.d(t,"T",(function(){return W})),a.d(t,"Q",(function(){return Q})),a.d(t,"U",(function(){return Y})),a.d(t,"O",(function(){return K})),a.d(t,"S",(function(){return Z})),a.d(t,"V",(function(){return J}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.system.withResultDescription",{defaultMessage:"with result"}),r=n.i18n.translate("xpack.securitySolution.system.acceptedAConnectionViaDescription",{defaultMessage:"accepted a connection via"}),o=n.i18n.translate("xpack.securitySolution.system.attemptedLoginDescription",{defaultMessage:"attempted a login via"}),s=n.i18n.translate("xpack.securitySolution.system.disconnectedViaDescription",{defaultMessage:"disconnected via"}),l=n.i18n.translate("xpack.securitySolution.system.loggedOutDescription",{defaultMessage:"logged out via"}),c=(n.i18n.translate("xpack.securitySolution.system.usingDescription",{defaultMessage:"using"}),n.i18n.translate("xpack.securitySolution.system.processStartedDescription",{defaultMessage:"started process"})),u=n.i18n.translate("xpack.securitySolution.system.processStoppedDescription",{defaultMessage:"stopped process"}),d=n.i18n.translate("xpack.securitySolution.system.terminatedProcessDescription",{defaultMessage:"terminated process"}),p=n.i18n.translate("xpack.securitySolution.system.createdFileDescription",{defaultMessage:"created a file"}),m=n.i18n.translate("xpack.securitySolution.system.deletedFileDescription",{defaultMessage:"deleted a file"}),g=n.i18n.translate("xpack.securitySolution.rowRenderer.executedProcessDescription",{defaultMessage:"executed process"}),y=n.i18n.translate("xpack.securitySolution.rowRenderer.forkedProcessDescription",{defaultMessage:"forked process"}),f=n.i18n.translate("xpack.securitySolution.rowRenderer.loadedLibraryDescription",{defaultMessage:"loaded library"}),b=n.i18n.translate("xpack.securitySolution.rowRenderer.madeAHttpRequestViaDescription",{defaultMessage:"made a http request via"}),h=n.i18n.translate("xpack.securitySolution.rowRenderer.modifiedFileDescription",{defaultMessage:"modified a file"}),E=n.i18n.translate("xpack.securitySolution.rowRenderer.modifiedRegistryKeyDescription",{defaultMessage:"modified registry key"}),v=n.i18n.translate("xpack.securitySolution.rowRenderer.overwroteFileDescription",{defaultMessage:"overwrote a file"}),x=n.i18n.translate("xpack.securitySolution.rowRenderer.renamedFileDescription",{defaultMessage:"renamed a file"}),k=n.i18n.translate("xpack.securitySolution.system.existingProcessDescription",{defaultMessage:"is running process"}),S=n.i18n.translate("xpack.securitySolution.system.socketOpenedDescription",{defaultMessage:"opened a socket with"}),w=n.i18n.translate("xpack.securitySolution.system.socketClosedDescription",{defaultMessage:"closed a socket with"}),j=n.i18n.translate("xpack.securitySolution.system.existingUserDescription",{defaultMessage:"is an existing user"}),O=n.i18n.translate("xpack.securitySolution.system.existingSocketDescription",{defaultMessage:"is using an existing socket from"}),I=n.i18n.translate("xpack.securitySolution.system.existingPackageDescription",{defaultMessage:"is using an existing package"}),T=n.i18n.translate("xpack.securitySolution.system.invalidDescription",{defaultMessage:"attempted invalid usage of"}),C=n.i18n.translate("xpack.securitySolution.system.userChangedDescription",{defaultMessage:"user has changed"}),M=n.i18n.translate("xpack.securitySolution.system.hostDescription",{defaultMessage:"host information"}),F=n.i18n.translate("xpack.securitySolution.system.userAddedDescription",{defaultMessage:"user was added"}),D=n.i18n.translate("xpack.securitySolution.system.processErrorDescription",{defaultMessage:"encountered a process error with"}),A=n.i18n.translate("xpack.securitySolution.system.errorDescription",{defaultMessage:"encountered an error with"}),_=n.i18n.translate("xpack.securitySolution.system.packageInstalledDescription",{defaultMessage:"installed package"}),N=n.i18n.translate("xpack.securitySolution.system.packageSystemStartedDescription",{defaultMessage:"system started"}),R=n.i18n.translate("xpack.securitySolution.system.acceptedDescription",{defaultMessage:"accepted the user via"}),q=n.i18n.translate("xpack.securitySolution.system.packageUpdatedDescription",{defaultMessage:"updated package"}),P=n.i18n.translate("xpack.securitySolution.system.packageRemovedDescription",{defaultMessage:"removed package"}),L=n.i18n.translate("xpack.securitySolution.system.userRemovedDescription",{defaultMessage:"was removed"}),B=n.i18n.translate("xpack.securitySolution.system.viaDescription",{defaultMessage:"via"}),z=n.i18n.translate("xpack.securitySolution.system.viaParentProcessDescription",{defaultMessage:"via parent process"}),$=n.i18n.translate("xpack.securitySolution.rowRenderer.ransomwareWasPreventedFromeEcryptingFilesDescription",{defaultMessage:"ransomware was prevented from encrypting files"}),V=n.i18n.translate("xpack.securitySolution.rowRenderer.ransomwareWasDetectedEcryptingFilesDescription",{defaultMessage:"ransomware was detected encrypting files"}),G=n.i18n.translate("xpack.securitySolution.rowRenderer.wasDetectedCreatingAMaliciousFileDescription",{defaultMessage:"was detected creating a malicious file"}),U=n.i18n.translate("xpack.securitySolution.rowRenderer.wasPreventedFromCreatingAMaliciousFileDescription",{defaultMessage:"was prevented from creating a malicious file"}),H=n.i18n.translate("xpack.securitySolution.rowRenderer.wasDetectedModifyingAMaliciousFileDescription",{defaultMessage:"was detected modifying a malicious file"}),W=n.i18n.translate("xpack.securitySolution.rowRenderer.wasPreventedFromModifyingAMaliciousFileDescription",{defaultMessage:"was prevented from modifying a malicious file"}),Q=n.i18n.translate("xpack.securitySolution.rowRenderer.wasDetectedRenamingAMaliciousFileDescription",{defaultMessage:"was detected renaming a malicious file"}),Y=n.i18n.translate("xpack.securitySolution.rowRenderer.wasPreventedFromRenamingAMaliciousFileDescription",{defaultMessage:"was prevented from renaming a malicious file"}),K=n.i18n.translate("xpack.securitySolution.rowRenderer.wasDetectedExecutingAMaliciousProcessDescription",{defaultMessage:"was detected executing a malicious process"}),Z=n.i18n.translate("xpack.securitySolution.rowRenderer.wasPreventedFromExecutingAMaliciousProcessDescription",{defaultMessage:"was prevented from executing a malicious process"}),J=n.i18n.translate("xpack.securitySolution.system.withExitCodeDescription",{defaultMessage:"with exit code"})},,function(e,t,a){class Range{constructor(e,t){if(t=i(t),e instanceof Range)return e.loose===!!t.loose&&e.includePrerelease===!!t.includePrerelease?e:new Range(e.raw,t);if(e instanceof r)return this.raw=e.value,this.set=[[e]],this.format(),this;if(this.options=t,this.loose=!!t.loose,this.includePrerelease=!!t.includePrerelease,this.raw=e.trim().split(/\s+/).join(" "),this.set=this.raw.split("||").map((e=>this.parseRange(e.trim()))).filter((e=>e.length)),!this.set.length)throw new TypeError(`Invalid SemVer Range: ${this.raw}`);if(this.set.length>1){const e=this.set[0];if(this.set=this.set.filter((e=>!y(e[0]))),0===this.set.length)this.set=[e];else if(this.set.length>1)for(const e of this.set)if(1===e.length&&f(e[0])){this.set=[e];break}}this.format()}format(){return this.range=this.set.map((e=>e.join(" ").trim())).join("||").trim(),this.range}toString(){return this.range}parseRange(e){const t=((this.options.includePrerelease&&m)|(this.options.loose&&g))+":"+e,a=n.get(t);if(a)return a;const i=this.options.loose,s=i?l[c.HYPHENRANGELOOSE]:l[c.HYPHENRANGE];e=e.replace(s,T(this.options.includePrerelease)),o("hyphen replace",e),e=e.replace(l[c.COMPARATORTRIM],u),o("comparator trim",e),e=e.replace(l[c.TILDETRIM],d),o("tilde trim",e),e=e.replace(l[c.CARETTRIM],p),o("caret trim",e);let f=e.split(" ").map((e=>h(e,this.options))).join(" ").split(/\s+/).map((e=>I(e,this.options)));i&&(f=f.filter((e=>(o("loose invalid filter",e,this.options),!!e.match(l[c.COMPARATORLOOSE]))))),o("range list",f);const b=new Map,E=f.map((e=>new r(e,this.options)));for(const e of E){if(y(e))return[e];b.set(e.value,e)}b.size>1&&b.has("")&&b.delete("");const v=[...b.values()];return n.set(t,v),v}intersects(e,t){if(!(e instanceof Range))throw new TypeError("a Range is required");return this.set.some((a=>b(a,t)&&e.set.some((e=>b(e,t)&&a.every((a=>e.every((e=>a.intersects(e,t)))))))))}test(e){if(!e)return!1;if("string"==typeof e)try{e=new s(e,this.options)}catch(e){return!1}for(let t=0;t<this.set.length;t++)if(C(this.set[t],e,this.options))return!0;return!1}}e.exports=Range;const n=new(a(1296))({max:1e3}),i=a(451),r=a(463),o=a(325),s=a(157),{safeRe:l,t:c,comparatorTrimReplace:u,tildeTrimReplace:d,caretTrimReplace:p}=a(310),{FLAG_INCLUDE_PRERELEASE:m,FLAG_LOOSE:g}=a(326),y=e=>"<0.0.0-0"===e.value,f=e=>""===e.value,b=(e,t)=>{let a=!0;const n=e.slice();let i=n.pop();for(;a&&n.length;)a=n.every((e=>i.intersects(e,t))),i=n.pop();return a},h=(e,t)=>(o("comp",e,t),e=k(e,t),o("caret",e),e=v(e,t),o("tildes",e),e=w(e,t),o("xrange",e),e=O(e,t),o("stars",e),e),E=e=>!e||"x"===e.toLowerCase()||"*"===e,v=(e,t)=>e.trim().split(/\s+/).map((e=>x(e,t))).join(" "),x=(e,t)=>{const a=t.loose?l[c.TILDELOOSE]:l[c.TILDE];return e.replace(a,((t,a,n,i,r)=>{let s;return o("tilde",e,t,a,n,i,r),E(a)?s="":E(n)?s=`>=${a}.0.0 <${+a+1}.0.0-0`:E(i)?s=`>=${a}.${n}.0 <${a}.${+n+1}.0-0`:r?(o("replaceTilde pr",r),s=`>=${a}.${n}.${i}-${r} <${a}.${+n+1}.0-0`):s=`>=${a}.${n}.${i} <${a}.${+n+1}.0-0`,o("tilde return",s),s}))},k=(e,t)=>e.trim().split(/\s+/).map((e=>S(e,t))).join(" "),S=(e,t)=>{o("caret",e,t);const a=t.loose?l[c.CARETLOOSE]:l[c.CARET],n=t.includePrerelease?"-0":"";return e.replace(a,((t,a,i,r,s)=>{let l;return o("caret",e,t,a,i,r,s),E(a)?l="":E(i)?l=`>=${a}.0.0${n} <${+a+1}.0.0-0`:E(r)?l="0"===a?`>=${a}.${i}.0${n} <${a}.${+i+1}.0-0`:`>=${a}.${i}.0${n} <${+a+1}.0.0-0`:s?(o("replaceCaret pr",s),l="0"===a?"0"===i?`>=${a}.${i}.${r}-${s} <${a}.${i}.${+r+1}-0`:`>=${a}.${i}.${r}-${s} <${a}.${+i+1}.0-0`:`>=${a}.${i}.${r}-${s} <${+a+1}.0.0-0`):(o("no pr"),l="0"===a?"0"===i?`>=${a}.${i}.${r}${n} <${a}.${i}.${+r+1}-0`:`>=${a}.${i}.${r}${n} <${a}.${+i+1}.0-0`:`>=${a}.${i}.${r} <${+a+1}.0.0-0`),o("caret return",l),l}))},w=(e,t)=>(o("replaceXRanges",e,t),e.split(/\s+/).map((e=>j(e,t))).join(" ")),j=(e,t)=>{e=e.trim();const a=t.loose?l[c.XRANGELOOSE]:l[c.XRANGE];return e.replace(a,((a,n,i,r,s,l)=>{o("xRange",e,a,n,i,r,s,l);const c=E(i),u=c||E(r),d=u||E(s),p=d;return"="===n&&p&&(n=""),l=t.includePrerelease?"-0":"",c?a=">"===n||"<"===n?"<0.0.0-0":"*":n&&p?(u&&(r=0),s=0,">"===n?(n=">=",u?(i=+i+1,r=0,s=0):(r=+r+1,s=0)):"<="===n&&(n="<",u?i=+i+1:r=+r+1),"<"===n&&(l="-0"),a=`${n+i}.${r}.${s}${l}`):u?a=`>=${i}.0.0${l} <${+i+1}.0.0-0`:d&&(a=`>=${i}.${r}.0${l} <${i}.${+r+1}.0-0`),o("xRange return",a),a}))},O=(e,t)=>(o("replaceStars",e,t),e.trim().replace(l[c.STAR],"")),I=(e,t)=>(o("replaceGTE0",e,t),e.trim().replace(l[t.includePrerelease?c.GTE0PRE:c.GTE0],"")),T=e=>(t,a,n,i,r,o,s,l,c,u,d,p,m)=>`${a=E(n)?"":E(i)?`>=${n}.0.0${e?"-0":""}`:E(r)?`>=${n}.${i}.0${e?"-0":""}`:o?`>=${a}`:`>=${a}${e?"-0":""}`} ${l=E(c)?"":E(u)?`<${+c+1}.0.0-0`:E(d)?`<${c}.${+u+1}.0-0`:p?`<=${c}.${u}.${d}-${p}`:e?`<${c}.${u}.${+d+1}-0`:`<=${l}`}`.trim(),C=(e,t,a)=>{for(let a=0;a<e.length;a++)if(!e[a].test(t))return!1;if(t.prerelease.length&&!a.includePrerelease){for(let a=0;a<e.length;a++)if(o(e[a].semver),e[a].semver!==r.ANY&&e[a].semver.prerelease.length>0){const n=e[a].semver;if(n.major===t.major&&n.minor===t.minor&&n.patch===t.patch)return!0}return!1}return!0}},function(e,t,a){"use strict";a.d(t,"h",(function(){return ve})),a.d(t,"b",(function(){return xe})),a.d(t,"f",(function(){return ke})),a.d(t,"c",(function(){return Se})),a.d(t,"d",(function(){return we})),a.d(t,"g",(function(){return je})),a.d(t,"j",(function(){return Oe})),a.d(t,"i",(function(){return Ie})),a.d(t,"a",(function(){return Te})),a.d(t,"e",(function(){return Ce})),a.d(t,"k",(function(){return It}));var n=a(42),i=a(2),r=a.n(i),o=a(106),s=a(40),l=a(127),c=a(250),u=a(121),d=a(277),p=a(819);const m=r.a.memo((({contextId:e,eventId:t,hostName:a,hostNameSeparator:n="@",isDraggable:i,userDomain:o,userDomainField:s="user.domain",userName:c,userNameField:d="user.name",workingDirectory:m})=>null!=c||null!=o||null!=a||null!=m?r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:t,field:d,isDraggable:i,value:c,iconType:"user",fieldType:"keyword",isAggregatable:!0})),null!=o&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{"data-test-subj":"user-host-working-dir-domain-separator-text",grow:!1,component:"span"},"\\"),r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:t,field:s,isDraggable:i,value:o,fieldType:"keyword",isAggregatable:!0}))),null!=a&&null!=c&&r.a.createElement(l.c,{grow:!1,component:"span"},n),r.a.createElement(p.a,{contextId:e,eventId:t,hostName:a,isDraggable:i,workingDirectory:m})):null));m.displayName="UserHostWorkingDir";var g=a(5);const y=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.dns.askedForDescription",{defaultMessage:"asked for"}),f=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.dns.responseCodeDescription",{defaultMessage:"response code:"}),b=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.dns.viaDescription",{defaultMessage:"via"}),h=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.dns.whichResolvedToDescription",{defaultMessage:", which resolved to"}),E=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.dns.withQuestionTypeDescription",{defaultMessage:"with question type"}),v=r.a.memo((({contextId:e,dnsQuestionName:t,dnsQuestionType:a,dnsResolvedIp:n,dnsResponseCode:i,eventCode:o,hostName:c,id:p,isDraggable:g,processExecutable:v,processName:x,processPid:k,userDomain:S,userName:w,winlogEventId:j})=>r.a.createElement(r.a.Fragment,null,r.a.createElement(s.EuiFlexGroup,{alignItems:"center",justifyContent:"center",gutterSize:"none",wrap:!0},r.a.createElement(m,{contextId:e,eventId:p,hostName:c,isDraggable:g,userDomain:S,userName:w,workingDirectory:void 0}),!Object(l.e)(t)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span","data-test-subj":"asked-for",grow:!1},y),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:p,field:"dns.question.name",isDraggable:g,value:t,isAggregatable:!0,fieldType:"keyword"}))),!Object(l.e)(a)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span","data-test-subj":"with-question-type",grow:!1},E),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:p,field:"dns.question.type",isDraggable:g,value:a,isAggregatable:!0,fieldType:"keyword"}))),!Object(l.e)(n)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span","data-test-subj":"which-resolved-to",grow:!1},h),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:p,field:"dns.resolved_ip",isDraggable:g,value:n,isAggregatable:!0,fieldType:"ip"}))),!Object(l.e)(i)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span",grow:!1},"("),r.a.createElement(l.c,{component:"span","data-test-subj":"response-code",grow:!1},f),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:p,field:"dns.response_code",isDraggable:g,value:i,isAggregatable:!0,fieldType:"keyword"})),r.a.createElement(l.c,{component:"span",grow:!1},")")),r.a.createElement(l.c,{component:"span",grow:!1},b),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(d.b,{contextId:e,endgamePid:void 0,endgameProcessName:void 0,eventId:p,isDraggable:g,processPid:k,processName:x,processExecutable:v})),(!Object(l.e)(o)||!Object(l.e)(j))&&r.a.createElement(r.a.Fragment,null,Object(l.e)(o)?r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:p,iconType:"logoWindows",field:"winlog.event_id",isDraggable:g,value:j,isAggregatable:!0,fieldType:"keyword"})):r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:p,field:"event.code",isDraggable:g,value:o,isAggregatable:!0,fieldType:"number"})))))));v.displayName="DnsRequestEventDetailsLine";const x=r.a.memo((({data:e,contextId:t,isDraggable:a,timelineId:i})=>{const o=Object(n.get)("dns.question.name[0]",e),u=Object(n.get)("dns.question.type[0]",e),d=Object(n.get)("dns.resolved_ip[0]",e),p=Object(n.get)("dns.response_code[0]",e),m=Object(n.get)("event.code[0]",e),g=Object(n.get)("host.name[0]",e),y=e._id,f=Object(n.get)("process.executable[0]",e),b=Object(n.get)("process.name[0]",e),h=Object(n.get)("process.pid[0]",e),E=Object(n.get)("user.domain[0]",e),x=Object(n.get)("user.name[0]",e),k=Object(n.get)("winlog.event_id[0]",e);return r.a.createElement(l.b,null,r.a.createElement(v,{contextId:t,dnsQuestionName:o,dnsQuestionType:u,dnsResolvedIp:d,dnsResponseCode:p,eventCode:m,hostName:g,id:y,isDraggable:a,processExecutable:f,processName:b,processPid:h,userDomain:E,userName:x,winlogEventId:k}),r.a.createElement(s.EuiSpacer,{size:"s"}),r.a.createElement(c.a,{data:e,isDraggable:a,timelineId:i}))}));x.displayName="DnsRequestEventDetails";const k=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.aLoginWasAttemptedUsingExplicitCredentialsDescription",{defaultMessage:"A login was attempted using explicit credentials"}),S=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.asRequestedBySubjectDescription",{defaultMessage:"as requested by subject"}),w=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endpoint.failedToLogInDescription",{defaultMessage:"failed to log in"}),j=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endpoint.failedToLogOffDescription",{defaultMessage:"failed to log off"}),O=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.loggedOffDescription",{defaultMessage:"logged off"}),I=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.logonTypeBatchDescription",{defaultMessage:"Batch"}),T=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.logonTypeCachedInteractiveDescription",{defaultMessage:"Cached Interactive"}),C=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.logonTypeInteractiveDescription",{defaultMessage:"Interactive"}),M=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.logonTypeNetworkDescription",{defaultMessage:"Network"}),F=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.logonTypeNetworkCleartextDescription",{defaultMessage:"Network Cleartext"}),D=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.logonTypeNewCredentialsDescription",{defaultMessage:"New Credentials"}),A=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.logonTypeRemoteInteractiveDescription",{defaultMessage:"Remote Interactive"}),_=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.logonTypeServiceDescription",{defaultMessage:"Service"}),N=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.logonTypeUnlockDescription",{defaultMessage:"Unlock"}),R=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.subjectLogonIdDescription",{defaultMessage:"subject logon ID"}),q=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.successfullyLoggedInDescription",{defaultMessage:"successfully logged in"}),P=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.targetLogonIdDescription",{defaultMessage:"target logon ID"}),L=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.toDescription",{defaultMessage:"to"}),B=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.usingLogonTypeDescription",{defaultMessage:"using logon type"}),z=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.viaDescription",{defaultMessage:"via"}),$=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.endgame.withSpecialPrivilegesDescription",{defaultMessage:"With special privileges,"}),V=e=>{if(Object(l.e)(e))return"";switch(e){case 2:return C;case 3:return M;case 4:return I;case 5:return _;case 7:return N;case 8:return F;case 9:return D;case 10:return A;case 11:return T;default:return`${e}`}},G=e=>"explicit_user_logon"===e||"user_logoff"===e,U=r.a.memo((({contextId:e,endgameLogonType:t,endgameSubjectDomainName:a,endgameSubjectLogonId:n,endgameSubjectUserName:i,endgameTargetDomainName:o,endgameTargetLogonId:c,endgameTargetUserName:p,eventAction:g,eventCode:y,eventOutcome:f,hostName:b,id:h,isDraggable:E,processExecutable:v,processName:x,processPid:I,userDomain:T,userName:C,winlogEventId:M})=>{const F=G(g)?o:T,D=(({eventAction:e,eventOutcome:t})=>{switch(e){case"explicit_user_logon":return"";case"log_off":case"user_logoff":return"failure"===(null==t?void 0:t.toLowerCase())?j:O;default:return"failure"===(null==t?void 0:t.toLowerCase())?w:q}})({eventAction:g,eventOutcome:f}),A=(e=>"explicit_user_logon"===e?L:"@")(g),_=G(g)?p:C,N=(e=>G(e)?"endgame.target_domain_name":"user.domain")(g),U=(e=>G(e)?"endgame.target_user_name":"user.name")(g);return r.a.createElement(r.a.Fragment,null,r.a.createElement(s.EuiFlexGroup,{alignItems:"center",justifyContent:"center",gutterSize:"none",wrap:!0},"admin_logon"===g&&r.a.createElement(l.c,{component:"span","data-test-subj":"with-special-privileges",grow:!1},$),"explicit_user_logon"===g&&r.a.createElement(l.c,{component:"span","data-test-subj":"a-login-was-attempted",grow:!1},k),r.a.createElement(m,{contextId:e,eventId:h,hostName:b,hostNameSeparator:A,isDraggable:E,userDomain:F,userDomainField:N,userName:_,userNameField:U,workingDirectory:void 0}),r.a.createElement(l.c,{component:"span","data-test-subj":"event-details",grow:!1},D),!Object(l.e)(t)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span","data-test-subj":"using-logon-type",grow:!1},B),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:h,field:"endgame.logon_type",isDraggable:E,queryValue:String(t),value:`${t} - ${V(t)}`,isAggregatable:!0,fieldType:"keyword"}))),!Object(l.e)(c)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span",grow:!1},"("),r.a.createElement(l.c,{component:"span","data-test-subj":"using-logon-type",grow:!1},P),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:h,field:"endgame.target_logon_id",isDraggable:E,value:c,isAggregatable:!0,fieldType:"keyword"})),r.a.createElement(l.c,{component:"span",grow:!1},")")),r.a.createElement(l.c,{component:"span",grow:!1},z),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(d.b,{contextId:e,endgamePid:void 0,endgameProcessName:void 0,eventId:h,isDraggable:E,processPid:I,processName:x,processExecutable:v})),!Object(l.e)(i)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span","data-test-subj":"as-requested-by-subject",grow:!1},S),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:h,field:"endgame.subject_user_name",isDraggable:E,iconType:"user",value:i,isAggregatable:!0,fieldType:"keyword"}))),null!=a&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span","data-test-subj":"subject-domain-name-domain-separator-text",grow:!1},"\\"),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:h,field:"endgame.subject_domain_name",isDraggable:E,value:a,isAggregatable:!0,fieldType:"keyword"}))),!Object(l.e)(n)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span",grow:!1},"("),r.a.createElement(l.c,{component:"span","data-test-subj":"subject-login-id",grow:!1},R),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:h,field:"endgame.subject_logon_id",isDraggable:E,value:n,isAggregatable:!0,fieldType:"keyword"})),r.a.createElement(l.c,{component:"span",grow:!1},")")),(!Object(l.e)(y)||!Object(l.e)(M))&&r.a.createElement(r.a.Fragment,null,Object(l.e)(y)?r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:h,iconType:"logoWindows",field:"winlog.event_id",value:M,isAggregatable:!0,fieldType:"keyword"})):r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:h,field:"event.code",value:y,isAggregatable:!0,fieldType:"keyword"})))))}));U.displayName="EndgameSecurityEventDetailsLine";const H=r.a.memo((({data:e,contextId:t,isDraggable:a,timelineId:i})=>{const o=Object(n.get)("endgame.logon_type[0]",e),u=Object(n.get)("endgame.subject_domain_name[0]",e),d=Object(n.get)("endgame.subject_logon_id[0]",e),p=Object(n.get)("endgame.subject_user_name[0]",e),m=Object(n.get)("endgame.target_logon_id[0]",e),g=Object(n.get)("endgame.target_domain_name[0]",e),y=Object(n.get)("endgame.target_user_name[0]",e),f=Object(n.get)("event.action[0]",e),b=Object(n.get)("event.code[0]",e),h=Object(n.get)("event.outcome[0]",e),E=Object(n.get)("host.name[0]",e),v=e._id,x=Object(n.get)("process.executable[0]",e),k=Object(n.get)("process.name[0]",e),S=Object(n.get)("process.pid[0]",e),w=Object(n.get)("user.domain[0]",e),j=Object(n.get)("user.name[0]",e),O=Object(n.get)("winlog.event_id[0]",e);return r.a.createElement(l.b,null,r.a.createElement(U,{contextId:t,endgameLogonType:o,endgameSubjectDomainName:u,endgameSubjectLogonId:d,endgameSubjectUserName:p,endgameTargetDomainName:g,endgameTargetLogonId:m,endgameTargetUserName:y,eventAction:f,eventCode:b,eventOutcome:h,hostName:E,id:v,isDraggable:a,processExecutable:x,processName:k,processPid:S,userDomain:w,userName:j,winlogEventId:O}),r.a.createElement(s.EuiSpacer,{size:"s"}),r.a.createElement(c.a,{data:e,timelineId:i}))}));H.displayName="EndgameSecurityEventDetails";const W=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.registry.viaDescription",{defaultMessage:"via"}),Q=g.i18n.translate("xpack.securitySolution.timeline.body.renderers.registry.withNewValueDescription",{defaultMessage:"with new value"}),Y=({contextId:e,hostName:t,id:a,isDraggable:n,processName:o,processPid:c,registryKey:p,registryPath:g,text:y,userDomain:f,userName:b})=>{const h=Object(i.useMemo)((()=>r.a.createElement(r.a.Fragment,null,r.a.createElement("div",null,"registry.key"),r.a.createElement("div",null,p))),[p]),E=Object(i.useMemo)((()=>r.a.createElement(r.a.Fragment,null,r.a.createElement("div",null,"registry.path"),r.a.createElement("div",null,g))),[g]);return Object(l.e)(p)?null:r.a.createElement(r.a.Fragment,null,r.a.createElement(s.EuiFlexGroup,{alignItems:"center",justifyContent:"center",gutterSize:"none",wrap:!0},r.a.createElement(m,{contextId:e,eventId:a,hostName:t,isDraggable:n,userDomain:f,userName:b,workingDirectory:void 0}),!Object(l.e)(p)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span","data-test-subj":"text",grow:!1},y),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:a,field:"registry.key",isDraggable:n,tooltipContent:h,value:p,isAggregatable:!0,fieldType:"keyword"}))),!Object(l.e)(g)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{component:"span","data-test-subj":"with-new-value",grow:!1},Q),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(u.c,{contextId:e,eventId:a,field:"registry.path",isDraggable:n,tooltipContent:E,value:g,isAggregatable:!0,fieldType:"keyword"}))),r.a.createElement(l.c,{component:"span",grow:!1},W),r.a.createElement(l.c,{component:"span",grow:!1},r.a.createElement(d.b,{contextId:e,endgamePid:void 0,endgameProcessName:void 0,eventId:a,isDraggable:n,processPid:c,processName:o,processExecutable:void 0}))))},K=r.a.memo(Y),Z=({contextId:e,data:t,isDraggable:a,text:i})=>{const o=Object(n.get)("host.name[0]",t),s=t._id,c=Object(n.get)("process.name[0]",t),u=Object(n.get)("process.pid[0]",t),d=Object(n.get)("registry.key[0]",t),p=Object(n.get)("registry.path[0]",t),m=Object(n.get)("user.domain[0]",t),g=Object(n.get)("user.name[0]",t);return Object(l.e)(d)?null:r.a.createElement(l.b,null,r.a.createElement(K,{contextId:e,hostName:o,id:s,isDraggable:a,processName:c,processPid:u,registryKey:d,registryPath:p,text:i,userDomain:m,userName:g}))};Z.displayName="RegistryEventDetailsComponent";const J=r.a.memo(Z);var X=a(275),ee=a(331),te=a(203);const ae=r.a.memo((({contextId:e,eventId:t,isDraggable:a,packageName:n,packageSummary:i,packageVersion:o})=>null!=n||null!=i||null!=o?r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:t,field:"system.audit.package.name",isDraggable:a,value:n,iconType:"document",isAggregatable:!0,fieldType:"keyword"})),r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:t,field:"system.audit.package.version",isDraggable:a,value:o,iconType:"document",isAggregatable:!0,fieldType:"keyword"})),r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:t,field:"system.audit.package.summary",isDraggable:a,value:i,isAggregatable:!0,fieldType:"keyword"}))):null));ae.displayName="Package";const ne=r.a.memo((({contextId:e,eventId:t,isDraggable:a,sshSignature:n,sshMethod:i})=>r.a.createElement(r.a.Fragment,null,null!=n&&r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:t,field:"system.audit.package.name",isDraggable:a,value:n,iconType:"document",isAggregatable:!0,fieldType:"keyword"})),null!=i&&r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:t,field:"system.audit.package.version",isDraggable:a,value:i,iconType:"document",isAggregatable:!0,fieldType:"keyword"})))));ne.displayName="AuthSsh";var ie=a(168);const re=r.a.memo((({contextId:e,hostName:t,id:a,isDraggable:n,message:i,outcome:o,packageName:c,packageSummary:p,packageVersion:g,processPid:y,processName:f,processExecutable:b,sshSignature:h,sshMethod:E,text:v,userDomain:x,userName:k,workingDirectory:S})=>r.a.createElement(r.a.Fragment,null,r.a.createElement(s.EuiFlexGroup,{alignItems:"center",justifyContent:"center",gutterSize:"none",wrap:!0},r.a.createElement(m,{contextId:e,eventId:a,hostName:t,isDraggable:n,userDomain:x,userName:k,workingDirectory:S}),r.a.createElement(l.c,{grow:!1,component:"span"},v),r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(d.a,{contextId:e,endgamePid:void 0,endgameProcessName:void 0,eventId:a,isDraggable:n,processPid:y,processName:f,processExecutable:b})),null!=o&&r.a.createElement(l.c,{grow:!1,component:"span"},te.W),r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:a,field:"event.outcome",isDraggable:n,queryValue:o,value:o,isAggregatable:!0,fieldType:"keyword"})),r.a.createElement(ne,{contextId:e,eventId:a,isDraggable:n,sshSignature:h,sshMethod:E}),r.a.createElement(ae,{contextId:e,eventId:a,isDraggable:n,packageName:c,packageSummary:p,packageVersion:g})),null!=i&&r.a.createElement(r.a.Fragment,null,r.a.createElement(s.EuiSpacer,{size:"xs"}),r.a.createElement(s.EuiFlexGroup,{justifyContent:"center",gutterSize:"none",wrap:!0},r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(ie.b,{iconType:"editorComment",color:"hollow",title:""},r.a.createElement(ee.a,{value:i}))))))));re.displayName="SystemGenericLine";const oe=r.a.memo((({contextId:e,data:t,isDraggable:a,text:i,timelineId:o})=>{const u=t._id,d=null!=t.message?t.message[0]:null,p=Object(n.get)("host.name[0]",t),m=Object(n.get)("user.domain[0]",t),g=Object(n.get)("user.name[0]",t),y=Object(n.get)("event.outcome[0]",t),f=Object(n.get)("system.audit.package.name[0]",t),b=Object(n.get)("system.audit.package.summary[0]",t),h=Object(n.get)("system.audit.package.version[0]",t),E=Object(n.get)("process.pid[0]",t),v=Object(n.get)("process.name[0]",t),x=Object(n.get)("process.executable[0]",t),k=Object(n.get)("system.auth.ssh.signature[0]",t),S=Object(n.get)("system.auth.ssh.method[0]",t),w=Object(n.get)("process.working_directory[0]",t);return r.a.createElement(l.b,null,r.a.createElement(re,{contextId:e,hostName:p,id:u,isDraggable:a,message:d,outcome:y,packageName:f,packageSummary:b,packageVersion:h,processExecutable:x,processPid:E,processName:v,sshMethod:S,sshSignature:k,text:i,userDomain:m,userName:g,workingDirectory:w}),r.a.createElement(s.EuiSpacer,{size:"s"}),r.a.createElement(c.a,{data:t,isDraggable:a,timelineId:o}))}));oe.displayName="SystemGenericDetails";var se=a(572);const le=r.a.memo((({contextId:e,endgameExitCode:t,eventId:a,isDraggable:n,processExitCode:i,text:o})=>Object(l.e)(i)&&Object(l.e)(t)?null:r.a.createElement(r.a.Fragment,null,!Object(l.e)(o)&&r.a.createElement(l.c,{"data-test-subj":"exit-code-draggable-text",grow:!1,component:"span"},o),!Object(l.e)(i)&&r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:a,field:"process.exit_code",isDraggable:n,value:`${i}`,fieldType:"number",isAggregatable:!0})),!Object(l.e)(t)&&r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:a,field:"endgame.exit_code",isDraggable:n,value:t,fieldType:"number",isAggregatable:!0})))));le.displayName="ExitCodeDraggable";var ce=a(392);const ue=r.a.memo((({contextId:e,endgameFileName:t,endgameFilePath:a,eventId:n,fileExtOriginalPath:i,fileName:o,filePath:s,isDraggable:c})=>{if(Object(l.e)(o)&&Object(l.e)(t)&&Object(l.e)(s)&&Object(l.e)(a))return null;const d=!Object(l.e)(s)||!Object(l.e)(a);return r.a.createElement(r.a.Fragment,null,Object(l.e)(o)?Object(l.e)(t)?null:r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:n,field:"endgame.file_name",isDraggable:c,value:t,iconType:"document",isAggregatable:!0,fieldType:"keyword"})):r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:n,field:"file.name",isDraggable:c,value:o,iconType:"document",isAggregatable:!0,fieldType:"keyword"})),d&&r.a.createElement(l.c,{"data-test-subj":"in",grow:!1,component:"span"},ce.e),Object(l.e)(s)?Object(l.e)(a)?null:r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:n,field:"endgame.file_path",isDraggable:c,value:a,iconType:"document",isAggregatable:!0,fieldType:"keyword"})):r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:n,field:"file.path",isDraggable:c,value:s,iconType:"document",isAggregatable:!0,fieldType:"keyword"})),!Object(l.e)(i)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.c,{grow:!1,component:"span"},ce.d),r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:n,field:"file.Ext.original.path",isDraggable:c,value:i,iconType:"document",isAggregatable:!0,fieldType:"keyword"}))))}));ue.displayName="FileDraggable";var de=a(41),pe=a.n(de);const me=pe()(s.EuiFlexGroup).withConfig({displayName:"HashFlexGroup",componentId:"sc-ezi1kd-0"})(["margin:",";"],(({theme:e})=>e.eui.euiSizeXS)),ge=r.a.memo((({contextId:e,eventId:t,fileHashSha256:a,isDraggable:n})=>Object(l.e)(a)?null:r.a.createElement(me,{alignItems:"center",direction:"column",gutterSize:"none"},r.a.createElement(l.c,{grow:!1,component:"div"},r.a.createElement(u.c,{contextId:e,eventId:t,field:"file.hash.sha256",isDraggable:n,iconType:"number",value:a,isAggregatable:!0,fieldType:"keyword"})))));ge.displayName="FileHash";const ye=r.a.memo((({contextId:e,endgameParentProcessName:t,eventId:a,isDraggable:n,processParentName:i,processParentPid:o,processPpid:s,text:c})=>Object(l.e)(i)&&Object(l.e)(t)?null:r.a.createElement(r.a.Fragment,null,!Object(l.e)(c)&&r.a.createElement(l.c,{"data-test-subj":"parent-process-draggable-text",grow:!1,component:"span"},c),!Object(l.e)(i)&&r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:a,field:"process.parent.name",isDraggable:n,value:i,fieldType:"keyword",isAggregatable:!0})),!Object(l.e)(t)&&r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:a,field:"endgame.parent_process_name",isDraggable:n,value:t,fieldType:"keyword",isAggregatable:!0})),!Object(l.e)(o)&&r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:a,field:"process.parent.pid",isDraggable:n,queryValue:String(o),value:`(${String(o)})`,fieldType:"keyword",isAggregatable:!0})),!Object(l.e)(s)&&r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:e,eventId:a,field:"process.ppid",isDraggable:n,queryValue:String(s),value:`(${String(s)})`,fieldType:"keyword",isAggregatable:!0})))));ye.displayName="ParentProcessDraggable";const fe=pe()(s.EuiFlexGroup).withConfig({displayName:"HashFlexGroup",componentId:"sc-joyfnh-0"})(["margin:",";"],(({theme:e})=>e.eui.euiSizeXS)),be=r.a.memo((({contextId:e,eventId:t,isDraggable:a,processHashSha256:n})=>Object(l.e)(n)?null:r.a.createElement(fe,{alignItems:"center",direction:"column",gutterSize:"none"},r.a.createElement(l.c,{grow:!1,component:"div"},r.a.createElement(u.c,{contextId:e,eventId:t,field:"process.hash.sha256",iconType:"number",isDraggable:a,value:n,fieldType:"keyword",isAggregatable:!0})))));be.displayName="ProcessHash";const he=r.a.memo((({args:e,contextId:t,endgameExitCode:a,endgameFileName:n,endgameFilePath:i,endgameParentProcessName:o,endgamePid:c,endgameProcessName:p,eventAction:g,fileExtOriginalPath:y,fileHashSha256:f,fileName:b,filePath:h,hostName:E,id:v,isDraggable:x,message:k,outcome:S,packageName:w,processParentName:j,processParentPid:O,processExitCode:I,packageSummary:T,packageVersion:C,processExecutable:M,processHashSha256:F,processName:D,processPid:A,processPpid:_,processTitle:N,showMessage:R,skipRedundantFileDetails:q=!1,skipRedundantProcessDetails:P=!1,sshSignature:L,sshMethod:B,text:z,userDomain:$,userName:V,workingDirectory:G})=>r.a.createElement(r.a.Fragment,null,r.a.createElement(s.EuiFlexGroup,{alignItems:"center",justifyContent:"center",gutterSize:"none",wrap:!0},r.a.createElement(m,{eventId:v,contextId:t,isDraggable:x,userDomain:$,userName:V,workingDirectory:G,hostName:E}),r.a.createElement(l.c,{grow:!1,component:"span"},z),!q&&r.a.createElement(ue,{contextId:t,endgameFileName:n,endgameFilePath:i,eventId:v,fileExtOriginalPath:y,fileName:b,filePath:h,isDraggable:x}),Object(l.g)(g)&&r.a.createElement(l.c,{"data-test-subj":"via",grow:!1,component:"span"},te.L),r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(d.b,{contextId:t,endgamePid:c,endgameProcessName:p,eventId:v,isDraggable:x,processPid:A,processName:D,processExecutable:M})),r.a.createElement(se.a,{args:e,contextId:t,eventId:v,processTitle:N,isDraggable:x}),r.a.createElement(le,{contextId:t,endgameExitCode:a,eventId:v,isDraggable:x,processExitCode:I,text:te.V}),!Object(l.f)(g)&&r.a.createElement(ye,{contextId:t,endgameParentProcessName:o,eventId:v,isDraggable:x,processParentName:j,processParentPid:O,processPpid:_,text:te.M}),null!=S&&r.a.createElement(l.c,{grow:!1,component:"span"},te.W),r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(u.c,{contextId:t,eventId:v,field:"event.outcome",isDraggable:x,queryValue:S,value:S,isAggregatable:!0,fieldType:"keyword"})),r.a.createElement(ne,{contextId:t,eventId:v,isDraggable:x,sshSignature:L,sshMethod:B}),r.a.createElement(ae,{contextId:t,eventId:v,isDraggable:x,packageName:w,packageSummary:T,packageVersion:C})),!q&&r.a.createElement(ge,{contextId:t,eventId:v,fileHashSha256:f,isDraggable:x}),!P&&r.a.createElement(be,{contextId:t,eventId:v,isDraggable:x,processHashSha256:F}),null!=k&&R&&r.a.createElement(r.a.Fragment,null,r.a.createElement(s.EuiSpacer,{size:"xs"}),r.a.createElement(s.EuiFlexGroup,{justifyContent:"center",gutterSize:"none",wrap:!0},r.a.createElement(l.c,{grow:!1,component:"span"},r.a.createElement(ie.b,{iconType:"editorComment",color:"hollow",title:""},r.a.createElement(ee.a,{value:k}))))))));he.displayName="SystemGenericFileLine";const Ee=r.a.memo((({contextId:e,data:t,isDraggable:a,showMessage:i=!0,skipRedundantFileDetails:o=!1,skipRedundantProcessDetails:u=!1,text:d,timelineId:p})=>{const m=t._id,g=null!=t.message?t.message[0]:null,y=Object(n.get)("host.name[0]",t),f=Object(n.get)("endgame.exit_code[0]",t),b=Object(n.get)("endgame.file_name[0]",t),h=Object(n.get)("endgame.file_path[0]",t),E=Object(n.get)("endgame.parent_process_name[0]",t),v=Object(n.get)("endgame.pid[0]",t),x=Object(n.get)("endgame.process_name[0]",t),k=Object(n.get)("event.action[0]",t),S=Object(n.get)("file.Ext.original.path[0]",t),w=Object(n.get)("file.hash.sha256[0]",t),j=Object(n.get)("file.name[0]",t),O=Object(n.get)("file.path[0]",t),I=Object(n.get)("user.domain[0]",t),T=Object(n.get)("user.name[0]",t),C=Object(n.get)("event.outcome[0]",t),M=Object(n.get)("system.audit.package.name[0]",t),F=Object(n.get)("system.audit.package.summary[0]",t),D=Object(n.get)("system.audit.package.version[0]",t),A=Object(n.get)("process.exit_code[0]",t),_=Object(n.get)("process.parent.name[0]",t),N=Object(n.get)("process.parent.pid[0]",t),R=Object(n.get)("process.hash.sha256[0]",t),q=Object(n.get)("process.pid[0]",t),P=Object(n.get)("process.ppid[0]",t),L=Object(n.get)("process.name[0]",t),B=Object(n.get)("system.auth.ssh.signature[0]",t),z=Object(n.get)("system.auth.ssh.method[0]",t),$=Object(n.get)("process.executable[0]",t),V=Object(n.get)("process.title[0]",t),G=Object(n.get)("process.working_directory[0]",t),U=Object(n.get)("process.args",t);return r.a.createElement(l.b,null,r.a.createElement(he,{id:m,contextId:e,text:d,hostName:y,endgameExitCode:f,endgameFileName:b,endgameFilePath:h,endgameParentProcessName:E,endgamePid:v,endgameProcessName:x,eventAction:k,fileExtOriginalPath:S,fileHashSha256:w,fileName:j,filePath:O,userDomain:I,userName:T,message:g,processExitCode:A,processParentName:_,processParentPid:N,processTitle:V,workingDirectory:G,args:U,packageName:M,packageSummary:F,packageVersion:D,processHashSha256:R,processName:L,processPid:q,processPpid:P,processExecutable:$,showMessage:i,skipRedundantFileDetails:o,skipRedundantProcessDetails:u,sshSignature:B,sshMethod:z,outcome:C,isDraggable:a}),r.a.createElement(s.EuiSpacer,{size:"s"}),r.a.createElement(c.a,{data:t,isDraggable:a,timelineId:p}))}));Ee.displayName="SystemGenericFileDetails";const ve=({actionName:e,text:t})=>({id:o.d.system,isInstance:t=>{const a=Object(n.get)("event.module[0]",t),i=Object(n.get)("event.action[0]",t);return null!=a&&"system"===a.toLowerCase()&&null!=i&&i.toLowerCase()===e},renderRow:({data:a,isDraggable:n,scopeId:i})=>r.a.createElement(X.a,null,r.a.createElement(oe,{contextId:`${e}-${i}`,data:a,isDraggable:n,text:t,timelineId:i}))}),xe=({actionName:e,text:t})=>({id:o.d.system_file,isInstance:t=>{const a=Object(n.get)("event.action[0]",t),i=Object(n.get)("event.category[0]",t),r=Object(n.get)("event.dataset[0]",t);return("process"===(null==i?void 0:i.toLowerCase())||"endpoint.events.process"===(null==r?void 0:r.toLowerCase()))&&(null==a?void 0:a.toLowerCase())===e},renderRow:({data:a,isDraggable:n,scopeId:i})=>r.a.createElement(X.a,null,r.a.createElement(Ee,{data:a,contextId:`endgame-process-${e}-${i}`,isDraggable:n,showMessage:!1,text:t,timelineId:i}))}),ke=({actionName:e,text:t})=>({id:o.d.system_fim,isInstance:t=>{const a=Object(n.get)("event.action[0]",t),i=Object(n.get)("event.category[0]",t),r=Object(n.get)("event.dataset[0]",t);return Object(l.d)({eventCategory:i,eventDataset:r})&&(null==a?void 0:a.toLowerCase())===e},renderRow:({data:a,isDraggable:n,scopeId:i})=>r.a.createElement(X.a,null,r.a.createElement(Ee,{data:a,contextId:`fim-${e}-${i}`,isDraggable:n,showMessage:!1,text:t,timelineId:i}))}),Se=({eventAction:e,eventCategory:t,eventType:a,skipRedundantFileDetails:i=!1,skipRedundantProcessDetails:s=!1,text:l})=>({id:o.d.alerts,isInstance:i=>{var r,o,s;const l=Object(n.get)("event.action",i),c=Object(n.get)("event.category",i),u=Object(n.get)("event.dataset[0]",i),d=Object(n.get)("event.type",i),p=null!==(r=null==l?void 0:l.includes(e))&&void 0!==r&&r,m=null!==(o=null==c?void 0:c.includes(t))&&void 0!==o&&o,g=null!==(s=null==d?void 0:d.includes(a))&&void 0!==s&&s;return"endpoint.alerts"===(null==u?void 0:u.toLowerCase())&&g&&m&&p},renderRow:({data:n,isDraggable:o,scopeId:c})=>r.a.createElement(X.a,null,r.a.createElement(Ee,{contextId:`endpoint-alerts-row-renderer-${e}-${t}-${a}-${c}`,data:n,isDraggable:o,showMessage:!1,skipRedundantFileDetails:i,skipRedundantProcessDetails:s,text:l,timelineId:c}))}),we=({actionName:e,text:t})=>({id:o.d.library,isInstance:t=>{const a=Object(n.get)("event.action[0]",t),i=Object(n.get)("event.dataset[0]",t);return"endpoint.events.library"===(null==i?void 0:i.toLowerCase())&&(null==a?void 0:a.toLowerCase())===e},renderRow:({data:a,isDraggable:n,scopeId:i})=>r.a.createElement(X.a,null,r.a.createElement(Ee,{contextId:`library-row-renderer-${e}-${i}`,data:a,isDraggable:n,showMessage:!1,text:t,timelineId:i}))}),je=({actionName:e,text:t})=>({id:o.d.system_file,isInstance:t=>{const a=Object(n.get)("event.module[0]",t),i=Object(n.get)("event.action[0]",t);return null!=a&&"system"===a.toLowerCase()&&null!=i&&i.toLowerCase()===e},renderRow:({data:a,isDraggable:n,scopeId:i})=>r.a.createElement(X.a,null,r.a.createElement(Ee,{contextId:`${e}-${i}`,data:a,isDraggable:n,text:t,timelineId:i}))}),Oe=({actionName:e,text:t})=>({id:o.d.system_socket,isInstance:t=>{const a=Object(n.get)("event.action[0]",t);return null!=a&&a.toLowerCase()===e},renderRow:({data:a,isDraggable:n,scopeId:i})=>r.a.createElement(X.a,null,r.a.createElement(Ee,{contextId:`socket-${e}-${i}`,data:a,isDraggable:n,text:t,timelineId:i}))}),Ie=({actionName:e})=>({id:o.d.system_security_event,isInstance:t=>{const a=Object(n.get)("event.category[0]",t),i=Object(n.get)("event.action[0]",t),r=Object(n.get)("event.dataset[0]",t);return("authentication"===(null==a?void 0:a.toLowerCase())||"endpoint.events.security"===(null==r?void 0:r.toLowerCase()))&&(null==i?void 0:i.toLowerCase())===e},renderRow:({data:t,isDraggable:a,scopeId:n})=>r.a.createElement(X.a,null,r.a.createElement(H,{contextId:`authentication-${e}-${n}`,data:t,isDraggable:a,timelineId:n}))}),Te=()=>({id:o.d.system_dns,isInstance:e=>{const t=Object(n.get)("dns.question.type[0]",e),a=Object(n.get)("dns.question.name[0]",e);return!Object(l.e)(t)&&!Object(l.e)(a)},renderRow:({data:e,isDraggable:t,scopeId:a})=>r.a.createElement(X.a,null,r.a.createElement(x,{contextId:`dns-request-${a}`,data:e,isDraggable:t,timelineId:a}))}),Ce=({actionName:e,text:t})=>({id:o.d.registry,isInstance:t=>{const a=Object(n.get)("event.action[0]",t),i=Object(n.get)("event.dataset[0]",t);return"endpoint.events.registry"===(null==i?void 0:i.toLowerCase())&&(null==a?void 0:a.toLowerCase())===e},renderRow:({data:e,isDraggable:a,scopeId:n})=>r.a.createElement(X.a,null,r.a.createElement(J,{contextId:`registry-event-${n}`,data:e,isDraggable:a,text:t}))}),Me=ve({actionName:"user_login",text:te.c}),Fe=je({actionName:"process_started",text:te.A}),De=xe({actionName:"creation_event",text:te.A}),Ae=xe({actionName:"start",text:te.A}),_e=Ce({actionName:"modification",text:te.u}),Ne=je({actionName:"process_stopped",text:te.B}),Re=xe({actionName:"termination_event",text:te.H}),qe=xe({actionName:"end",text:te.H}),Pe=ke({actionName:"file_create_event",text:te.e}),Le=ke({actionName:"creation",text:te.e}),Be=ke({actionName:"created",text:te.e}),ze=ke({actionName:"file_delete_event",text:te.f}),$e=ke({actionName:"deletion",text:te.f}),Ve=ke({actionName:"modification",text:te.t}),Ge=ke({actionName:"overwrite",text:te.v}),Ue=ke({actionName:"rename",text:te.E}),He=ke({actionName:"deleted",text:te.f}),We=je({actionName:"existing_process",text:te.k}),Qe=[{eventAction:"creation",eventCategory:"file",eventType:"denied",skipRedundantProcessDetails:!0,text:te.R},{eventAction:"creation",eventCategory:"file",eventType:"allowed",skipRedundantProcessDetails:!0,text:te.N},{eventAction:"files-encrypted",eventCategory:"file",eventType:"denied",skipRedundantFileDetails:!0,text:te.D},{eventAction:"files-encrypted",eventCategory:"file",eventType:"allowed",skipRedundantFileDetails:!0,text:te.C},{eventAction:"modification",eventCategory:"file",eventType:"denied",skipRedundantProcessDetails:!0,text:te.T},{eventAction:"modification",eventCategory:"file",eventType:"allowed",skipRedundantProcessDetails:!0,text:te.P},{eventAction:"rename",eventCategory:"file",eventType:"denied",skipRedundantProcessDetails:!0,text:te.U},{eventAction:"rename",eventCategory:"file",eventType:"allowed",skipRedundantProcessDetails:!0,text:te.Q},{eventAction:"execution",eventCategory:"process",eventType:"denied",skipRedundantFileDetails:!0,text:te.S},{eventAction:"execution",eventCategory:"process",eventType:"allowed",skipRedundantFileDetails:!0,text:te.O}].map((e=>Se(e))),Ye=we({actionName:"load",text:te.q}),Ke=Oe({actionName:"socket_opened",text:te.G}),Ze=Oe({actionName:"socket_closed",text:te.F}),Je=Oe({actionName:"ipv4_connection_accept_event",text:te.b}),Xe=Oe({actionName:"connection_accepted",text:te.b}),et=Oe({actionName:"http_request",text:te.s}),tt=xe({actionName:"exec",text:te.i}),at=xe({actionName:"fork",text:te.n}),nt=Oe({actionName:"ipv6_connection_accept_event",text:te.b}),it=Oe({actionName:"ipv4_disconnect_received_event",text:te.g}),rt=Oe({actionName:"disconnect_received",text:te.g}),ot=Oe({actionName:"ipv6_disconnect_received_event",text:te.g}),st=Ie({actionName:"admin_logon"}),lt=Ie({actionName:"explicit_user_logon"}),ct=Ie({actionName:"user_logoff"}),ut=Ie({actionName:"user_logon"}),dt=Ie({actionName:"log_on"}),pt=Te(),mt=ve({actionName:"existing_user",text:te.m}),gt=je({actionName:"existing_socket",text:te.l}),yt=ve({actionName:"existing_package",text:te.j}),ft=je({actionName:"invalid",text:te.p}),bt=ve({actionName:"user_changed",text:te.J}),ht=ve({actionName:"host",text:te.o}),Et=ve({actionName:"user_added",text:te.I}),vt=ve({actionName:"user_logout",text:te.r}),xt=Ie({actionName:"log_off"}),kt=je({actionName:"process_error",text:te.z}),St=ve({actionName:"error:",text:te.h}),wt=ve({actionName:"error",text:te.h}),jt=ve({actionName:"package_installed",text:te.w}),Ot=ve({actionName:"boot",text:te.d}),It=[pt,st,lt,Pe,Le,ze,$e,Ge,Ue,...Qe,Ye,Ve,_e,Je,Xe,et,tt,at,nt,it,rt,ot,De,Ae,Re,qe,ct,ut,dt,Be,He,ve({actionName:"accepted",text:te.a}),Ot,wt,St,yt,We,gt,mt,ht,ft,Me,vt,xt,jt,ve({actionName:"package_updated",text:te.y}),ve({actionName:"package_removed",text:te.x}),kt,Fe,Ne,Ze,Ke,Et,bt,ve({actionName:"user_removed",text:te.K})]},,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return p})),a.d(t,"b",(function(){return y}));var n=a(2),i=a.n(n),r=a(40),o=a(41),s=a.n(o),l=a(48),c=a(637),u=a(113),d=a(499);const p={[u.y.unknown]:l.euiLightVars.euiColorMediumShade,[u.y.low]:d.b.low,[u.y.moderate]:d.b.medium,[u.y.high]:d.b.high,[u.y.critical]:d.b.critical},m=s.a.div.withConfig({displayName:"RiskBadge",componentId:"sc-1t9tm5r-0"})(["",""],(({theme:e,$severity:t,$hideBackgroundColor:a})=>Object(o.css)(["width:fit-content;padding-right:",";padding-left:",";",";"],e.eui.euiSizeS,e.eui.euiSizeXS,("Critical"===t||"High"===t)&&!a&&Object(o.css)(["background-color:",";border-radius:999px;"],Object(r.transparentize)(e.eui.euiColorDanger,.2))))),g=s.a.div.withConfig({displayName:"TooltipContainer",componentId:"sc-1t9tm5r-1"})(["padding:",";"],(({theme:e})=>e.eui.euiSizeS)),y=({severity:e,hideBackgroundColor:t=!1,toolTipContent:a})=>{const n=i.a.createElement(m,{color:l.euiLightVars.euiColorDanger,$severity:e,$hideBackgroundColor:t,"data-test-subj":"risk-score"},i.a.createElement(r.EuiHealth,{className:"eui-alignMiddle",color:p[e]},e));return null!=a?i.a.createElement(c.a,{hoverContent:i.a.createElement(g,null,a),render:()=>n}):n}},function(e,t,a){"use strict";let n,i,r;a.d(t,"c",(function(){return n})),a.d(t,"a",(function(){return i})),a.d(t,"b",(function(){return r})),function(e){e.defineRule="define-rule",e.aboutRule="about-rule",e.scheduleRule="schedule-rule",e.ruleActions="rule-actions"}(n||(n={})),function(e){e.IndexPatterns="indexPatterns",e.DataView="dataView"}(i||(i={})),function(e){e.PerRuleExecution="per-rule-execution",e.PerTimePeriod="per-time-period"}(r||(r={}))},,,,function(e,t,a){"use strict";a.d(t,"g",(function(){return s})),a.d(t,"c",(function(){return l})),a.d(t,"d",(function(){return c})),a.d(t,"a",(function(){return u})),a.d(t,"f",(function(){return p})),a.d(t,"b",(function(){return m})),a.d(t,"e",(function(){return y}));var n=a(42),i=a(59),r=a(155),o=a(188);const s={box:{incremental:!0,placeholder:r.w,schema:!0,"data-test-subj":"search-input"}},l=e=>Object(n.isEmpty)(e)?"":`Example: ${e}`,c=e=>{switch(e){case"string":case"keyword":return"string";case"number":case"long":case"float":return"number";case"date":return"clock";case"ip":case"geo_point":return"globe";default:return"questionInCircle"}},u="event-fields-table",d=e=>Object(i.elementOrChildrenHasFocus)(null==e?void 0:e.querySelector(`.${u}`)),p=({containerElement:e,keyboardEvent:t,onSkipFocusBeforeEventsTable:a,onSkipFocusAfterEventsTable:n})=>{const{shiftKey:r}=t,o=Object(i.getTableSkipFocus)({containerElement:e,getFocusedCell:i.getFocusedDataColindexCell,shiftKey:r,tableHasFocus:d,tableClassName:u});"SKIP_FOCUS_NOOP"!==o&&(Object(i.stopPropagationAndPreventDefault)(t),Object(i.handleSkipFocus)({onSkipFocusBackwards:a,onSkipFocusForward:n,skipFocus:o}))};function m({browserFields:e,contextId:t,eventId:a,field:i,item:r,linkValueField:o,scopeId:s}){var l,c,u,d;const p={contextId:t,eventId:a,fieldType:"string",linkValue:void 0,scopeId:s},m=Object(n.getOr)(null,"originalValue.0",o),g=null!==(l=r.category)&&void 0!==l?l:"",y=null!==(c=r.field)&&void 0!==c?c:"",f=Object(n.get)([g,"fields",y],e),b=null==i?void 0:i.overrideField;return{...p,data:{field:null!=b?b:y,format:null!==(u=null==f?void 0:f.format)&&void 0!==u?u:"",type:null!==(d=null==f?void 0:f.type)&&void 0!==d?d:"",isObjectArray:r.isObjectArray},values:r.values,linkValue:null!=m?m:void 0,fieldFromBrowserField:f}}const g={[o.a]:!0,[o.j]:!0};function y(e){return!g[e]}},function(e,t,a){"use strict";a.d(t,"a",(function(){return o})),a.d(t,"b",(function(){return s}));var n=a(42),i=a(2),r=a.n(i);function o(e){var t;const a=t=>{const{deleteQuery:a,id:i,inspect:o=null,loading:l,refetch:c,setQuery:u,session:d}=t;s({deleteQuery:a,inspect:o,loading:l,queryId:i,refetch:c,session:d,setQuery:u});const p=Object(n.omit)(["refetch","setQuery"],t);return r.a.createElement(e,p)};return a.displayName=`ManageQuery (${null!==(t=null==e?void 0:e.displayName)&&void 0!==t?t:"Unknown"})`,a}const s=({setQuery:e,deleteQuery:t,refetch:a,inspect:n,loading:r,queryId:o,session:s})=>{Object(i.useEffect)((()=>{e({id:o,inspect:null!=n?n:null,loading:r,refetch:a,searchSessionId:null==s?void 0:s.current.start()})}),[t,e,o,a,n,r,s]),Object(i.useEffect)((()=>()=>{t&&t({id:o})}),[t,o])}},function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(2),i=a(45),r=a(130),o=a.n(r),s=a(8),l=a(175);const c=Object(n.memo)((({location:{pathname:e,search:t},history:a,match:{params:{detailName:i,tabName:r,flowTarget:c}},pageName:u,state:d})=>{const[p,m]=Object(n.useState)(!0),[g,y]=Object(l.a)();return Object(n.useEffect)((()=>{p&&""!==t?(y({type:"updateSearch",search:t}),m(!1)):""!==t&&t!==g.search&&y({type:"updateSearch",search:t})}),[t]),Object(n.useEffect)((()=>{if(!u||g.pathName===e&&o()(d,g.state))return;const n={detailName:i,flowTarget:c,history:a,pageName:u,pathName:e,search:t,state:d,tabName:r};if(p&&null==i)return y({type:"updateRouteWithOutSearch",route:Object(s.omit)(n,"search")}),void m(!1);y({type:"updateRoute",route:n})}),[e,t,u,i,r,c,d]),null}));c.displayName="SpyRouteComponent";const u=Object(i.withRouter)(c)},,,,,function(e,t,a){"use strict";a.d(t,"b",(function(){return v})),a.d(t,"g",(function(){return x})),a.d(t,"d",(function(){return k})),a.d(t,"e",(function(){return S})),a.d(t,"f",(function(){return w})),a.d(t,"i",(function(){return j})),a.d(t,"h",(function(){return O})),a.d(t,"a",(function(){return T})),a.d(t,"c",(function(){return C}));var n=a(40),i=a(44),r=a(42),o=a(2),s=a.n(o),l=a(41),c=a.n(l),u=a(165),d=a(153),p=a(121),m=a(117),g=(a(132),a(123)),y=a(168),f=a(364),b=a(110),h=a(658);const E=c()(n.EuiFlexGroup).withConfig({displayName:"DraggableContainerFlexGroup",componentId:"sc-17s23cb-0"})(["flex-grow:unset;"]),v="ip-overview",x=(e,t,a,i)=>e.length>0&&e.every((e=>Object(r.getOr)(null,e,t)))?s.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"none"},e.map(((e,l)=>{const c=Object(r.getOr)("",e,t);return s.a.createElement(o.Fragment,{key:`${v}-${e}`},l?", ":"",s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(p.b,{id:`location-renderer-default-draggable-${v}-${a?`${a}-`:""}${e}`,isDraggable:null!=i&&i,field:e,value:c,isAggregatable:!0,fieldType:"keyword"})))}))):Object(m.d)(),k=(e,t,a,i)=>e&&e.organization&&e.organization.name&&e.number?s.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"none"},s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(p.b,{id:`autonomous-system-renderer-default-draggable-${v}-${a?`${a}-`:""}${t}.as.organization.name`,isDraggable:null!=i&&i,field:`${t}.as.organization.name`,value:e.organization.name})),s.a.createElement(n.EuiFlexItem,{grow:!1},"/"),s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(p.b,{id:`autonomous-system-renderer-default-draggable-${v}-${a?`${a}-`:""}${t}.as.number`,isDraggable:!1,field:`${t}.as.number`,value:`${e.number}`,isAggregatable:!0,fieldType:"number"}))):Object(m.d)(),S=({contextID:e,host:t,isDraggable:a=!1,ipFilter:n,noLink:i})=>t.id&&t.ip&&(null==n||t.ip.includes(n))?s.a.createElement(s.a.Fragment,null,t.name&&null!=t.name[0]?s.a.createElement(p.b,{id:`host-id-renderer-default-draggable-${v}-${e?`${e}-`:""}host-id`,isDraggable:a,field:"host.id",value:t.id[0],isAggregatable:!0,fieldType:"keyword"},i?s.a.createElement(s.a.Fragment,null,t.id):s.a.createElement(g.d,{hostName:t.name[0]},t.id)):s.a.createElement(s.a.Fragment,null,t.id)):Object(m.d)(),w=(e,t,a,n)=>e&&e.name&&e.name[0]&&e.ip&&(null==t||e.ip.includes(t))?s.a.createElement(p.b,{id:`host-name-renderer-default-draggable-${v}-${a?`${a}-`:""}host-name`,isDraggable:null!=n&&n,field:"host.name",value:e.name[0],isAggregatable:!0,fieldType:"keyword"},s.a.createElement(g.d,{hostName:e.name[0]},e.name?e.name:Object(m.d)())):Object(m.d)(),j=e=>s.a.createElement(g.n,{domain:e},f.n),O=e=>s.a.createElement(g.j,{domain:e,direction:"column"}),I=({attrName:e,displayCount:t=1,idPrefix:a,isDraggable:i=!1,moreMaxHeight:r="200px",render:o,rowItems:l,sourcererScopeId:c})=>{if(null!=l&&l.length>0){const u=l.slice(0,t).map(((t,r)=>{const l=Object(d.i)(`default-field-renderer-default-draggable-${a}-${e}-${t}`);return s.a.createElement(n.EuiFlexItem,{key:l,grow:!1},0!==r&&s.a.createElement(s.a.Fragment,null,",",s.a.createElement(y.i,null)),"string"==typeof t&&s.a.createElement(p.b,{id:l,isDraggable:i,field:e,value:t,isAggregatable:!0,fieldType:"keyword"},o?o(t):t))}));return u.length>0?s.a.createElement(E,{alignItems:"center",gutterSize:"none",component:"span","data-test-subj":"DefaultFieldRendererComponent"},s.a.createElement(n.EuiFlexItem,{grow:!1},u," "),s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(M,{attrName:e,idPrefix:a,moreMaxHeight:r,overflowIndexStart:t,render:o,rowItems:l,sourcererScopeId:c}))):Object(m.d)()}return Object(m.d)()},T=s.a.memo(I);T.displayName="DefaultFieldRenderer";const C=s.a.memo((({fieldName:e,idPrefix:t,moreMaxHeight:a,overflowIndexStart:i,render:r,values:l,sourcererScopeId:c})=>{const{timelineId:p}=Object(o.useContext)(h.b),g=Object(o.useMemo)((()=>l.slice(i).reduce(((a,i,o)=>{const l=Object(d.i)(`${t}-${e}-${i}-${o}`);return"string"==typeof i&&null!=e&&a.push(s.a.createElement(n.EuiFlexItem,{key:l},s.a.createElement(u.c,{key:l,mode:u.a.HOVER_DOWN,visibleCellActions:5,showActionTooltips:!0,triggerId:u.d.DEFAULT,data:{value:i,field:e},sourcererScopeId:null!=c?c:b.SourcererScopeName.default,metadata:{scopeId:null!=p?p:void 0}},s.a.createElement(s.a.Fragment,null,r?r(i):Object(m.a)(i))))),a}),[])),[l,i,t,e,p,r,c]);return s.a.createElement("div",{"data-test-subj":"more-container",className:"eui-yScroll",style:{maxHeight:a,paddingRight:"2px"}},s.a.createElement(n.EuiFlexGroup,{gutterSize:"s",direction:"column","data-test-subj":"overflow-items"},g))}));C.displayName="MoreContainer";const M=s.a.memo((({attrName:e,idPrefix:t,moreMaxHeight:a,overflowIndexStart:r=5,render:l,rowItems:c,sourcererScopeId:u})=>{const[d,p]=Object(o.useState)(!1),m=Object(o.useCallback)((()=>p((e=>!e))),[]),g=Object(o.useMemo)((()=>s.a.createElement(s.a.Fragment,null," ,",s.a.createElement(n.EuiButtonEmpty,{size:"xs",onClick:m,"data-test-subj":"DefaultFieldRendererOverflow-button"},`+${c.length-r} `,s.a.createElement(i.FormattedMessage,{id:"xpack.securitySolution.fieldRenderers.moreLabel",defaultMessage:"More"})))),[m,r,c.length]);return s.a.createElement(n.EuiFlexItem,{grow:!1},c.length>r&&s.a.createElement(n.EuiPopover,{id:"popover",button:g,isOpen:d,closePopover:m,repositionOnScroll:!0,panelClassName:"withHoverActions__popover"},s.a.createElement(C,{fieldName:e,idPrefix:t,render:l,values:c,moreMaxHeight:a,overflowIndexStart:r,sourcererScopeId:u})))}));M.displayName="DefaultFieldRendererOverflow"},function(e,t,a){"use strict";a.d(t,"c",(function(){return c})),a.d(t,"b",(function(){return u})),a.d(t,"d",(function(){return d})),a.d(t,"a",(function(){return p}));var n=a(5),i=a(113);const r=n.i18n.translate("xpack.securitySolution.riskScore.overview.hostTitle",{defaultMessage:"Host"}),o=n.i18n.translate("xpack.securitySolution.riskScore.overview.hosts",{defaultMessage:"Hosts"}),s=n.i18n.translate("xpack.securitySolution.riskScore.overview.userTitle",{defaultMessage:"User"}),l=n.i18n.translate("xpack.securitySolution.riskScore.overview.users",{defaultMessage:"Users"}),c=e=>n.i18n.translate("xpack.securitySolution.riskScore.overview.riskScoreTitle",{defaultMessage:"{riskEntity} Risk Score",values:{riskEntity:d(e)}}),u=e=>n.i18n.translate("xpack.securitySolution.entityAnalytics.riskDashboard.riskClassificationTitle",{defaultMessage:"{riskEntity} risk classification",values:{riskEntity:d(e)}}),d=(e,t=!1,a=!1)=>t?a?(e===i.w.host?o:l).toLowerCase():(e===i.w.host?r:s).toLowerCase():a?e===i.w.host?o:l:e===i.w.host?r:s,p=n.i18n.translate("xpack.securitySolution.riskScore.overview.alerts",{defaultMessage:"Alerts"})},,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return n}));const n=e=>e.capabilities.canGetJobs&&e.capabilities.canGetDatafeeds&&e.capabilities.canGetCalendars},,,,,function(e,t,a){"use strict";a.d(t,"e",(function(){return r})),a.d(t,"f",(function(){return o})),a.d(t,"i",(function(){return s})),a.d(t,"g",(function(){return l})),a.d(t,"h",(function(){return c})),a.d(t,"k",(function(){return u})),a.d(t,"l",(function(){return d})),a.d(t,"j",(function(){return p})),a.d(t,"d",(function(){return m})),a.d(t,"c",(function(){return g})),a.d(t,"n",(function(){return y})),a.d(t,"b",(function(){return f})),a.d(t,"a",(function(){return b})),a.d(t,"m",(function(){return h})),a.d(t,"o",(function(){return E}));var n=a(5),i=a(225);a.d(t,"p",(function(){return i.c}));const r=n.i18n.translate("xpack.securitySolution.eventDetails.ctiSummary.feedNamePreposition",{defaultMessage:"from"}),o=n.i18n.translate("xpack.securitySolution.eventDetails.ctiSummary.indicatorEnrichmentTitle",{defaultMessage:"Threat match detected"}),s=n.i18n.translate("xpack.securitySolution.eventDetails.ctiSummary.investigationEnrichmentTitle",{defaultMessage:"Enriched with threat intelligence"}),l=n.i18n.translate("xpack.securitySolution.eventDetails.ctiSummary.indicatorEnrichmentTooltipContent",{defaultMessage:"Shows available threat indicator matches."}),c=n.i18n.translate("xpack.securitySolution.eventDetails.ctiSummary.informationAriaLabel",{defaultMessage:"Information"}),u=n.i18n.translate("xpack.securitySolution.eventDetails.ctiSummary.investigationEnrichmentTooltipContent",{defaultMessage:"Shows additional threat intelligence for the alert. The past 30 days were queried by default."}),d=(n.i18n.translate("xpack.securitySolution.alertDetails.noInvestigationEnrichmentsDescription",{defaultMessage:"This alert does not have supplemental threat intelligence data."}),n.i18n.translate("xpack.securitySolution.alertDetails.noEnrichmentsFoundDescription",{defaultMessage:"This alert does not have threat intelligence."})),p=n.i18n.translate("xpack.securitySolution.alertDetails.investigationTimeQueryTitle",{defaultMessage:"Enrichment with Threat Intelligence"}),m=n.i18n.translate("xpack.securitySolution.alertDetails.enrichmentQueryStartDate",{defaultMessage:"Start date"}),g=n.i18n.translate("xpack.securitySolution.alertDetails.enrichmentQueryEndDate",{defaultMessage:"End date"}),y=n.i18n.translate("xpack.securitySolution.alertDetails.refresh",{defaultMessage:"Refresh"}),f=n.i18n.translate("xpack.securitySolution.alertDetails.overview.enrichedDataTitle",{defaultMessage:"Enriched data"}),b=e=>n.i18n.translate("xpack.securitySolution.alertDetails.overview.hostRiskClassification",{defaultMessage:"Current {riskEntity} risk classification",values:{riskEntity:Object(i.d)(e,!0)}}),h=e=>n.i18n.translate("xpack.securitySolution.alertDetails.overview.originalHostRiskClassification",{defaultMessage:"Original {riskEntity} risk classification",values:{riskEntity:Object(i.d)(e,!0)}}),E=e=>n.i18n.translate("xpack.securitySolution.alertDetails.overview.hostRiskDataTitle",{defaultMessage:"{riskEntity} Risk Data",values:{riskEntity:Object(i.d)(e)}})},function(e,t,a){"use strict";e.exports=function(e){return-2===e||-1===e||32===e}},,,,,,function(e,t,a){"use strict";a.d(t,"e",(function(){return i})),a.d(t,"g",(function(){return r})),a.d(t,"h",(function(){return o})),a.d(t,"j",(function(){return s})),a.d(t,"k",(function(){return l})),a.d(t,"i",(function(){return c})),a.d(t,"o",(function(){return u})),a.d(t,"n",(function(){return d})),a.d(t,"m",(function(){return p})),a.d(t,"l",(function(){return m})),a.d(t,"u",(function(){return g})),a.d(t,"t",(function(){return y})),a.d(t,"s",(function(){return f})),a.d(t,"r",(function(){return b})),a.d(t,"d",(function(){return h})),a.d(t,"b",(function(){return E})),a.d(t,"a",(function(){return v})),a.d(t,"c",(function(){return x})),a.d(t,"p",(function(){return k})),a.d(t,"q",(function(){return S})),a.d(t,"f",(function(){return w})),a.d(t,"v",(function(){return j})),a.d(t,"w",(function(){return O}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights",{defaultMessage:"Insights"}),r=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_process_ancestry",{defaultMessage:"Related alerts by process ancestry"}),o=e=>n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_process_ancestry_count",{defaultMessage:"{count} {count, plural, =1 {alert} other {alerts}} by process ancestry",values:{count:e}}),s=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_process_ancestry_error",{defaultMessage:"Failed to fetch alerts."}),l=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.processAncestryFilter",{defaultMessage:"Process Ancestry Alert IDs"}),c=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_process_ancestry_empty",{defaultMessage:"There are no related alerts by process ancestry."}),u=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_source_event_loading",{defaultMessage:"Loading related alerts by source event"}),d=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_session_error",{defaultMessage:"Failed to load related alerts by session"}),p=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_session_empty",{defaultMessage:"There are no related alerts by session"}),m=e=>n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_session_count",{defaultMessage:"{count} {count, plural, =1 {alert} other {alerts}} related by session",values:{count:e}}),g=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_source_event_loading",{defaultMessage:"Loading related alerts by source event"}),y=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_source_event_error",{defaultMessage:"Failed to load related alerts by source event"}),f=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_alerts_by_source_event_empty",{defaultMessage:"There are no related alerts by source event"}),b=e=>n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights_related_alerts_by_source_event_count",{defaultMessage:"{count} {count, plural, =1 {alert} other {alerts}} related by source event",values:{count:e}}),h=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_cases_loading",{defaultMessage:"Loading related cases"}),E=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_cases_error",{defaultMessage:"Failed to load related cases"}),v=e=>n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.related_cases_count",{defaultMessage:"{count} {count, plural, =1 {case} other {cases}} related to this alert",values:{count:e}}),x=e=>n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.relatedCasesFailure",{defaultMessage:'Unable to load related cases: "{error}"',values:{error:e}}),k=n.i18n.translate("xpack.securitySolution.alertDetails.overview.simpleAlertTable.error",{defaultMessage:"Failed to load the alerts."}),S=n.i18n.translate("xpack.securitySolution.alertDetails.overview.limitedAlerts",{defaultMessage:"Showing only the latest 10 alerts. View the rest of alerts in timeline."}),w=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.alertUpsellTitle",{defaultMessage:"Get more insights with a platinum subscription"}),j=e=>n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.suppressedAlertsCount",{defaultMessage:"{count} suppressed {count, plural, =1 {alert} other {alerts}}",values:{count:e}}),O=n.i18n.translate("xpack.securitySolution.alertDetails.overview.insights.suppressedAlertsCountTechnicalPreview",{defaultMessage:"Technical Preview"})},function(e,t,a){"use strict";a.d(t,"g",(function(){return c})),a.d(t,"a",(function(){return P})),a.d(t,"f",(function(){return B})),a.d(t,"c",(function(){return V})),a.d(t,"b",(function(){return Ve})),a.d(t,"h",(function(){return He})),a.d(t,"i",(function(){return d})),a.d(t,"d",(function(){return st})),a.d(t,"e",(function(){return Fe})),a.d(t,"j",(function(){return qe}));var n=a(2),i=a.n(n),r=a(40),o=a(21);const s={strict:!0,fields:{created_by:{type:"string"},description:{type:"string"},id:{type:"string"},item_id:{type:"string"},list_id:{type:"string"},name:{type:"string"},os_types:{type:"string"},tags:{type:"string"}}},l=({addExceptionButtonText:e,placeholdertext:t,canAddException:a,listType:i,isSearching:l,dataTestSubj:c,filters:u=[],isButtonFilled:d=!0,buttonIconType:p,onSearch:m,onAddExceptionClick:g})=>{const y=Object(n.useCallback)((({queryText:e})=>{m({search:e})}),[m]),f=Object(n.useCallback)((()=>{g(i)}),[g,i]);return Object(o.jsx)(r.EuiFlexGroup,{alignItems:"center"},Object(o.jsx)(r.EuiFlexItem,{grow:!0},Object(o.jsx)(r.EuiSearchBar,{box:{placeholder:t,incremental:!1,schema:s,"data-test-subj":`${c||""}searchBar`},filters:u,onChange:y})),!a&&Object(o.jsx)(r.EuiFlexItem,{grow:!1},Object(o.jsx)(r.EuiButton,{"data-test-subj":`${c||""}Button`,onClick:f,isDisabled:l,fill:d,iconType:p},e)))};l.displayName="SearchBarComponent";const c=i.a.memo(l);c.displayName="SearchBar";var u=a(48);let d,p;!function(e){e.ERROR="error",e.EMPTY="empty",e.EMPTY_SEARCH="empty_search",e.LOADING="loading",e.SEARCHING="searching",e.DELETING="deleting"}(d||(d={})),function(e){e.ENDPOINT="endpoint",e.DETECTION="empty",e.RULE_DEFAULT="empty_search"}(p||(p={}));var m=a(5);const g=m.i18n.translate("exceptionList-components.empty.viewer.state.empty.title",{defaultMessage:"Add exceptions to this list"}),y=m.i18n.translate("exceptionList-components.empty.viewer.state.empty.body",{defaultMessage:"There is no exception in your list. Create your first exception."}),f=m.i18n.translate("exceptionList-components.empty.viewer.state.empty_search.search.title",{defaultMessage:"No results match your search criteria"}),b=m.i18n.translate("exceptionList-components.empty.viewer.state.empty_search.body",{defaultMessage:"Try modifying your search"}),h=m.i18n.translate("exceptionList-components.empty.viewer.state.error_title",{defaultMessage:"Unable to load exception items"}),E=m.i18n.translate("exceptionList-components.empty.viewer.state.error_body",{defaultMessage:"There was an error loading the exception items. Contact your administrator for help."}),v=m.i18n.translate("exceptionList-components.exception_list_header_export_action",{defaultMessage:"Export exception list"}),x=m.i18n.translate("exceptionList-components.exception_list_header_delete_action",{defaultMessage:"Delete exception list"}),k=m.i18n.translate("exceptionList-components.exception_list_header_duplicate_action",{defaultMessage:"Duplicate exception list"}),S=m.i18n.translate("exceptionList-components.exception_list_header_link_rules_button",{defaultMessage:"Link rules"}),w=e=>m.i18n.translate("exceptionList-components.exception_list_header_linked_rules",{values:{noOfRules:e},defaultMessage:"Linked to {noOfRules} rules"}),j=m.i18n.translate("exceptionList-components.exception_list_header_breadcrumb",{defaultMessage:"Shared Exception Lists"}),O=m.i18n.translate("exceptionList-components.exception_list_header_list_id",{defaultMessage:"List ID"}),I=m.i18n.translate("exceptionList-components.exception_list_header_name",{defaultMessage:"Add a name"}),T=m.i18n.translate("exceptionList-components.exception_list_header_description",{defaultMessage:"Add a description"}),C=m.i18n.translate("exceptionList-components.exception_list_header_edit_modal_save_button",{defaultMessage:"Save"}),M=m.i18n.translate("exceptionList-components.exception_list_header_edit_modal_cancel_button",{defaultMessage:"Cancel"}),F=m.i18n.translate("exceptionList-components.exception_list_header_Name_textbox",{defaultMessage:"Name"}),D=m.i18n.translate("exceptionList-components.exception_list_header_description_textbox",{defaultMessage:"Description (optional)"}),A=m.i18n.translate("exceptionList-components.exception_list_header_description_textboxexceptionList-components.exception_list_header_name_required_eror",{defaultMessage:"List name cannot be empty"});var _=a(1267),N=a.n(_);const R=Object(o.css)("margin:",u.euiThemeVars.euiSizeL," 0;padding:",u.euiThemeVars.euiSizeL," 0;",""),q=({title:e,body:t,buttonText:a,listType:i,isReadOnly:s,viewerStatus:l,onEmptyButtonStateClick:c})=>{const{euiTheme:u}=Object(r.useEuiTheme)(),p=Object(n.useMemo)((()=>{switch(l){case d.ERROR:return{color:"danger",iconType:"error",title:Object(o.jsx)("h2",{"data-test-subj":"errorTitle"},e||h),body:Object(o.jsx)("p",{"data-test-subj":"errorBody"},t||E),"data-test-subj":"errorViewerState"};case d.EMPTY:return{color:"subdued",iconType:"plusInCircle",iconColor:u.colors.darkestShade,title:Object(o.jsx)("h2",{"data-test-subj":"emptyTitle"},e||g),body:Object(o.jsx)("p",{"data-test-subj":"emptyBody"},t||y),"data-test-subj":"emptyViewerState",actions:[Object(o.jsx)(r.EuiButton,{"data-test-subj":"emptyStateButton",onClick:c,iconType:"plusInCircle",color:"primary",isDisabled:s,fill:!0},a||(n=i||"rule",m.i18n.translate("exceptionList-components.empty.viewer.state.empty.viewer_button",{values:{exceptionType:n},defaultMessage:"Create {exceptionType} exception"})))]};case d.EMPTY_SEARCH:return{color:"plain",layout:"horizontal",hasBorder:!0,hasShadow:!1,icon:Object(o.jsx)(r.EuiImage,{size:"fullWidth",alt:"",src:N.a}),title:Object(o.jsx)("h3",{"data-test-subj":"emptySearchTitle"},e||f),body:Object(o.jsx)("p",{"data-test-subj":"emptySearchBody"},t||b),"data-test-subj":"emptySearchViewerState"}}var n}),[l,u.colors.darkestShade,e,t,c,s,a,i]);return Object(o.jsx)(r.EuiSkeletonText,{lines:4,"data-test-subj":"loadingViewerState",isLoading:l===d.LOADING||l===d.SEARCHING},Object(o.jsx)(r.EuiPanel,{css:R,color:"empty_search"===l?"subdued":"transparent"},Object(o.jsx)(r.EuiEmptyPrompt,p)))},P=i.a.memo(q);P.displayName="EmptyViewerState";const L=({dataTestSubj:e,ariaLabel:t,pagination:a,onPaginationChange:i})=>{const{pageIndex:s,pageCount:l,pageSize:c,pageSizeOptions:u,handleItemsPerPageChange:d,handlePageIndexChange:p}=(({pagination:e,onPaginationChange:t})=>{const{pageIndex:a,totalItemCount:i,pageSize:r,pageSizeOptions:o}=e,s=Object(n.useMemo)((()=>isFinite(i/r)?Math.ceil(i/r):0),[r,i]),l=Object(n.useCallback)((e=>{t({pagination:{pageIndex:a,pageSize:e,totalItemCount:i}})}),[a,i,t]),c=Object(n.useCallback)((e=>{t({pagination:{pageIndex:e,pageSize:r,totalItemCount:i}})}),[r,i,t]);return{pageCount:s,pageIndex:a,pageSize:r,pageSizeOptions:o,handleItemsPerPageChange:l,handlePageIndexChange:c}})({pagination:a,onPaginationChange:i});return Object(o.jsx)(r.EuiTablePagination,{"data-test-subj":e,"aria-label":t,pageCount:l,activePage:s,itemsPerPage:c,onChangePage:p,onChangeItemsPerPage:d,itemsPerPageOptions:u})};L.displayName="PaginationComponent";const B=i.a.memo(L);B.displayName="Pagination";const z=Object(o.css)("margin:",u.euiThemeVars.euiSize," 0;&div:first-child{margin:",u.euiThemeVars.euiSizeXS," 0 ",u.euiThemeVars.euiSize,";}",""),$=({lastUpdated:e,viewerStatus:t,isReadOnly:a,exceptions:n,listType:s,ruleReferences:l,emptyViewerTitle:c,emptyViewerBody:u,emptyViewerButtonText:d,pagination:p,dataTestSubj:m,editActionLabel:g,deleteActionLabel:y,securityLinkAnchorComponent:f,exceptionsUtilityComponent:b,formattedDateComponent:h,getFormattedComments:E,onPaginationChange:v,onDeleteException:x,onEditExceptionItem:k,onCreateExceptionListItem:S})=>{const w=b;return!n.length||t?Object(o.jsx)(P,{isReadOnly:a,title:c,viewerStatus:t,buttonText:d,body:u,onEmptyButtonStateClick:S}):Object(o.jsx)(i.a.Fragment,null,Object(o.jsx)(w,{pagination:p,lastUpdated:e}),Object(o.jsx)(r.EuiFlexGroup,{direction:"column",gutterSize:"none",className:"eui-yScrollWithShadows"},Object(o.jsx)(r.EuiFlexItem,{grow:!1},Object(o.jsx)(r.EuiFlexGroup,{css:z,"data-test-subj":`${m||""}exceptionsContainer`,direction:"column",gutterSize:"s"},n.map((e=>Object(o.jsx)(r.EuiFlexItem,{"data-test-subj":`${m||""}exceptionItemContainer`,grow:!1,key:e.id},Object(o.jsx)(Ve,{key:`${e.id}exceptionItemCardKey`,dataTestSubj:`${m||""}exceptionItemCard`,disableActions:a,exceptionItem:e,listType:s,ruleReferences:Object.keys(l).length&&l[e.list_id]?l[e.list_id].referenced_rules:[],editActionLabel:g,deleteActionLabel:y,onDeleteException:x,onEditException:k,securityLinkAnchorComponent:f,formattedDateComponent:h,getFormattedComments:E}))))))),Object(o.jsx)(B,{dataTestSubj:`${m||""}pagination`,pagination:p,onPaginationChange:v}))};$.displayName="ExceptionItemsComponent";const V=i.a.memo($);V.displayName="ExceptionsItems";var G=a(180);const U=Object(o.css)("margin-left:",u.euiThemeVars.euiSizeXL,";margin-bottom:",u.euiThemeVars.euiSizeXS,";padding-top:",u.euiThemeVars.euiSizeXS,";",""),H=Object(G.cx)("eui-xScroll","\n  border: 1px;\n  border-color: #d3dae6;\n  border-style: solid;\n"),W=Object(o.css)("display:flex;align-items:center;margin-left:",u.euiThemeVars.euiSizeS,";",""),Q={name:"s5xdrg",styles:"display:flex;align-items:center"},Y=e=>m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.editItemButton",{values:{listType:e},defaultMessage:"Edit {listType} exception"}),K=e=>m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.deleteItemButton",{values:{listType:e},defaultMessage:"Delete {listType} exception"}),Z=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.createdLabel",{defaultMessage:"Created"}),J=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.updatedLabel",{defaultMessage:"Updated"}),X=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.expiresLabel",{defaultMessage:"Expires at"}),ee=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.expiredLabel",{defaultMessage:"Expired at"}),te=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.metaDetailsBy",{defaultMessage:"by"}),ae=e=>m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.showCommentsLabel",{values:{comments:e},defaultMessage:"Show {comments, plural, =1 {comment} other {comments}} ({comments})"}),ne=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.matchOperator",{defaultMessage:"IS"}),ie=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.matchOperator.not",{defaultMessage:"IS NOT"}),re=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.wildcardMatchesOperator",{defaultMessage:"MATCHES"}),oe=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.wildcardDoesNotMatchOperator",{defaultMessage:"DOES NOT MATCH"}),se=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.nestedOperator",{defaultMessage:"has"}),le=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.matchAnyOperator",{defaultMessage:"is one of"}),ce=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.matchAnyOperator.not",{defaultMessage:"is not one of"}),ue=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.existsOperator",{defaultMessage:"exists"}),de=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.existsOperator.not",{defaultMessage:"does not exist"}),pe=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.listOperator",{defaultMessage:"included in"}),me=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.listOperator.not",{defaultMessage:"is not included in"}),ge=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.and",{defaultMessage:"AND"}),ye=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.os",{defaultMessage:"OS"}),fe=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.windows",{defaultMessage:"Windows"}),be=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.linux",{defaultMessage:"Linux"}),he=m.i18n.translate("exceptionList-components.exceptions.exceptionItem.card.conditions.macos",{defaultMessage:"Mac"});var Ee=a(120);const ve=Object.freeze({linux:be,mac:he,macos:he,windows:fe}),xe=Object.freeze({[Ee.d.NESTED]:se,[Ee.d.MATCH_ANY]:le,[Ee.d.MATCH]:ne,[Ee.d.WILDCARD]:re,[Ee.d.EXISTS]:ue,[Ee.d.LIST]:pe}),ke=Object.freeze({[Ee.d.MATCH_ANY]:ce,[Ee.d.MATCH]:ie,[Ee.d.WILDCARD]:oe,[Ee.d.EXISTS]:de,[Ee.d.LIST]:me}),Se=(e,t)=>"match_any"===e&&Array.isArray(t)?t.map(((e,t)=>Object(o.jsx)(r.EuiBadge,{key:t,"data-test-subj":`matchAnyBadge${t}`,color:"hollow"},e))):null!=t?t:"",we=(e,t)=>{var a,n;return"nested"===e?"":"included"===t?null!==(a=xe[e])&&void 0!==a?a:e:null!==(n=ke[e])&&void 0!==n?n:e},je=(e,t,a)=>Object(o.jsx)(i.a.Fragment,null,Object(o.jsx)(r.EuiExpression,{description:we(e,t),value:Se(e,a),"data-test-subj":"entryValueExpression"}),Object(o.jsx)(He,{value:a})),Oe=Object(n.memo)((({entry:e,index:t,isNestedEntry:a=!1,dataTestSubj:n})=>{const{field:s,type:l}=e,c=(e=>"list"===e.type?e.list.id:"value"in e?e.value:"")(e),u="operator"in e?e.operator:"",d=`${s}${l}${c}${t}`;return Object(o.jsx)("div",{"data-test-subj":`${n||""}${d}EntryContent`,key:d},Object(o.jsx)("div",{css:Q},a?Object(o.jsx)(r.EuiFlexGroup,{responsive:!0,css:U,direction:"row",alignItems:"center",gutterSize:"m","data-test-subj":`${n||""}NestedEntry`},Object(o.jsx)(r.EuiToken,{"data-test-subj":"nstedEntryIcon",iconType:"tokenNested",size:"s"}),Object(o.jsx)("div",{css:W},Object(o.jsx)(r.EuiExpression,{description:"",value:s,color:"subdued"}),je(l,u,c))):Object(o.jsx)(i.a.Fragment,null,Object(o.jsx)(r.EuiExpression,{description:0===t?"":ge,value:s,color:0===t?"primary":"subdued","data-test-subj":`${n||""}SingleEntry`}),je(l,u,c))))}));Oe.displayName="EntryContent";const Ie=Object(n.memo)((({os:e,dataTestSubj:t})=>{const a=Object(n.useMemo)((()=>e.map((e=>{var t;return null!==(t=ve[e])&&void 0!==t?t:e})).join(", ")),[e]);return a?Object(o.jsx)("div",{"data-test-subj":`${t||""}Os`},Object(o.jsx)("strong",null,Object(o.jsx)(r.EuiExpression,{"data-test-subj":"osLabel",description:"",value:ye}),Object(o.jsx)(r.EuiExpression,{"data-test-subj":"osValue",description:ne,value:a}))):null}));Ie.displayName="OsCondition";const Te=Object(n.memo)((({os:e,entries:t,dataTestSubj:a})=>Object(o.jsx)(r.EuiPanel,{color:"subdued",hasBorder:!0,hasShadow:!1,"data-test-subj":a,className:H},null!=e&&e.length?Object(o.jsx)(Ie,{os:e,dataTestSubj:a}):null,t.map(((e,t)=>{const n="entries"in e?e.entries:[];return Object(o.jsx)("div",{key:`ExceptionItemCardConditionsContainer${t}`},Object(o.jsx)(Oe,{key:`entry${t}`,entry:e,index:t,dataTestSubj:a}),null!=n&&n.length?n.map(((e,n)=>Object(o.jsx)(Oe,{key:`nestedEntry${t}${n}`,entry:e,index:n,isNestedEntry:!0,dataTestSubj:a}))):null)})))));Te.displayName="ExceptionItemCardConditions";const Ce={name:"qeawqx",styles:"max-height:300px;height:100%;overflow-x:hidden;overflow-y:auto"},Me=({text:e,dataTestSubj:t,actions:a,disableActions:i,emptyButton:s,useCustomActions:l,iconType:c,iconSide:u="left",anchorPosition:d="downCenter",panelPaddingSize:p="s"})=>{const[m,g]=Object(n.useState)(!1),y=()=>g((e=>!e)),f=()=>g(!1),b=Object(n.useMemo)((()=>l||null===a?a:a.map((e=>Object(o.jsx)(r.EuiContextMenuItem,{"data-test-subj":`${t||""}ActionItem${e.key}`,key:e.key,icon:e.icon,disabled:e.disabled,layoutAlign:"center",onClick:t=>{f(),"function"==typeof e.onClick&&e.onClick(t)}},e.label)))),[a,t,l]);return Object(o.jsx)(r.EuiFlexGroup,{responsive:!0},Object(o.jsx)(r.EuiPopover,{button:s?Object(o.jsx)(r.EuiButtonEmpty,{isDisabled:i,onClick:y,iconType:c||void 0,iconSide:u,"data-test-subj":`${t||""}EmptyButton`,"aria-label":"Header menu Button Empty"},e):Object(o.jsx)(r.EuiButtonIcon,{isDisabled:i,onClick:y,iconType:c||"boxesHorizontal","data-test-subj":`${t||""}ButtonIcon`,"aria-label":"Header menu Button Icon"},e),onClick:e=>e.stopPropagation(),panelPaddingSize:p,isOpen:m,closePopover:f,anchorPosition:d,"data-test-subj":`${t||""}Items`},b?Object(o.jsx)(r.EuiContextMenuPanel,{css:Ce,className:"eui-scrollBar","data-test-subj":`${t||""}MenuPanel`,size:"s",items:b}):null))};Me.displayName="HeaderMenuComponent";const Fe=i.a.memo(Me);Fe.displayName="HeaderMenu";const De=Object(n.memo)((({item:e,actions:t,disableActions:a=!1,dataTestSubj:n})=>Object(o.jsx)(r.EuiFlexGroup,{responsive:!0,"data-test-subj":n,justifyContent:"spaceBetween"},Object(o.jsx)(r.EuiFlexItem,{grow:9},Object(o.jsx)(r.EuiTitle,{size:"xs",textTransform:"uppercase","data-test-subj":`${n}Title`},Object(o.jsx)("h3",null,e.name))),Object(o.jsx)(r.EuiFlexItem,{grow:!1},Object(o.jsx)(Fe,{iconType:"boxesHorizontal",disableActions:a,actions:t,"aria-label":"Exception item actions menu",dataTestSubj:n,anchorPosition:"downCenter"})))));De.displayName="ExceptionItemCardHeader";const Ae=Object(o.css)("font-family:",u.euiThemeVars.euiFontFamily,";",""),_e=Object(n.memo)((({label:e,lastUpdate:t,lastUpdateValue:a,dataTestSubj:n})=>Object(o.jsx)(r.EuiFlexGroup,{"data-test-subj":`${n||""}metaInfoDetails`,alignItems:"center",gutterSize:"s",wrap:!0,responsive:!0},Object(o.jsx)(r.EuiFlexItem,{grow:!1},Object(o.jsx)(r.EuiText,{size:"xs",css:Ae},e)),Object(o.jsx)(r.EuiFlexItem,{grow:!1,"data-test-subj":`${n||""}lastUpdate`},Object(o.jsx)(r.EuiBadge,{color:"default",css:Ae},t)),null!=a&&Object(o.jsx)(i.a.Fragment,null,Object(o.jsx)(r.EuiFlexItem,{grow:!1},Object(o.jsx)(r.EuiText,{size:"xs",css:Ae},te)),Object(o.jsx)(r.EuiFlexItem,{grow:!1,"data-test-subj":`${n||""}lastUpdateValue`},Object(o.jsx)(r.EuiFlexGroup,{responsive:!0,gutterSize:"xs",alignItems:"center"},Object(o.jsx)(r.EuiFlexItem,{grow:!1},Object(o.jsx)(r.EuiBadge,{color:"hollow",css:Ae},a))))))));_e.displayName="MetaInfoDetails";const Ne=Object(o.css)("border-bottom:1px solid ",u.euiThemeVars.euiColorLightShade,";",""),Re=Object(o.css)("color:",u.euiThemeVars.euiColorPrimary,";flex-basis:content;",""),qe=({dataTestSubj:e,linkedRules:t,securityLinkAnchorComponent:a,leftIcon:n=""})=>{if(!t.length||null===a)return null;const i=a;return t.map((a=>Object(o.jsx)(r.EuiContextMenuItem,{css:t.length>1?Ne:"","data-test-subj":`${e||""}ActionItem${a.id}`,key:a.id},Object(o.jsx)(r.EuiFlexGroup,{gutterSize:"s",css:Re},n?Object(o.jsx)(r.EuiFlexItem,{"data-test-subj":`${e||""}LeftIcon`,grow:!1},Object(o.jsx)(r.EuiIcon,{type:n})):null,Object(o.jsx)(r.EuiFlexItem,{css:Re},Object(o.jsx)(i,{external:!0,referenceName:a.name,referenceId:a.id}))))))},Pe=Object(o.css)("border-right:1px solid #d3dae6;padding:",u.euiThemeVars.euiSizeS," ",u.euiThemeVars.euiSizeM," ",u.euiThemeVars.euiSizeS," 0;",""),Le=Object(n.memo)((({item:e,rules:t,dataTestSubj:a,securityLinkAnchorComponent:s,formattedDateComponent:l})=>{const c=l,u=Object(n.useMemo)((()=>qe({dataTestSubj:a,linkedRules:t,securityLinkAnchorComponent:s})),[a,t,s]),d=Object(n.useMemo)((()=>!!e.expire_time&&new Date(e.expire_time)<=new Date),[e]);return Object(o.jsx)(r.EuiFlexGroup,{alignItems:"center",responsive:!0,gutterSize:"s","data-test-subj":a},null!==c&&Object(o.jsx)(i.a.Fragment,null,Object(o.jsx)(r.EuiFlexItem,{css:Pe,grow:!1},Object(o.jsx)(_e,{label:Z,lastUpdate:Object(o.jsx)(c,{"data-test-subj":"{dataTestSubj||''}formattedDateComponentCreatedBy",fieldName:"created_at",value:e.created_at}),lastUpdateValue:e.created_by,dataTestSubj:`${a||""}CreatedBy`})),Object(o.jsx)(r.EuiFlexItem,{css:Pe,grow:!1},Object(o.jsx)(_e,{label:J,lastUpdate:Object(o.jsx)(c,{"data-test-subj":"{dataTestSubj||''}formattedDateComponentUpdatedBy",fieldName:"updated_at",value:e.updated_at}),lastUpdateValue:e.updated_by,dataTestSubj:`${a||""}UpdatedBy`})),null!=e.expire_time&&Object(o.jsx)(i.a.Fragment,null,Object(o.jsx)(r.EuiFlexItem,{css:Pe,grow:!1},Object(o.jsx)(_e,{label:d?ee:X,lastUpdate:Object(o.jsx)(c,{"data-test-subj":"{dataTestSubj||''}formattedDateComponentExpireTime",fieldName:"expire_time",value:e.expire_time}),dataTestSubj:`${a||""}ExpireTime`})))),Object(o.jsx)(r.EuiFlexItem,null,Object(o.jsx)(Fe,{emptyButton:!0,useCustomActions:!0,iconType:"list",actions:u,disableActions:!1,text:(p=t.length,m.i18n.translate("exceptionList-components.exceptions.card.exceptionItem.affectedRules",{values:{numRules:p},defaultMessage:"Affects {numRules} {numRules, plural, =1 {rule} other {rules}}"})),dataTestSubj:a})));var p}));Le.displayName="ExceptionItemCardMetaInfo";const Be=Object(o.css)("color:",u.euiThemeVars.euiColorPrimary,";",""),ze=Object(n.memo)((({comments:e,dataTestSubj:t})=>e.length?Object(o.jsx)(r.EuiFlexItem,{"data-test-subj":t},Object(o.jsx)(r.EuiAccordion,{id:"exceptionItemCardComments",buttonContent:Object(o.jsx)(r.EuiText,{size:"s",css:Be,"data-test-subj":`${t||""}TextButton`},ae(e.length)),arrowDisplay:"none","data-test-subj":"exceptionItemCardComments"},Object(o.jsx)(r.EuiPanel,{"data-test-subj":"accordionContentPanel",hasBorder:!0,hasShadow:!0,paddingSize:"m"},Object(o.jsx)(r.EuiCommentList,{"data-test-subj":"accordionCommentList",comments:e})))):null));ze.displayName="ExceptionItemCardComments";const $e=({disableActions:e=!1,exceptionItem:t,listType:a,ruleReferences:i,dataTestSubj:s,editActionLabel:l,deleteActionLabel:c,securityLinkAnchorComponent:u,formattedDateComponent:d,getFormattedComments:p,onDeleteException:m,onEditException:g})=>{const{actions:y,formattedComments:f}=(({listType:e,editActionLabel:t,deleteActionLabel:a,exceptionItem:i,getFormattedComments:r,onEditException:o,onDeleteException:s})=>{const l=Object(n.useCallback)((()=>{s({id:i.id,name:i.name,namespaceType:i.namespace_type})}),[s,i.id,i.name,i.namespace_type]),c=Object(n.useCallback)((()=>{o(i)}),[o,i]),u=Object(n.useMemo)((()=>r(i.comments)),[i.comments,r]);return{actions:Object(n.useMemo)((()=>[{key:"edit",icon:"controlsHorizontal",label:t||Y(e),onClick:c},{key:"delete",icon:"trash",label:a||K(e),onClick:l}]),[t,e,a,l,c]),formattedComments:u}})({listType:a,editActionLabel:l,deleteActionLabel:c,exceptionItem:t,getFormattedComments:p,onEditException:g,onDeleteException:m});return Object(o.jsx)(r.EuiPanel,{key:`${t.id}exceptionItemPanel`,paddingSize:"l","data-test-subj":s||"",hasBorder:!0,hasShadow:!1},Object(o.jsx)(r.EuiFlexGroup,{responsive:!0,gutterSize:"m",direction:"column"},Object(o.jsx)(r.EuiFlexItem,{"data-test-subj":"exceptionItemCardHeaderContainer"},Object(o.jsx)(De,{item:t,actions:y,disableActions:e,dataTestSubj:"exceptionItemCardHeader"})),Object(o.jsx)(r.EuiFlexItem,{"data-test-subj":"exceptionItemCardMeta"},Object(o.jsx)(Le,{item:t,rules:i,dataTestSubj:"exceptionItemCardMetaInfo",securityLinkAnchorComponent:u,formattedDateComponent:d})),Object(o.jsx)(r.EuiFlexItem,{"data-test-subj":"exceptionItemCardCondition"},Object(o.jsx)(Te,{os:t.os_types,entries:t.entries,dataTestSubj:"exceptionItemCardConditions"})),f.length>0&&Object(o.jsx)(ze,{dataTestSubj:"exceptionsItemCommentAccordion",comments:f})))};$e.displayName="ExceptionItemCardComponent";const Ve=i.a.memo($e);Ve.displayName="ExceptionItemCard";var Ge=a(316);const Ue=Object(G.css)("display:inline;margin-left:",u.euiThemeVars.euiSizeXS,";",""),He=({value:e,tooltipIconType:t="iInCircle",tooltipIconText:a})=>{const{showSpaceWarningIcon:n,warningText:i}=(({value:e,tooltipIconText:t})=>({showSpaceWarningIcon:!!(Array.isArray(e)?e.find(Ge.d):Object(Ge.d)(e)),warningText:t||Ge.c.FIELD_SPACE_WARNING}))({value:e,tooltipIconText:a});return n&&e?Object(o.jsx)("div",{className:Ue},Object(o.jsx)(r.EuiToolTip,{position:"top",content:i},Object(o.jsx)(r.EuiIcon,{"data-test-subj":"valueWithSpaceWarningTooltip",type:t,color:"warning"}))):null},We=Object(o.css)("border-right:1px solid #d3dae6;padding:",u.euiThemeVars.euiSizeXS," ",u.euiThemeVars.euiSizeL," ",u.euiThemeVars.euiSizeXS," 0;",""),Qe={name:"95qvyx",styles:"width:max-content"},Ye=Object(o.css)("font-size:",u.euiThemeVars.euiFontSize,";color:",u.euiThemeVars.euiTextSubduedColor,";margin-left:",u.euiThemeVars.euiSizeXS,";",""),Ke=Object(o.css)("margin-top:-",u.euiThemeVars.euiSizeL,";margin-bottom:-",u.euiThemeVars.euiSizeL,";",""),Ze=Object(o.css)("font-size:",u.euiThemeVars.euiFontSizeXS,";",""),Je=({dataTestSubj:e,linkedRules:t,securityLinkAnchorComponent:a,isReadonly:i,canUserEditList:s=!0,onDeleteList:l,onManageRules:c,onExportList:u,onDuplicateList:d})=>{const p=Object(n.useMemo)((()=>qe({leftIcon:"check",dataTestSubj:e,linkedRules:t,securityLinkAnchorComponent:a})),[e,t,a]);return Object(o.jsx)(r.EuiFlexGroup,{direction:"row",alignItems:"baseline",justifyContent:"center",responsive:!0,"data-test-subj":`${e||""}Container`,gutterSize:"l"},Object(o.jsx)(r.EuiFlexItem,{css:We},t.length?Object(o.jsx)(Fe,{dataTestSubj:`${e||""}LinkedRulesMenu`,emptyButton:!0,useCustomActions:!0,text:w(t.length),actions:p,disableActions:!1,iconType:"arrowDown",iconSide:"right",panelPaddingSize:"none"}):Object(o.jsx)(r.EuiTextColor,{"data-test-subj":"noLinkedRules",css:Qe,color:"subdued"},w(t.length))),s&&Object(o.jsx)(r.EuiFlexItem,null,Object(o.jsx)(r.EuiButton,{"data-test-subj":`${e||""}LinkRulesButton`,fill:!0,onClick:()=>{"function"==typeof c&&c()}},S)),Object(o.jsx)(r.EuiFlexItem,null,Object(o.jsx)(Fe,{iconType:"boxesHorizontal",dataTestSubj:`${e||""}MenuActions`,actions:[{key:"1",icon:"exportAction",label:v,onClick:()=>{"function"==typeof u&&u()}},{key:"2",icon:"copy",label:k,onClick:()=>{"function"==typeof d&&d()},disabled:!s},{key:"3",icon:"trash",label:x,onClick:()=>{"function"==typeof l&&l()},disabled:!s}],disableActions:i,anchorPosition:"downCenter"})))};Je.displayName="MenuItemsComponent";const Xe=i.a.memo(Je);Xe.displayName="MenuItems";const et=Object(o.css)("display:flex;width:fit-content;align-items:baseline;padding-bottom:",u.euiThemeVars.euiSizeS,";h1{margin-bottom:0;}",""),tt=Object(o.css)("button{margin-left:-",u.euiThemeVars.euiSizeM,";}",""),at=({isReadonly:e,dataTestSubj:t,text:a,onEdit:n,textCss:i})=>Object(o.jsx)(r.EuiFlexGroup,{css:et},Object(o.jsx)(r.EuiFlexItem,{grow:10},Object(o.jsx)("span",{css:i,"data-test-subj":`${t||""}Text`},a)),Object(o.jsx)(r.EuiFlexItem,{grow:!1,css:tt},e?null:Object(o.jsx)(r.EuiButtonIcon,{"data-test-subj":`${t||""}EditIcon`,"aria-label":"Edit Text List Header",iconType:"pencil",onClick:()=>"function"==typeof n?n():null})));at.displayName="TextWithEditComponent";const nt=i.a.memo(at);nt.displayName="TextWithEdit";const it=({listDetails:e,onSave:t,onCancel:a})=>{const{error:i,modalFormId:s,newListDetails:l,showProgress:c,onBlur:u,onSubmit:d,onChange:p}=(({listDetails:e,onSave:t})=>{const a=Object(r.useGeneratedHtmlId)({prefix:"modalForm"}),[i,o]=Object(n.useState)(e),[s,l]=Object(n.useState)(!1),[c,u]=Object(n.useState)(void 0),d=Object(n.useCallback)((({target:e})=>{const{name:t,value:a}=e,n=a.trim();o({...i,[t]:n}),"name"===t&&u(n?void 0:A)}),[i]);return{error:c,modalFormId:a,newListDetails:i,showProgress:s,onBlur:d,onChange:({target:e})=>{const{name:t,value:a}=e;o({...i,[t]:a})},onSubmit:e=>{c||(l(!0),t(i),null==e||e.preventDefault())}}})({listDetails:e,onSave:t});return Object(o.jsx)(r.EuiModal,{"data-test-subj":"EditModal",onClose:a,initialFocus:"[name=popswitch]"},c&&Object(o.jsx)(r.EuiProgress,{"data-test-subj":"editModalProgess",size:"xs",position:"absolute"}),Object(o.jsx)(r.EuiModalHeader,null,Object(o.jsx)(r.EuiModalHeaderTitle,{"data-test-subj":"editModalTitle"},(g=e.name,m.i18n.translate("exceptionList-components.exception_list_header_edit_modal_name",{defaultMessage:"Edit {listName}",values:{listName:g}})))),Object(o.jsx)(r.EuiModalBody,null,Object(o.jsx)(r.EuiForm,{id:s,"data-test-subj":"editModalForm",component:"form",onSubmit:d},Object(o.jsx)(r.EuiFormRow,{error:i,isInvalid:!!i,fullWidth:!0,label:F},Object(o.jsx)(r.EuiFieldText,{fullWidth:!0,isInvalid:!!i,onBlur:u,"data-test-subj":"editModalNameTextField",name:"name",value:l.name,onChange:p})),Object(o.jsx)(r.EuiFormRow,{fullWidth:!0,label:D},Object(o.jsx)(r.EuiTextArea,{fullWidth:!0,"data-test-subj":"editModalDescriptionTextField",name:"description",value:l.description,onChange:p,onBlur:u})))),Object(o.jsx)(r.EuiModalFooter,null,Object(o.jsx)(r.EuiButtonEmpty,{"data-test-subj":"editModalCancelBtn",onClick:a},M),Object(o.jsx)(r.EuiButton,{"data-test-subj":"editModalSaveBtn",type:"submit",form:s,onClick:d,fill:!0},C)));var g};it.displayName="EditModalComponent";const rt=i.a.memo(it);rt.displayName="EditModal";const ot=({name:e,description:t,listId:a,linkedRules:i,isReadonly:s,dataTestSubj:l,securityLinkAnchorComponent:c,backOptions:u,canUserEditList:d=!0,onEditListDetails:p,onDeleteList:m,onManageRules:g,onExportList:y,onDuplicateList:f})=>{const{isModalVisible:b,listDetails:h,onEdit:E,onSave:v,onCancel:x}=(({name:e,description:t,onEditListDetails:a})=>{const[i,r]=Object(n.useState)(!1),[o,s]=Object(n.useState)({name:e,description:t});return{isModalVisible:i,listDetails:o,onEdit:()=>{r(!0)},onSave:e=>{s(e),"function"==typeof a&&a(e),setTimeout((()=>{r(!1)}),200)},onCancel:()=>{r(!1)}}})({name:e,description:t,onEditListDetails:p});return Object(o.jsx)("div",null,Object(o.jsx)(r.EuiPageHeader,{bottomBorder:!0,paddingSize:"none",pageTitle:Object(o.jsx)(nt,{dataTestSubj:`${l||""}Title`,text:h.name||I,isReadonly:s||!d,onEdit:E}),responsive:!0,"data-test-subj":`${l||""}PageHeader`,description:Object(o.jsx)("div",{css:Ke},Object(o.jsx)(nt,{dataTestSubj:`${l||""}Description`,textCss:Ye,isReadonly:s||!d,text:h.description||T,onEdit:E}),Object(o.jsx)("div",{css:et,"data-test-subj":`${l||""}ListID`},Object(o.jsx)(r.EuiText,{css:Ye},O,":"),Object(o.jsx)(r.EuiText,{css:Ye},a))),rightSideItems:[Object(o.jsx)(Xe,{dataTestSubj:`${l||""}RightSideMenuItems`,linkedRules:i,isReadonly:s,canUserEditList:d,securityLinkAnchorComponent:c,onDeleteList:m,onManageRules:g,onExportList:y,onDuplicateList:f})],breadcrumbs:[{text:Object(o.jsx)("div",{"data-test-subj":`${l||""}Breadcrumb`,css:Ze},Object(o.jsx)(r.EuiIcon,{size:"s",type:"arrowLeft"}),j),color:"primary","aria-current":!1,href:u.path,onClick:e=>{e.preventDefault(),u.onNavigate(u.path)}}]}),b&&Object(o.jsx)(rt,{listDetails:h,onSave:v,onCancel:x}))};ot.displayName="ExceptionListHeaderComponent";const st=i.a.memo(ot);st.displayName="ExceptionListHeader"},,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return h}));var n=a(42),i=a(2),r=a.n(i),o=a(449),s=a(607),l=a(485),c=a(569),u=a(395),d=a(608),p=a(868),m=a(571),g=a(380),y=a(570),f=a(532),b=a(460);const h=r.a.memo((({data:e,timelineId:t,isDraggable:a})=>r.a.createElement(p.a,{contextId:`netflow-renderer-${t}-${e._id}`,destinationBytes:Object(o.a)(Object(n.get)(f.a,e)),destinationGeoContinentName:Object(o.a)(Object(n.get)(y.b,e)),destinationGeoCountryName:Object(o.a)(Object(n.get)(y.d,e)),destinationGeoCountryIsoCode:Object(o.a)(Object(n.get)(y.c,e)),destinationGeoRegionName:Object(o.a)(Object(n.get)(y.e,e)),destinationGeoCityName:Object(o.a)(Object(n.get)(y.a,e)),destinationIp:Object(o.a)(Object(n.get)(u.a,e)),destinationPackets:Object(o.a)(Object(n.get)(f.b,e)),destinationPort:Object(o.a)(Object(n.get)(g.a,e)),eventDuration:Object(o.a)(Object(n.get)(l.b,e)),eventId:Object(n.get)(c.a,e),eventEnd:Object(o.a)(Object(n.get)(m.b,e)),eventStart:Object(o.a)(Object(n.get)(m.c,e)),isDraggable:a,networkBytes:Object(o.a)(Object(n.get)(b.a,e)),networkCommunityId:Object(o.a)(Object(n.get)(b.b,e)),networkDirection:Object(o.a)(Object(n.get)(b.c,e)),networkPackets:Object(o.a)(Object(n.get)(b.d,e)),networkProtocol:Object(o.a)(Object(n.get)(b.e,e)),sourceBytes:Object(o.a)(Object(n.get)(f.c,e)),sourceGeoContinentName:Object(o.a)(Object(n.get)(y.h,e)),sourceGeoCountryName:Object(o.a)(Object(n.get)(y.j,e)),sourceGeoCountryIsoCode:Object(o.a)(Object(n.get)(y.i,e)),sourceGeoRegionName:Object(o.a)(Object(n.get)(y.k,e)),sourceGeoCityName:Object(o.a)(Object(n.get)(y.g,e)),sourceIp:Object(o.a)(Object(n.get)(u.d,e)),sourcePackets:Object(o.a)(Object(n.get)(f.d,e)),sourcePort:Object(o.a)(Object(n.get)(g.c,e)),tlsClientCertificateFingerprintSha1:Object(o.a)(Object(n.get)(s.b,e)),tlsFingerprintsJa3Hash:Object(o.a)(Object(n.get)(d.a,e)),tlsServerCertificateFingerprintSha1:Object(o.a)(Object(n.get)(s.c,e)),transport:Object(o.a)(Object(n.get)(b.f,e)),userName:void 0})));h.displayName="NetflowRenderer"},function(e,t,a){"use strict";var n=a(1321);e.exports=function(e,t,a,i){var r,o=e.length,s=0;if(t=t<0?-t>o?0:o+t:t>o?o:t,a=a>0?a:0,i.length<1e4)(r=Array.from(i)).unshift(t,a),n.apply(e,r);else for(a&&n.apply(e,[t,a]);s<i.length;)(r=i.slice(s,s+1e4)).unshift(t,0),n.apply(e,r),s+=1e4,t+=1e4}},function(e,t,a){"use strict";e.exports=function(e){return e<0||32===e}},function(e,t,a){"use strict";var n=a(465);e.exports=function(e){return function(t){return e.test(n(t))}}},,,function(e,t,a){"use strict";var n,i=function(){var e={};return function(t){if(void 0===e[t]){var a=document.querySelector(t);if(window.HTMLIFrameElement&&a instanceof window.HTMLIFrameElement)try{a=a.contentDocument.head}catch(e){a=null}e[t]=a}return e[t]}}(),r=[];function o(e){for(var t=-1,a=0;a<r.length;a++)if(r[a].identifier===e){t=a;break}return t}function s(e,t){for(var a={},n=[],i=0;i<e.length;i++){var s=e[i],l=t.base?s[0]+t.base:s[0],c=a[l]||0,u="".concat(l," ").concat(c);a[l]=c+1;var d=o(u),p={css:s[1],media:s[2],sourceMap:s[3]};-1!==d?(r[d].references++,r[d].updater(p)):r.push({identifier:u,updater:y(p,t),references:1}),n.push(u)}return n}function l(e){var t=document.createElement("style"),n=e.attributes||{};if(void 0===n.nonce){var r=a.nc;r&&(n.nonce=r)}if(Object.keys(n).forEach((function(e){t.setAttribute(e,n[e])})),"function"==typeof e.insert)e.insert(t);else{var o=i(e.insert||"head");if(!o)throw new Error("Couldn't find a style target. This probably means that the value for the 'insert' parameter is invalid.");o.appendChild(t)}return t}var c,u=(c=[],function(e,t){return c[e]=t,c.filter(Boolean).join("\n")});function d(e,t,a,n){var i=a?"":n.media?"@media ".concat(n.media," {").concat(n.css,"}"):n.css;if(e.styleSheet)e.styleSheet.cssText=u(t,i);else{var r=document.createTextNode(i),o=e.childNodes;o[t]&&e.removeChild(o[t]),o.length?e.insertBefore(r,o[t]):e.appendChild(r)}}function p(e,t,a){var n=a.css,i=a.media,r=a.sourceMap;if(i?e.setAttribute("media",i):e.removeAttribute("media"),r&&"undefined"!=typeof btoa&&(n+="\n/*# sourceMappingURL=data:application/json;base64,".concat(btoa(unescape(encodeURIComponent(JSON.stringify(r))))," */")),e.styleSheet)e.styleSheet.cssText=n;else{for(;e.firstChild;)e.removeChild(e.firstChild);e.appendChild(document.createTextNode(n))}}var m=null,g=0;function y(e,t){var a,n,i;if(t.singleton){var r=g++;a=m||(m=l(t)),n=d.bind(null,a,r,!1),i=d.bind(null,a,r,!0)}else a=l(t),n=p.bind(null,a,t),i=function(){!function(e){if(null===e.parentNode)return!1;e.parentNode.removeChild(e)}(a)};return n(e),function(t){if(t){if(t.css===e.css&&t.media===e.media&&t.sourceMap===e.sourceMap)return;n(e=t)}else i()}}e.exports=function(e,t){(t=t||{}).singleton||"boolean"==typeof t.singleton||(t.singleton=(void 0===n&&(n=Boolean(window&&document&&document.all&&!window.atob)),n));var a=s(e=e||[],t);return function(e){if(e=e||[],"[object Array]"===Object.prototype.toString.call(e)){for(var n=0;n<a.length;n++){var i=o(a[n]);r[i].references--}for(var l=s(e,t),c=0;c<a.length;c++){var u=o(a[c]);0===r[u].references&&(r[u].updater(),r.splice(u,1))}a=l}}}},function(e,t,a){"use strict";e.exports=function(e){var t=[];return t.toString=function(){return this.map((function(t){var a=function(e,t){var a,n,i,r=e[1]||"",o=e[3];if(!o)return r;if(t&&"function"==typeof btoa){var s=(a=o,n=btoa(unescape(encodeURIComponent(JSON.stringify(a)))),i="sourceMappingURL=data:application/json;charset=utf-8;base64,".concat(n),"/*# ".concat(i," */")),l=o.sources.map((function(e){return"/*# sourceURL=".concat(o.sourceRoot||"").concat(e," */")}));return[r].concat(l).concat([s]).join("\n")}return[r].join("\n")}(t,e);return t[2]?"@media ".concat(t[2]," {").concat(a,"}"):a})).join("")},t.i=function(e,a,n){"string"==typeof e&&(e=[[null,e,""]]);var i={};if(n)for(var r=0;r<this.length;r++){var o=this[r][0];null!=o&&(i[o]=!0)}for(var s=0;s<e.length;s++){var l=[].concat(e[s]);n&&i[l[0]]||(a&&(l[2]?l[2]="".concat(a," and ").concat(l[2]):l[2]=a),t.push(l))}},t}},,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return h})),a.d(t,"b",(function(){return E})),a.d(t,"c",(function(){return v}));var n=a(8),i=a(2),r=a.n(i),o=a(470),s=a(4),l=a(587),c=a(221),u=a(102),d=a(254),p=a(853),m=a(588),g=a(1106),y=a(738),f=a(421);const b=Object(i.createContext)(null),h=({children:e})=>{var t,a,n,l,h,E,v,k,S;const[w]=Object(u.p)(s.R),{sessionStorage:j}=Object(u.j)().services,{filter:O,sorting:I,pagination:T}=function(){const e=Object(d.e)(c.a.rulesTable),{services:{sessionStorage:t}}=Object(u.j)(),a=e(),n=function(e){try{return e.get(m.c)}catch{return null}}(t);if(!a&&!n)return{};const[i,r,o]=function(e,t){var a,n,i,r,o,l,c,u;const[d]=Object(f.d)(e,y.b),[p]=Object(f.d)(t,y.b),m={searchTerm:null!==(a=null==d?void 0:d.searchTerm)&&void 0!==a?a:null==p?void 0:p.searchTerm,source:null!==(n=null==d?void 0:d.source)&&void 0!==n?n:null==p?void 0:p.source,tags:null!==(i=null==d?void 0:d.tags)&&void 0!==i?i:null==p?void 0:p.tags,enabled:null!==(r=null==d?void 0:d.enabled)&&void 0!==r?r:null==p?void 0:p.enabled,ruleExecutionStatus:null!==(o=null==d?void 0:d.ruleExecutionStatus)&&void 0!==o?o:null==p?void 0:p.ruleExecutionStatus},[g]=Object(f.d)(e,y.c),[b]=Object(f.d)(t,y.c),h={field:null!==(l=null==g?void 0:g.field)&&void 0!==l?l:null==b?void 0:b.field,order:null!==(c=null==g?void 0:g.order)&&void 0!==c?c:null==b?void 0:b.order},[E]=Object(f.d)(e,y.e),[v]=Object(f.d)(t,y.d),x={page:null==E?void 0:E.page,perPage:null!==(u=null==E?void 0:E.perPage)&&void 0!==u?u:null==v?void 0:v.perPage};return x.perPage&&(x.perPage<0||x.perPage>s.nc)&&delete x.perPage,[m,h,x]}(a,n);return{filter:i,sorting:r,pagination:o}}(),[C,M]=Object(i.useState)({filter:null!==(t=null==O?void 0:O.searchTerm)&&void 0!==t?t:g.a.filter,tags:null!==(a=null==O?void 0:O.tags)&&void 0!==a?a:g.a.tags,showCustomRules:null!==(n=(null==O?void 0:O.source)===y.a.Custom)&&void 0!==n?n:g.a.showCustomRules,showElasticRules:null!==(l=(null==O?void 0:O.source)===y.a.Prebuilt)&&void 0!==l?l:g.a.showElasticRules,enabled:null==O?void 0:O.enabled,ruleExecutionStatus:null!==(h=null==O?void 0:O.ruleExecutionStatus)&&void 0!==h?h:g.a.ruleExecutionStatus}),[F,D]=Object(i.useState)({field:null!==(E=null==I?void 0:I.field)&&void 0!==E?E:g.d.field,order:null!==(v=null==I?void 0:I.order)&&void 0!==v?v:g.d.order}),[A,_]=Object(i.useState)(!1),[N,R]=Object(i.useState)(w.on),[q,P]=Object(i.useState)({ids:[],action:null}),[L,B]=Object(i.useState)(!1),[z,$]=Object(i.useState)(null!==(k=null==T?void 0:T.page)&&void 0!==k?k:g.b),[V,G]=Object(i.useState)(null!==(S=null==T?void 0:T.perPage)&&void 0!==S?S:g.c),[U,H]=Object(i.useState)([]),W=Object(i.useRef)(null),Q=q.ids.length>0,Y=Object(i.useMemo)((()=>({page:z,perPage:V})),[z,V]),K=Object(i.useCallback)((e=>{M((t=>({...t,...e}))),$(1),H([]),_(!1)}),[]),Z=Object(i.useCallback)((()=>{H([]),_(!1)}),[]),J=Object(d.f)(),X=Object(i.useCallback)((()=>{M({filter:g.a.filter,showElasticRules:g.a.showElasticRules,showCustomRules:g.a.showCustomRules,tags:g.a.tags,enabled:void 0,ruleExecutionStatus:g.a.ruleExecutionStatus}),D({field:g.d.field,order:g.d.order}),$(g.b),G(g.c),J({[c.a.rulesTable]:null}),j.remove(m.c)}),[M,D,$,G,J,j]);Object(i.useEffect)((()=>{var e;U.length>0?(R(!1),null==W.current&&(W.current=N)):(R(null!==(e=W.current)&&void 0!==e?e:N),W.current=null)}),[U,N]);const{data:{rules:ee,total:te}={rules:[],total:0},refetch:ae,dataUpdatedAt:ne,isFetched:ie,isFetching:re,isLoading:oe,isRefetching:se}=Object(p.a)({filterOptions:C,sortingOptions:F,pagination:Y},{refetchInterval:N&&!Q&&w.value,keepPreviousData:!0}),{data:le,isLoading:ce,isFetching:ue,isError:de,refetch:pe}=Object(o.a)(ee.map((e=>e.id)),{enabled:ee.length>0}),me=Object(i.useCallback)((async()=>{const e=await ae();return await pe(),e}),[ae,pe]),ge=Object(i.useMemo)((()=>({reFetchRules:me,setFilterOptions:K,setIsAllSelected:_,setIsRefreshOn:R,setLoadingRules:P,setPage:$,setPerPage:G,setSelectedRuleIds:H,setSortingOptions:D,clearRulesSelection:Z,setIsPreflightInProgress:B,clearFilters:X})),[me,K,_,R,P,$,G,H,D,Z,B,X]),ye=Object(i.useMemo)((()=>({state:{rules:ee,rulesSnoozeSettings:{data:null!=le?le:{},isLoading:ce,isFetching:ue,isError:de},pagination:{page:z,perPage:V,total:te},filterOptions:C,isPreflightInProgress:L,isActionInProgress:Q,isAllSelected:A,isFetched:ie,isFetching:re,isLoading:oe,isRefetching:se,isRefreshOn:N,lastUpdated:ne,loadingRuleIds:q.ids,loadingRulesAction:q.action,selectedRuleIds:U,sortingOptions:F,isDefault:x(C,F,{page:z,perPage:V,total:te})},actions:ge})),[ee,le,ce,ue,de,z,V,te,C,L,Q,A,ie,re,oe,se,N,ne,q.ids,q.action,U,F,ge]);return r.a.createElement(b.Provider,{value:ye},e)},E=()=>{const e=Object(i.useContext)(b);return Object(l.a)(e,"useRulesTableContext should be used inside RulesTableContextProvider"),e},v=()=>Object(i.useContext)(b);function x(e,t,a){return Object(n.isEqual)(e,g.a)&&Object(n.isEqual)(t,g.d)&&a.page===g.b&&a.perPage===g.c}},function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(2),i=a(102);const r=()=>{const{spaces:e}=Object(i.j)().services,[t,a]=Object(n.useState)();return Object(n.useEffect)((()=>{e&&e.getActiveSpace().then((e=>a(e.id)))}),[e]),t}},,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(40),i=a(287),r=a(2),o=a.n(r),s=a(41),l=a.n(s);const c=l.a.aside.withConfig({displayName:"Aside",componentId:"sc-tazcmx-0"})(["padding:",";",""],(({theme:e})=>e.eui.euiSizeM),(({overlay:e,overlayBackground:t,theme:a})=>e&&Object(s.css)(["background:",";bottom:0;left:0;position:absolute;right:0;top:0;z-index:",";"],t?Object(i.rgba)(t,.9):Object(i.rgba)(a.eui.euiColorEmptyShade,.9),a.eui.euiZLevel1)));c.displayName="Aside";const u=l()(n.EuiFlexGroup).attrs((()=>({alignItems:"center",direction:"column",gutterSize:"s",justifyContent:"center"}))).withConfig({displayName:"FlexGroup",componentId:"sc-tazcmx-1"})(["",""],(({overlay:e})=>e&&Object(s.css)(["height:100%;"])));u.displayName="FlexGroup";const d=o.a.memo((({children:e,overlay:t,overlayBackground:a,size:i})=>o.a.createElement(c,{overlay:t,overlayBackground:a},o.a.createElement(u,{overlay:{overlay:t}},o.a.createElement(n.EuiFlexItem,{grow:!1},o.a.createElement(n.EuiLoadingSpinner,{"data-test-subj":"loading-spinner",size:i})),e&&o.a.createElement(n.EuiFlexItem,{grow:!1},o.a.createElement(n.EuiText,{color:"subdued",size:"s"},o.a.createElement("p",null,e)))))));d.displayName="Loader"},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(2),i=a.n(n),r=a(170);const o=i.a.memo((({children:e})=>i.a.createElement(r.w,{className:"siemEventsTable__trSupplement--summary"},e)));o.displayName="RowRendererContainer"},function(e,t,a){"use strict";a.d(t,"Vb",(function(){return i})),a.d(t,"oc",(function(){return r})),a.d(t,"e",(function(){return o})),a.d(t,"eb",(function(){return s})),a.d(t,"Yb",(function(){return l})),a.d(t,"db",(function(){return c})),a.d(t,"m",(function(){return u})),a.d(t,"pc",(function(){return d})),a.d(t,"gb",(function(){return p})),a.d(t,"i",(function(){return m})),a.d(t,"T",(function(){return g})),a.d(t,"kc",(function(){return y})),a.d(t,"Db",(function(){return f})),a.d(t,"y",(function(){return b})),a.d(t,"A",(function(){return h})),a.d(t,"z",(function(){return E})),a.d(t,"ob",(function(){return v})),a.d(t,"gc",(function(){return x})),a.d(t,"V",(function(){return k})),a.d(t,"Bb",(function(){return S})),a.d(t,"Ob",(function(){return w})),a.d(t,"S",(function(){return j})),a.d(t,"Q",(function(){return O})),a.d(t,"dc",(function(){return I})),a.d(t,"ic",(function(){return T})),a.d(t,"Z",(function(){return C})),a.d(t,"N",(function(){return M})),a.d(t,"mb",(function(){return F})),a.d(t,"t",(function(){return D})),a.d(t,"Hb",(function(){return A})),a.d(t,"Ub",(function(){return _})),a.d(t,"lb",(function(){return N})),a.d(t,"D",(function(){return R})),a.d(t,"M",(function(){return q})),a.d(t,"ub",(function(){return P})),a.d(t,"L",(function(){return L})),a.d(t,"h",(function(){return B})),a.d(t,"Rb",(function(){return z})),a.d(t,"g",(function(){return $})),a.d(t,"u",(function(){return V})),a.d(t,"nb",(function(){return G})),a.d(t,"H",(function(){return U})),a.d(t,"rb",(function(){return H})),a.d(t,"hc",(function(){return W})),a.d(t,"f",(function(){return Q})),a.d(t,"U",(function(){return Y})),a.d(t,"hb",(function(){return K})),a.d(t,"jc",(function(){return Z})),a.d(t,"ib",(function(){return J})),a.d(t,"o",(function(){return X})),a.d(t,"Eb",(function(){return ee})),a.d(t,"n",(function(){return te})),a.d(t,"ec",(function(){return ae})),a.d(t,"nc",(function(){return ne})),a.d(t,"lc",(function(){return ie})),a.d(t,"B",(function(){return re})),a.d(t,"P",(function(){return oe})),a.d(t,"v",(function(){return se})),a.d(t,"Jb",(function(){return le})),a.d(t,"Cb",(function(){return ce})),a.d(t,"X",(function(){return ue})),a.d(t,"Y",(function(){return de})),a.d(t,"ac",(function(){return pe})),a.d(t,"d",(function(){return me})),a.d(t,"a",(function(){return ge})),a.d(t,"Lb",(function(){return ye})),a.d(t,"Mb",(function(){return fe})),a.d(t,"Wb",(function(){return be})),a.d(t,"p",(function(){return he})),a.d(t,"Ib",(function(){return Ee})),a.d(t,"Pb",(function(){return ve})),a.d(t,"Qb",(function(){return xe})),a.d(t,"Zb",(function(){return ke})),a.d(t,"ab",(function(){return Se})),a.d(t,"bb",(function(){return we})),a.d(t,"w",(function(){return je})),a.d(t,"Kb",(function(){return Oe})),a.d(t,"q",(function(){return Ie})),a.d(t,"C",(function(){return Te})),a.d(t,"xb",(function(){return Ce})),a.d(t,"jb",(function(){return Me})),a.d(t,"yb",(function(){return Fe})),a.d(t,"Fb",(function(){return De})),a.d(t,"E",(function(){return Ae})),a.d(t,"tb",(function(){return _e})),a.d(t,"J",(function(){return Ne})),a.d(t,"qb",(function(){return Re})),a.d(t,"K",(function(){return qe})),a.d(t,"j",(function(){return Pe})),a.d(t,"zb",(function(){return Le})),a.d(t,"Nb",(function(){return Be})),a.d(t,"mc",(function(){return ze})),a.d(t,"bc",(function(){return $e})),a.d(t,"cc",(function(){return Ve})),a.d(t,"s",(function(){return Ge})),a.d(t,"O",(function(){return Ue})),a.d(t,"Xb",(function(){return He})),a.d(t,"Tb",(function(){return We})),a.d(t,"fc",(function(){return Qe})),a.d(t,"Sb",(function(){return Ye})),a.d(t,"c",(function(){return Ke})),a.d(t,"r",(function(){return Ze})),a.d(t,"G",(function(){return Je})),a.d(t,"Gb",(function(){return Xe})),a.d(t,"fb",(function(){return et})),a.d(t,"sb",(function(){return tt})),a.d(t,"F",(function(){return at})),a.d(t,"pb",(function(){return nt})),a.d(t,"Ab",(function(){return it})),a.d(t,"I",(function(){return rt})),a.d(t,"b",(function(){return ot})),a.d(t,"x",(function(){return st})),a.d(t,"kb",(function(){return lt})),a.d(t,"W",(function(){return ct})),a.d(t,"cb",(function(){return ut})),a.d(t,"R",(function(){return dt})),a.d(t,"k",(function(){return pt})),a.d(t,"vb",(function(){return mt})),a.d(t,"wb",(function(){return gt})),a.d(t,"l",(function(){return yt}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.auditd.sessionDescription",{defaultMessage:"Session"}),r=n.i18n.translate("xpack.securitySolution.auditd.wasAuthorizedToUseDescription",{defaultMessage:"was authorized to use"}),o=n.i18n.translate("xpack.securitySolution.auditd.acquiredCredentialsDescription",{defaultMessage:"acquired credentials to"}),s=n.i18n.translate("xpack.securitySolution.auditd.endedFromDescription",{defaultMessage:"ended from"}),l=n.i18n.translate("xpack.securitySolution.auditd.startedAtDescription",{defaultMessage:"started"}),c=n.i18n.translate("xpack.securitySolution.auditd.disposedCredentialsDescription",{defaultMessage:"disposed credentials to"}),u=n.i18n.translate("xpack.securitySolution.auditd.attemptedLoginDescription",{defaultMessage:"attempted a login via"}),d=n.i18n.translate("xpack.securitySolution.auditd.withResultDescription",{defaultMessage:"with result"}),p=n.i18n.translate("xpack.securitySolution.auditd.executedDescription",{defaultMessage:"executed"}),m=n.i18n.translate("xpack.securitySolution.auditd.asDescription",{defaultMessage:"as"}),g=n.i18n.translate("xpack.securitySolution.auditd.connectedUsingDescription",{defaultMessage:"connected using"}),y=n.i18n.translate("xpack.securitySolution.auditd.usingDescription",{defaultMessage:"using"}),f=n.i18n.translate("xpack.securitySolution.auditd.OpenedFileDescription",{defaultMessage:"opened file"}),b=n.i18n.translate("xpack.securitySolution.auditd.ChangedFileAttributesOfDescription",{defaultMessage:"changed file attributes of"}),h=n.i18n.translate("xpack.securitySolution.auditd.changedFilePermissionOfDescription",{defaultMessage:"changed file permissions of"}),E=n.i18n.translate("xpack.securitySolution.auditd.changeidleOwernshipOfDescription",{defaultMessage:"changed file ownership of"}),v=n.i18n.translate("xpack.securitySolution.auditd.loaedKernelModuleOfDescription",{defaultMessage:"loaded kernel module of"}),x=n.i18n.translate("xpack.securitySolution.auditd.unloadedKernelModuleOfDescription",{defaultMessage:"unloaded kernel module of"}),k=n.i18n.translate("xpack.securitySolution.auditd.createdDirectoryDescription",{defaultMessage:"created directory"}),S=n.i18n.translate("xpack.securitySolution.auditd.mountedDescription",{defaultMessage:"mounted"}),w=n.i18n.translate("xpack.securitySolution.auditd.renamedDescription",{defaultMessage:"renamed"}),j=n.i18n.translate("xpack.securitySolution.auditd.chedckedMetaDataOfDescription",{defaultMessage:"checked metadata of"}),O=n.i18n.translate("xpack.securitySolution.auditd.checkedFileSystemMetadataOfDescription",{defaultMessage:"checked filesystem metadata of"}),I=n.i18n.translate("xpack.securitySolution.auditd.symLinkedDescription",{defaultMessage:"symbolically linked"}),T=n.i18n.translate("xpack.securitySolution.auditd.unmountedDescription",{defaultMessage:"unmounted"}),C=n.i18n.translate("xpack.securitySolution.auditd.deletedDescription",{defaultMessage:"deleted"}),M=n.i18n.translate("xpack.securitySolution.auditd.changedTimeStampOfDescription",{defaultMessage:"changed time stamp of"}),F=n.i18n.translate("xpack.securitySolution.auditd.ListeningForConnectionsUsingDescription",{defaultMessage:"listening for connections using"}),D=n.i18n.translate("xpack.securitySolution.auditd.boundSocketFromDescription",{defaultMessage:"bound socket from"}),A=n.i18n.translate("xpack.securitySolution.auditd.receivedFromDescription",{defaultMessage:"received from"}),_=n.i18n.translate("xpack.securitySolution.auditd.sentToDescription",{defaultMessage:"sent to"}),N=n.i18n.translate("xpack.securitySolution.auditd.killedProcessIdDescription",{defaultMessage:"killed process id of"}),R=n.i18n.translate("xpack.securitySolution.auditd.changedIdentityUsingDescription",{defaultMessage:"changed identity using"}),q=n.i18n.translate("xpack.securitySolution.auditd.changedSystemTimeWithDescription",{defaultMessage:"changed system time with"}),P=n.i18n.translate("xpack.securitySolution.auditd.madeDeviceWithDescription",{defaultMessage:"made device with"}),L=n.i18n.translate("xpack.securitySolution.auditd.changedSystemNameDescription",{defaultMessage:"changed system name"}),B=n.i18n.translate("xpack.securitySolution.auditd.allocatedMemoryForDescription",{defaultMessage:"allocated memory for"}),z=n.i18n.translate("xpack.securitySolution.auditd.scheduledPolicyOFDescription",{defaultMessage:"scheduled policy of"}),$=n.i18n.translate("xpack.securitySolution.auditd.addedUserAccountDescription",{defaultMessage:"added user account"}),V=n.i18n.translate("xpack.securitySolution.auditd.causedMacPolicyErrorDescription",{defaultMessage:"caused mac policy error"}),G=n.i18n.translate("xpack.securitySolution.auditd.loadedFirewallRuleDescription",{defaultMessage:"loaded firewall rule"}),U=n.i18n.translate("xpack.securitySolution.auditd.promiscuousModeDescription",{defaultMessage:"changed promiscuous mode on the device using"}),H=n.i18n.translate("xpack.securitySolution.auditd.lockedAccountDescription",{defaultMessage:"locked account"}),W=n.i18n.translate("xpack.securitySolution.auditd.unlockedAccountDescription",{defaultMessage:"unlocked account"}),Q=n.i18n.translate("xpack.securitySolution.auditd.adddedGroupAccountUsingDescription",{defaultMessage:"added group account using"}),Y=n.i18n.translate("xpack.securitySolution.auditd.crashedProgramDescription",{defaultMessage:"crashed program"}),K=n.i18n.translate("xpack.securitySolution.auditd.executionOfForbiddenProgramDescription",{defaultMessage:"execution of forbidden program"}),Z=n.i18n.translate("xpack.securitySolution.auditd.suspiciousProgramDescription",{defaultMessage:"used suspicious program"}),J=n.i18n.translate("xpack.securitySolution.auditd.failedLoginTooManyTimesDescription",{defaultMessage:"failed login due to logging in too many times"}),X=n.i18n.translate("xpack.securitySolution.auditd.attemptedLoginFromUnusalPlaceDescription",{defaultMessage:"attempted login from unusual place"}),ee=n.i18n.translate("xpack.securitySolution.auditd.openedTooManySessionsDescription",{defaultMessage:"opened too many sessions"}),te=n.i18n.translate("xpack.securitySolution.auditd.attemptedLoginFromUnusualHourDescription",{defaultMessage:"attempted login from unusual hour"}),ae=n.i18n.translate("xpack.securitySolution.auditd.testedFileSystemIntegrityDescription",{defaultMessage:"tested file system integrity"}),ne=n.i18n.translate("xpack.securitySolution.auditd.violatedSeLinuxPolicyDescription",{defaultMessage:"violated selinux policy"}),ie=n.i18n.translate("xpack.securitySolution.auditd.violatedAppArmorPolicyFromDescription",{defaultMessage:"violated app armor policy from"}),re=n.i18n.translate("xpack.securitySolution.auditd.changedGroupDescription",{defaultMessage:"changed group"}),oe=n.i18n.translate("xpack.securitySolution.auditd.changedUserIdDescription",{defaultMessage:"changed user id"}),se=n.i18n.translate("xpack.securitySolution.auditd.changedAuditConfigurationDescription",{defaultMessage:"changed audit configuration"}),le=n.i18n.translate("xpack.securitySolution.auditd.refreshedCredentialsForDescription",{defaultMessage:"refreshed credentials for"}),ce=n.i18n.translate("xpack.securitySolution.auditd.negotiatedCryptoKeyDescription",{defaultMessage:"negotiated crypto key"}),ue=n.i18n.translate("xpack.securitySolution.auditd.cryptoOfficerLoggedInDescription",{defaultMessage:"crypto officer logged in"}),de=n.i18n.translate("xpack.securitySolution.auditd.cryptoOfficerLoggedOutDescription",{defaultMessage:"crypto officer logged out"}),pe=n.i18n.translate("xpack.securitySolution.auditd.startedCryptoSessionDescription",{defaultMessage:"started crypto session"}),me=n.i18n.translate("xpack.securitySolution.auditd.accessResultDescription",{defaultMessage:"access result"}),ge=n.i18n.translate("xpack.securitySolution.auditd.abortedAuditStartupDescription",{defaultMessage:"aborted audit startup"}),ye=n.i18n.translate("xpack.securitySolution.auditd.remoteAuditConnectedDescription",{defaultMessage:"remote audit connected"}),fe=n.i18n.translate("xpack.securitySolution.auditd.remoteAuditDisconnectedDescription",{defaultMessage:"remote audit disconnected"}),be=n.i18n.translate("xpack.securitySolution.auditd.shutDownAuditDescription",{defaultMessage:"shutdown audit"}),he=n.i18n.translate("xpack.securitySolution.auditd.auditErrorDescription",{defaultMessage:"audit error"}),Ee=n.i18n.translate("xpack.securitySolution.auditd.reconfiguredAuditDescription",{defaultMessage:"reconfigured audit"}),ve=n.i18n.translate("xpack.securitySolution.auditd.resumedAuditLoggingDescription",{defaultMessage:"resumed audit logging"}),xe=n.i18n.translate("xpack.securitySolution.auditd.rotatedAuditLogsDescription",{defaultMessage:"rotated-audit-logs"}),ke=n.i18n.translate("xpack.securitySolution.auditd.startedAuditDescription",{defaultMessage:"started audit"}),Se=n.i18n.translate("xpack.securitySolution.auditd.deletedGroupAccountUsingDescription",{defaultMessage:"deleted group account using"}),we=n.i18n.translate("xpack.securitySolution.auditd.deletedUserAccountUsingDescription",{defaultMessage:"deleted user account using"}),je=n.i18n.translate("xpack.securitySolution.auditd.changedAuditFeatureDescription",{defaultMessage:"changed audit feature"}),Oe=n.i18n.translate("xpack.securitySolution.auditd.relabeledFileSystemDescription",{defaultMessage:"relabeled filesystem"}),Ie=n.i18n.translate("xpack.securitySolution.auditd.authenticatedToGroupDescription",{defaultMessage:"authenticated to group"}),Te=n.i18n.translate("xpack.securitySolution.auditd.changedGroupPasswordDescription",{defaultMessage:"changed group password"}),Ce=n.i18n.translate("xpack.securitySolution.auditd.modifiedGroupAccountDescription",{defaultMessage:"modified group account"}),Me=n.i18n.translate("xpack.securitySolution.auditd.initializedAuditSubsystemDescription",{defaultMessage:"initialized audit subsystem"}),Fe=n.i18n.translate("xpack.securitySolution.auditd.modifiedLevelOfDescription",{defaultMessage:"modified level of"}),De=n.i18n.translate("xpack.securitySolution.auditd.overrodeLabelOfDescription",{defaultMessage:"overrode label of"}),Ae=n.i18n.translate("xpack.securitySolution.auditd.changedLoginIdToDescription",{defaultMessage:"changed login id to"}),_e=n.i18n.translate("xpack.securitySolution.auditd.macPermissionDescription",{defaultMessage:"mac permission"}),Ne=n.i18n.translate("xpack.securitySolution.auditd.changedSeLinuxBooleanDescription",{defaultMessage:"changed selinux boolean"}),Re=n.i18n.translate("xpack.securitySolution.auditd.loadedSeLinuxPolicyDescription",{defaultMessage:"loaded selinux policy"}),qe=n.i18n.translate("xpack.securitySolution.auditd.changedSelinuxEnforcementDescription",{defaultMessage:"changed selinux enforcement"}),Pe=n.i18n.translate("xpack.securitySolution.auditd.assignedUserRoleToDescription",{defaultMessage:"assigned user role to"}),Le=n.i18n.translate("xpack.securitySolution.auditd.modifiedRoleDescription",{defaultMessage:"modified role"}),Be=n.i18n.translate("xpack.securitySolution.auditd.removedUserRoleFromDescription",{defaultMessage:"removed user role from"}),ze=n.i18n.translate("xpack.securitySolution.auditd.violatedSeccompPolicyWithDescription",{defaultMessage:"violated seccomp policy with"}),$e=n.i18n.translate("xpack.securitySolution.auditd.startedServiceDescription",{defaultMessage:"started service"}),Ve=n.i18n.translate("xpack.securitySolution.auditd.stoppedServiceDescription",{defaultMessage:"stopped service"}),Ge=n.i18n.translate("xpack.securitySolution.auditd.bootedSystemDescription",{defaultMessage:"booted system"}),Ue=n.i18n.translate("xpack.securitySolution.auditd.changedToRunLevelWithDescription",{defaultMessage:"changed to run level with"}),He=n.i18n.translate("xpack.securitySolution.auditd.shutdownSystemDescription",{defaultMessage:"shutdown system"}),We=n.i18n.translate("xpack.securitySolution.auditd.sentTestDescription",{defaultMessage:"sent test"}),Qe=n.i18n.translate("xpack.securitySolution.auditd.unknownDescription",{defaultMessage:"unknown"}),Ye=n.i18n.translate("xpack.securitySolution.auditd.sentMessageDescription",{defaultMessage:"sent message"}),Ke=n.i18n.translate("xpack.securitySolution.auditd.accessPermissionDescription",{defaultMessage:"access permission"}),Ze=n.i18n.translate("xpack.securitySolution.auditd.authenticatedUsingDescription",{defaultMessage:"authenticated using"}),Je=n.i18n.translate("xpack.securitySolution.auditd.changedPasswordWithDescription",{defaultMessage:"changed password with"}),Xe=n.i18n.translate("xpack.securitySolution.auditd.ranCommandDescription",{defaultMessage:"ran command"}),et=n.i18n.translate("xpack.securitySolution.auditd.errorFromDescription",{defaultMessage:"error from"}),tt=n.i18n.translate("xpack.securitySolution.auditd.loggedOutDescription",{defaultMessage:"logged out"}),at=n.i18n.translate("xpack.securitySolution.auditd.changedMacConfigurationDescription",{defaultMessage:"changed mac configuration"}),nt=n.i18n.translate("xpack.securitySolution.auditd.loadedMacPolicyDescription",{defaultMessage:"loaded mac policy"}),it=n.i18n.translate("xpack.securitySolution.auditd.modifiedUserAccountDescription",{defaultMessage:"modified user account"}),rt=n.i18n.translate("xpack.securitySolution.auditd.changedRoleUsingDescription",{defaultMessage:"changed role using"}),ot=n.i18n.translate("xpack.securitySolution.auditd.accessErrorDescription",{defaultMessage:"access error"}),st=n.i18n.translate("xpack.securitySolution.auditd.changedConfigurationWIthDescription",{defaultMessage:"changed configuration with"}),lt=n.i18n.translate("xpack.securitySolution.auditd.issuedVmControlDescription",{defaultMessage:"issued vm control"}),ct=n.i18n.translate("xpack.securitySolution.auditd.createdVmImageDescription",{defaultMessage:"created vm image"}),ut=n.i18n.translate("xpack.securitySolution.auditd.deletedVmImageDescription",{defaultMessage:"deleted vm image"}),dt=n.i18n.translate("xpack.securitySolution.auditd.checkedIntegrityOfDescription",{defaultMessage:"checked integrity of"}),pt=n.i18n.translate("xpack.securitySolution.auditd.assignedVmIdDescription",{defaultMessage:"assigned vm id"}),mt=n.i18n.translate("xpack.securitySolution.auditd.migratedVmFromDescription",{defaultMessage:"migrated vm from"}),gt=n.i18n.translate("xpack.securitySolution.auditd.migratedVmToDescription",{defaultMessage:"migrated vm to"}),yt=n.i18n.translate("xpack.securitySolution.auditd.assignedVMResourceDescription",{defaultMessage:"assigned vm resource"})},function(e,t,a){"use strict";a.d(t,"a",(function(){return c})),a.d(t,"b",(function(){return u}));var n=a(40),i=a(2),r=a.n(i),o=a(121),s=a(127),l=a(392);const c=r.a.memo((({contextId:e,endgamePid:t,endgameProcessName:a,eventId:i,processExecutable:l,processName:c,processPid:u,isDraggable:d})=>Object(s.e)(c)&&Object(s.e)(l)&&Object(s.e)(a)&&Object(s.e)(u)&&Object(s.e)(t)?null:r.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"none"},Object(s.e)(c)?Object(s.e)(l)?Object(s.e)(a)?null:r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(o.c,{contextId:e,eventId:i,field:"endgame.process_name",value:a,iconType:"console",isDraggable:d,fieldType:"keyword",isAggregatable:!0})):r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(o.c,{contextId:e,eventId:i,field:"process.executable",value:l,iconType:"console",isDraggable:d,fieldType:"keyword",isAggregatable:!0})):r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(o.c,{contextId:e,eventId:i,field:"process.name",value:c,iconType:"console",isDraggable:d,fieldType:"keyword",isAggregatable:!0})),Object(s.e)(u)?Object(s.e)(t)?null:r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(o.c,{contextId:e,eventId:i,field:"endgame.pid",queryValue:String(t),value:`(${String(t)})`,isDraggable:d,fieldType:"keyword",isAggregatable:!0})):r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(o.c,{contextId:e,eventId:i,field:"process.pid",queryValue:String(u),value:`(${String(u)})`,isDraggable:d,fieldType:"keyword",isAggregatable:!0})))));c.displayName="ProcessDraggable";const u=r.a.memo((({contextId:e,endgamePid:t,endgameProcessName:a,eventId:n,processExecutable:i,processName:o,processPid:s,isDraggable:u})=>null==t&&null==a&&null==i&&null==o&&null==s?r.a.createElement(r.a.Fragment,null,l.g):r.a.createElement(c,{contextId:e,endgamePid:t,endgameProcessName:a,eventId:n,processExecutable:i,processName:o,processPid:s,isDraggable:u})));u.displayName="ProcessDraggableWithNonExistentProcess"},function(e,t,a){"use strict";let n;a.d(t,"a",(function(){return n})),a.d(t,"b",(function(){return i})),a.d(t,"c",(function(){return r})),function(e){e.updateActiveGroups="UPDATE_ACTIVE_GROUPS",e.updateGroupOptions="UPDATE_GROUP_OPTIONS"}(n||(n={}));const i={},r={activeGroups:["none"],options:[]}},function(e,t,a){"use strict";a.d(t,"a",(function(){return j})),a.d(t,"e",(function(){return Y})),a.d(t,"d",(function(){return K})),a.d(t,"f",(function(){return Z})),a.d(t,"c",(function(){return M})),a.d(t,"b",(function(){return F})),a.d(t,"g",(function(){return ne}));var n=a(40),i=a(2),r=a.n(i),o=a(0),s=a.n(o),l=a(5),c=a(21);const u={selectedOptions:[]};class custom_field_panel_CustomFieldPanel extends r.a.PureComponent{constructor(...e){super(...e),s()(this,"state",u),s()(this,"handleSubmit",(()=>{this.props.onSubmit(this.state.selectedOptions[0].label)})),s()(this,"handleFieldSelection",(e=>{this.setState({selectedOptions:e})}))}render(){const{fields:e,currentOptions:t}=this.props,a=e.filter((e=>e.aggregatable&&"string"===e.type&&!(t&&t.some((t=>t.field===e.name))))).map((e=>({label:e.name}))),i=!this.state.selectedOptions.length;return Object(c.jsx)("div",{"data-test-subj":"custom-field-panel",style:{padding:16}},Object(c.jsx)(n.EuiForm,null,Object(c.jsx)(n.EuiFormRow,{label:l.i18n.translate("grouping.groupSelector.customGroupByFieldLabel",{defaultMessage:"Field"}),helpText:l.i18n.translate("grouping.groupSelector.customGroupByHelpText",{defaultMessage:"This is the field used for the terms aggregation"}),display:"rowCompressed",fullWidth:!0},Object(c.jsx)(n.EuiComboBox,{"data-test-subj":"groupByCustomField",placeholder:l.i18n.translate("grouping.groupSelector.customGroupByDropdownPlacehoder",{defaultMessage:"Select one"}),singleSelection:{asPlainText:!0},selectedOptions:this.state.selectedOptions,options:a,onChange:this.handleFieldSelection,fullWidth:!0,isClearable:!1})),Object(c.jsx)(n.EuiButton,{"data-test-subj":"groupByCustomFieldAddButton",disabled:i,type:"submit",size:"s",fill:!0,onClick:this.handleSubmit},l.i18n.translate("grouping.selector.grouping.label.add",{defaultMessage:"Add"}))))}}s()(custom_field_panel_CustomFieldPanel,"displayName","CustomFieldPanel");const d=l.i18n.translate("grouping.additionalActions.takeAction",{defaultMessage:"Take actions"}),p=l.i18n.translate("grouping.alerts.label",{defaultMessage:"Group alerts by"}),m=l.i18n.translate("grouping.customGroupByPanelTitle",{defaultMessage:"Group By Custom Field"}),g=l.i18n.translate("grouping.noneGroupByOptionName",{defaultMessage:"None"}),y=l.i18n.translate("grouping.customGroupByOptionName",{defaultMessage:"Custom field"});var f=a(61),b=a(48);const h=Object(c.css)("font-size:",b.euiThemeVars.euiFontSizeXS,";font-weight:",b.euiThemeVars.euiFontWeightSemiBold,";border-right:",b.euiThemeVars.euiBorderThin,";margin-right:16px;padding-right:16px;",""),E=Object(c.css)("font-size:",b.euiThemeVars.euiFontSizeXS,";font-weight:",b.euiThemeVars.euiFontWeightSemiBold,";border-right:",b.euiThemeVars.euiBorderThin,";margin-right:16px;padding-right:16px;.smallDot{width:3px!important;display:inline-block;}.euiBadge__text{text-align:center;width:100%;}",""),v=Object(c.css)(".groupingAccordionForm .euiAccordion__childWrapper .euiAccordion__children{margin-left:8px;margin-right:8px;border-left:",b.euiThemeVars.euiBorderThin,";border-right:",b.euiThemeVars.euiBorderThin,";border-bottom:",b.euiThemeVars.euiBorderThin,";border-radius:0 0 6px 6px;}.groupingAccordionForm .euiAccordion__triggerWrapper{border-bottom:",b.euiThemeVars.euiBorderThin,";border-left:",b.euiThemeVars.euiBorderThin,";border-right:",b.euiThemeVars.euiBorderThin,";border-radius:6px;min-height:78px;padding-left:16px;padding-right:16px;}.groupingAccordionForm{border-top:",b.euiThemeVars.euiBorderThin,";border-bottom:none;border-radius:6px;min-width:1090px;}.groupingPanelRenderer{display:table;table-layout:fixed;width:100%;padding-right:32px;}",""),x=Object(c.css)(".groupingAccordionFormLevel .euiAccordion__childWrapper .euiAccordion__children{margin-left:8px;margin-right:8px;border-left:none;border-right:none;border-bottom:",b.euiThemeVars.euiBorderThin,";border-radius:0;}.groupingAccordionFormLevel .euiAccordion__triggerWrapper{border-bottom:",b.euiThemeVars.euiBorderThin,";border-left:none;border-right:none;min-height:78px;padding-left:16px;padding-right:16px;border-radius:0;}.groupingAccordionFormLevel{border-top:none;border-bottom:none;border-radius:0;min-width:1090px;}.groupingPanelRenderer{display:table;table-layout:fixed;width:100%;padding-right:32px;}",""),k=Object(f.euiStyled)(n.EuiContextMenu)`
  width: 250px;
  & .euiContextMenuItem__text {
    overflow: hidden;
    text-overflow: ellipsis;
  }
  .euiContextMenuItem {
    border-bottom: ${b.euiThemeVars.euiBorderThin};
  }
  .euiContextMenuItem:last-child {
    border: none;
  }
`,S=Object(f.euiStyled)(n.EuiButtonEmpty)`
  font-weight: 'normal';

  .euiButtonEmpty__text {
    max-width: 300px;
    white-space: nowrap;
    overflow: hidden;
    text-overflow: ellipsis;
  }
`,w=({"data-test-subj":e,fields:t,groupsSelected:a=["none"],onGroupChange:r,options:o,title:s=p,maxGroupingLevels:u=1})=>{const[d,f]=Object(i.useState)(!1),b=Object(i.useCallback)((e=>!!a.find((t=>t===e))),[a]),h=Object(i.useMemo)((()=>{return[{id:"firstPanel",title:(e=u,l.i18n.translate("grouping.groupByPanelTitle",{values:{groupingLevelsCount:e},defaultMessage:"Select up to {groupingLevelsCount} groupings"})),items:[{"data-test-subj":"panel-none",name:g,icon:b("none")?"check":"empty",onClick:()=>r("none")},...o.map((e=>({"data-test-subj":`panel-${e.key}`,disabled:a.length===u&&!b(e.key),name:e.label,onClick:()=>r(e.key),icon:b(e.key)?"check":"empty"}))),{"data-test-subj":"panel-custom",name:y,icon:"empty",disabled:a.length===u,panel:"customPanel",hasPanel:!0}]},{id:"customPanel",title:m,width:685,content:Object(c.jsx)(custom_field_panel_CustomFieldPanel,{currentOptions:o.map((e=>({text:e.label,field:e.key}))),onSubmit:e=>{r(e),f(!1)},fields:t})}];var e}),[t,a.length,b,u,r,o]),E=Object(i.useMemo)((()=>o.filter((e=>b(e.key)))),[b,o]),v=Object(i.useCallback)((()=>f((e=>!e))),[]),x=Object(i.useCallback)((()=>f(!1)),[]),w=Object(i.useMemo)((()=>{const e=b("none")?g:a.reduce(((e,t)=>{const a=E.find((e=>e.key===t));return null==a?e:e?[e,a.label].join(", "):a.label}),"");return Object(c.jsx)(S,{"data-test-subj":"group-selector-dropdown",flush:"both",iconSide:"right",iconSize:"s",iconType:"arrowDown",onClick:v,title:e,size:"xs"},`${s}: ${e}`)}),[a,b,v,E,s]);return Object(c.jsx)(n.EuiPopover,{"data-test-subj":null!=e?e:"groupByPopover",button:w,closePopover:x,isOpen:d,panelPaddingSize:"none"},Object(c.jsx)(k,{"data-test-subj":"groupByContextMenu",initialPanelId:"firstPanel",panels:h}))},j=r.a.memo(w);var O=a(23),I=a(278);const T=e=>{return t=e,l.i18n.translate("grouping.eventsTab.unit",{values:{totalCount:t},defaultMessage:"{totalCount, plural, =1 {event} other {events}}"});var t},C="groups",M=e=>{const t=e.getItem(C);return t?JSON.parse(t):I.b},F=(e,t,a)=>{const n=M(e);e.setItem(C,JSON.stringify({...n,[t]:a}))};var D=a(49);const A=(e,t)=>null!=t&&t.length>0?t.reduce(((t,a)=>[...t,{meta:{alias:null,disabled:!1,key:e,negate:!1,params:{query:a},type:"phrase"},query:{match_phrase:{[e]:{query:a}}}}]),[{meta:{alias:null,disabled:!1,type:D.FILTERS.CUSTOM,negate:!1,key:e},query:{script:{script:{source:"doc[params['field']].size()==params['size']",params:{field:e,size:t.length}}}}}]):[],_=e=>[{meta:{disabled:!1,negate:!0,alias:null,key:e,value:"exists",type:"exists"},query:{exists:{field:e}}}],N=({isNullGroup:e,title:t,nullGroupMessage:a})=>Object(c.jsx)("div",null,Object(c.jsx)(n.EuiFlexGroup,{gutterSize:"s",alignItems:"center",responsive:!1},Object(c.jsx)(n.EuiFlexItem,{grow:!1,className:"eui-textTruncate"},Object(c.jsx)(n.EuiTitle,{size:"xs",className:"euiAccordionForm__title"},Object(c.jsx)("h4",{className:"eui-textTruncate",title:t},t))),e&&a&&Object(c.jsx)(n.EuiFlexItem,{grow:!1,"data-test-subj":"null-group-icon"},Object(c.jsx)(n.EuiIconTip,{content:a,position:"right"})))),R=({customAccordionButtonClassName:e,customAccordionClassName:t="groupingAccordionForm",extraAction:a,forceState:r,groupBucket:o,groupPanelRenderer:s,groupingLevel:l=0,isLoading:u,isNullGroup:d=!1,onGroupClose:p,onToggleGroup:m,renderChildComponent:g,selectedGroup:y,nullGroupMessage:f})=>{const b=Object(i.useRef)(r);Object(i.useEffect)((()=>{"open"===b.current&&"closed"===r?(p(),b.current="closed"):"closed"===b.current&&"open"===r&&(b.current="open")}),[p,r,y]);const h=Object(i.useMemo)((()=>o.selectedGroup===y?{asString:o.key_as_string,asArray:o.key}:{asString:null,asArray:null}),[o.key,o.key_as_string,o.selectedGroup,y]),E=Object(i.useMemo)((()=>d?_(y):A(y,h.asArray)),[h.asArray,d,y]),v=Object(i.useCallback)((e=>{m&&m(e,o)}),[o,m]);return h.asString?Object(c.jsx)(n.EuiAccordion,{buttonClassName:e,buttonContent:Object(c.jsx)("div",{"data-test-subj":"group-panel-toggle",className:"groupingPanelRenderer"},null!=s?s:Object(c.jsx)(N,{title:h.asString,isNullGroup:d,nullGroupMessage:f})),buttonElement:"div",className:l>0?"groupingAccordionFormLevel":t,"data-test-subj":"grouping-accordion",extraAction:a,forceState:r,isLoading:u,id:`group${l}-${h.asString}`,onToggle:v,paddingSize:"m"},Object(c.jsx)("span",{"data-test-subj":"grouping-accordion-content"},g(E))):null},q=r.a.memo(R),P=({bucketKey:e,groupFilter:t,groupNumber:a,onTakeActionsOpen:r,statRenderers:o,takeActionItems:s})=>{const[l,u]=Object(i.useState)(!1),[p,m]=Object(i.useState)([]),g=Object(i.useCallback)((()=>(l||0!==p.length||m(s(t,a)),!l&&r?r():u(!l))),[s,t,a,l,r,p.length]),y=Object(i.useMemo)((()=>null==o?void 0:o.map((e=>{var t,a;const{dataTestSubj:i,component:r}=null!=e.badge?{dataTestSubj:`metric-${e.title}`,component:Object(c.jsx)(n.EuiToolTip,{position:"top",content:e.badge.value},Object(c.jsx)(n.EuiBadge,{style:{marginLeft:10,width:null!==(t=e.badge.width)&&void 0!==t?t:35},color:null!==(a=e.badge.color)&&void 0!==a?a:"hollow"},e.badge.value>99?"99+":e.badge.value.toString()))}:{dataTestSubj:`customMetric-${e.title}`,component:e.renderer};return Object(c.jsx)(n.EuiFlexItem,{grow:!1,key:e.title},Object(c.jsx)("span",{css:E,"data-test-subj":i},e.title,r))}))),[o]),f=Object(i.useMemo)((()=>Object(c.jsx)(n.EuiFlexItem,{grow:!1},Object(c.jsx)(n.EuiPopover,{anchorPosition:"downLeft",button:Object(c.jsx)(n.EuiButtonEmpty,{"data-test-subj":"take-action-button",onClick:g,iconType:"arrowDown",iconSide:"right"},d),closePopover:()=>u(!1),isOpen:l,panelPaddingSize:"none"},Object(c.jsx)(n.EuiContextMenuPanel,{items:p})))),[l,g,p]);return Object(c.jsx)(n.EuiFlexGroup,{"data-test-subj":"group-stats",key:`stats-${e}`,gutterSize:"none",alignItems:"center"},y,f)},L=r.a.memo(P);var B=a(44),z=(a(833),a(834)),$=a.n(z);const V={maxWidth:500},G={tall:490,short:250},U=({height:e="tall"})=>Object(c.jsx)(n.EuiPanel,{color:"subdued","data-test-subj":"empty-results-panel"},Object(c.jsx)(n.EuiFlexGroup,{style:{height:G[e]},alignItems:"center",justifyContent:"center"},Object(c.jsx)(n.EuiFlexItem,{grow:!1},Object(c.jsx)(n.EuiPanel,{hasBorder:!0,style:V},Object(c.jsx)(n.EuiFlexGroup,null,Object(c.jsx)(n.EuiFlexItem,null,Object(c.jsx)(n.EuiText,{size:"s"},Object(c.jsx)(n.EuiTitle,null,Object(c.jsx)("h3",null,Object(c.jsx)(B.FormattedMessage,{id:"grouping.empty.title",defaultMessage:"No grouping results match your selected Group alerts field"}))),Object(c.jsx)("p",null,Object(c.jsx)(B.FormattedMessage,{id:"grouping.empty.description",defaultMessage:"Try searching over a longer period of time or modifying your Group alerts field"})))),Object(c.jsx)(n.EuiFlexItem,{grow:!1},Object(c.jsx)(n.EuiImage,{size:"200px",alt:"",src:$.a})))))));var H=a(735);const W=({activePage:e,data:t,groupPanelRenderer:a,groupSelector:o,groupStatsRenderer:s,groupingId:u,groupingLevel:d=0,inspectButton:p,isLoading:m,itemsPerPage:g,onChangeGroupsItemsPerPage:y,onChangeGroupsPage:f,onGroupClose:b,onGroupToggle:E,renderChildComponent:k,selectedGroup:S,takeActionItems:w,tracker:j,unit:I=T})=>{var C,M,F;const[D,N]=Object(i.useState)({}),R=Object(i.useMemo)((()=>{var e,a;return null!==(e=null==t||null===(a=t.unitsCount)||void 0===a?void 0:a.value)&&void 0!==e?e:0}),[null==t||null===(C=t.unitsCount)||void 0===C?void 0:C.value]),P=Object(i.useMemo)((()=>`${R.toLocaleString()} ${I&&I(R)}`),[R,I]),B=Object(i.useMemo)((()=>{var e,a;return null!==(e=null==t||null===(a=t.groupsCount)||void 0===a?void 0:a.value)&&void 0!==e?e:0}),[null==t||null===(M=t.groupsCount)||void 0===M?void 0:M.value]),z=Object(i.useMemo)((()=>{return`${B.toLocaleString()} ${e=B,l.i18n.translate("grouping.total.unit",{values:{totalCount:e},defaultMessage:"{totalCount, plural, =1 {group} other {groups}}"})}`;var e}),[B]),$=Object(i.useMemo)((()=>{var e,i;return null==t||null===(e=t.groupByFields)||void 0===e||null===(i=e.buckets)||void 0===i?void 0:i.map(((e,t)=>{var i,r;const o=function(e){if(null!==e){if(!Array.isArray(e))return e;for(const t of e)if(null!==t)return t}}(e.key),p=`group-${t}-${o}`,g=null!==(i=e.isNullGroup)&&void 0!==i&&i,y=g?((e,t)=>l.i18n.translate("grouping.nullGroup.title",{values:{selectedGroup:e,unit:t},defaultMessage:"The selected group by field, {selectedGroup}, is missing a value for this group of {unit}."}))(S,I(e.doc_count)):void 0;return Object(c.jsx)("span",{key:p,"data-test-subj":`level-${d}-group-${t}`},Object(c.jsx)(q,{isNullGroup:g,nullGroupMessage:y,onGroupClose:b,extraAction:Object(c.jsx)(L,{bucketKey:p,groupFilter:g?_(S):A(S,Array.isArray(e.key)?e.key:[e.key]),groupNumber:t,statRenderers:s&&s(S,e),takeActionItems:w}),forceState:null!==(r=D[p]&&D[p].state)&&void 0!==r?r:"closed",groupBucket:e,groupPanelRenderer:a&&a(S,e,y),isLoading:m,onToggleGroup:e=>{null==j||j(O.METRIC_TYPE.CLICK,H.a.groupToggled({isOpen:e,groupingId:u,groupNumber:t})),N({[p]:{state:e?"open":"closed"}}),null==E||E({isOpen:e,groupName:o,groupNumber:t,groupingId:u})},renderChildComponent:D[p]&&"open"===D[p].state?k:()=>Object(c.jsx)("span",null),selectedGroup:S,groupingLevel:d}),d>0?null:Object(c.jsx)(n.EuiSpacer,{size:"s"}))}))}),[null==t||null===(F=t.groupByFields)||void 0===F?void 0:F.buckets,a,s,u,d,m,b,E,k,S,w,j,D,I]),V=Object(i.useMemo)((()=>B?Math.ceil(B/g):1),[B,g]);return Object(c.jsx)(r.a.Fragment,null,d>0?null:Object(c.jsx)(n.EuiFlexGroup,{"data-test-subj":"grouping-table",justifyContent:"spaceBetween",alignItems:"center",style:{paddingBottom:20,paddingTop:20}},Object(c.jsx)(n.EuiFlexItem,{grow:!1},B>0&&R>0?Object(c.jsx)(n.EuiFlexGroup,{gutterSize:"none"},Object(c.jsx)(n.EuiFlexItem,{grow:!1},Object(c.jsx)("span",{css:h,"data-test-subj":"unit-count"},P)),Object(c.jsx)(n.EuiFlexItem,null,Object(c.jsx)("span",{css:h,"data-test-subj":"group-count",style:{borderRight:"none"}},z))):null),Object(c.jsx)(n.EuiFlexItem,{grow:!1},Object(c.jsx)(n.EuiFlexGroup,{gutterSize:"xs"},p&&Object(c.jsx)(n.EuiFlexItem,null,p),Object(c.jsx)(n.EuiFlexItem,null,o)))),Object(c.jsx)("div",{css:d>0?x:v,className:"eui-xScroll"},m&&Object(c.jsx)(n.EuiProgress,{"data-test-subj":"is-loading-grouping-table",size:"xs",color:"accent"}),B>0?Object(c.jsx)("span",{"data-test-subj":`grouping-level-${d}`},$,B>0&&Object(c.jsx)(r.a.Fragment,null,Object(c.jsx)(n.EuiSpacer,{size:"m"}),Object(c.jsx)(n.EuiTablePagination,{activePage:e,"data-test-subj":`grouping-level-${d}-pagination`,itemsPerPage:g,itemsPerPageOptions:[10,25,50,100],onChangeItemsPerPage:e=>{y&&y(e)},onChangePage:e=>{f&&f(e)},pageCount:V,showPerPageOptions:!0}))):Object(c.jsx)(U,null)))},Q=r.a.memo(W),Y=e=>!!e.find((e=>"none"===e)),K=({additionalFilters:e=[],from:t,groupByField:a,pageNumber:n,rootAggregations:i,runtimeMappings:r,size:o=10,sort:s,statsAggregations:l,to:c,uniqueValue:u})=>({size:0,runtime_mappings:{...r,groupByField:{type:"keyword",script:{source:"if (doc[params['selectedGroup']].size()==0) { emit(params['uniqueValue']) } else { emit(doc[params['selectedGroup']].join(params['uniqueValue']))}",params:{selectedGroup:a,uniqueValue:u}}}},aggs:{groupByFields:{terms:{field:"groupByField",size:1e4},aggs:{bucket_truncate:{bucket_sort:{sort:s,from:n,size:o}},...l?l.reduce(((e,t)=>Object.assign(e,t)),{}):{}}},unitsCount:{value_count:{field:"groupByField"}},groupsCount:{cardinality:{field:"groupByField"}},...i?i.reduce(((e,t)=>Object.assign(e,t)),{}):{}},query:{bool:{filter:[...e,{range:{"@timestamp":{gte:t,lte:c}}}]}},_source:!1}),Z=(e,t,a)=>{var n,i,r,o;if(!a)return{};const s=null==a||null===(n=a.groupByFields)||void 0===n||null===(i=n.buckets)||void 0===i?void 0:i.map((a=>{if(a.key===t)return{...a,key:["—"],selectedGroup:e,key_as_string:"—",isNullGroup:!0};const n=(Array.isArray(a.key)?a.key[0]:a.key).split(t);return{...a,key:n,selectedGroup:e,key_as_string:n.join(", ")}}));return{...a,groupByFields:{buckets:s},groupsCount:{value:null!==(r=null===(o=a.groupsCount)||void 0===o?void 0:o.value)&&void 0!==r?r:0}}};var J=a(104),X=a.n(J),ee=a(576),te=a(878),ae=a(1100);const ne=({componentProps:e,defaultGroupingOptions:t,fields:a,groupingId:n,maxGroupingLevels:r,onGroupChange:o,onOptionsChange:s,tracker:l})=>{const[u,d]=Object(i.useReducer)(ee.a,ee.b),{activeGroups:p}=Object(i.useMemo)((()=>{var e;return null!==(e=Object(te.b)({groups:u},n))&&void 0!==e?e:I.c}),[n,u]),m=Object(i.useCallback)((e=>{d(te.a.updateActiveGroups({id:n,activeGroups:e}))}),[n]),g=Object(ae.a)({defaultGroupingOptions:t,dispatch:d,fields:a,groupingId:n,groupingState:u,maxGroupingLevels:r,onGroupChange:o,onOptionsChange:s,tracker:l}),y=Object(i.useCallback)((t=>Y([t.selectedGroup])?t.renderChildComponent([]):Object(c.jsx)(Q,X()({},e,t,{groupSelector:g,groupingId:n,tracker:l}))),[e,g,n,l]);return Object(i.useMemo)((()=>({getGrouping:y,groupSelector:g,selectedGroups:p,setSelectedGroups:m})),[y,g,p,m])}},function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"c",(function(){return r})),a.d(t,"e",(function(){return n})),a.d(t,"a",(function(){return y})),a.d(t,"d",(function(){return f}));var n={};a.r(n),a.d(n,"dnsSelector",(function(){return v})),a.d(n,"topNFlowSelector",(function(){return k})),a.d(n,"tlsSelector",(function(){return w})),a.d(n,"topCountriesSelector",(function(){return O})),a.d(n,"httpSelector",(function(){return T})),a.d(n,"usersSelector",(function(){return C})),a.d(n,"networkAnomaliesJobIdFilterSelector",(function(){return M})),a.d(n,"networkAnomaliesIntervalSelector",(function(){return F}));var i=a(523),r=a(270),o=a(139),s=a(42),l=a(263),c=a(208),u=a(388),d=a(113),p=a(314);const m=e=>({...e.page.queries,[r.NetworkTableType.topCountriesSource]:{...e.page.queries[r.NetworkTableType.topCountriesSource],activePage:p.a},[r.NetworkTableType.topCountriesDestination]:{...e.page.queries[r.NetworkTableType.topCountriesDestination],activePage:p.a},[r.NetworkTableType.topNFlowSource]:{...e.page.queries[r.NetworkTableType.topNFlowSource],activePage:p.a},[r.NetworkTableType.topNFlowDestination]:{...e.page.queries[r.NetworkTableType.topNFlowDestination],activePage:p.a},[r.NetworkTableType.dns]:{...e.page.queries[r.NetworkTableType.dns],activePage:p.a},[r.NetworkTableType.tls]:{...e.page.queries[r.NetworkTableType.tls],activePage:p.a},[r.NetworkTableType.http]:{...e.page.queries[r.NetworkTableType.http],activePage:p.a}}),g=e=>({...e.details.queries,[r.NetworkDetailsTableType.topCountriesSource]:{...e.details.queries[r.NetworkDetailsTableType.topCountriesSource],activePage:p.a},[r.NetworkDetailsTableType.topCountriesDestination]:{...e.details.queries[r.NetworkDetailsTableType.topCountriesDestination],activePage:p.a},[r.NetworkDetailsTableType.topNFlowSource]:{...e.details.queries[r.NetworkDetailsTableType.topNFlowSource],activePage:p.a},[r.NetworkDetailsTableType.topNFlowDestination]:{...e.details.queries[r.NetworkDetailsTableType.topNFlowDestination],activePage:p.a},[r.NetworkDetailsTableType.tls]:{...e.details.queries[r.NetworkDetailsTableType.tls],activePage:p.a},[r.NetworkDetailsTableType.users]:{...e.details.queries[r.NetworkDetailsTableType.users],activePage:p.a},[r.NetworkDetailsTableType.http]:{...e.details.queries[r.NetworkDetailsTableType.http],activePage:p.a}}),y={page:{queries:{[r.NetworkTableType.topNFlowSource]:{activePage:p.a,limit:p.b,sort:{field:d.t.bytes_out,direction:d.b.desc}},[r.NetworkTableType.topNFlowDestination]:{activePage:p.a,limit:p.b,sort:{field:d.t.bytes_in,direction:d.b.desc}},[r.NetworkTableType.dns]:{activePage:p.a,limit:p.b,sort:{field:d.o.uniqueDomains,direction:d.b.desc},isPtrIncluded:!1},[r.NetworkTableType.http]:{activePage:p.a,limit:p.b,sort:{direction:d.b.desc}},[r.NetworkTableType.tls]:{activePage:p.a,limit:p.b,sort:{field:d.s._id,direction:d.b.desc}},[r.NetworkTableType.topCountriesSource]:{activePage:p.a,limit:p.b,sort:{field:d.t.bytes_out,direction:d.b.desc}},[r.NetworkTableType.topCountriesDestination]:{activePage:p.a,limit:p.b,sort:{field:d.t.bytes_in,direction:d.b.desc}},[r.NetworkTableType.alerts]:{activePage:p.a,limit:p.b},[r.NetworkTableType.anomalies]:{jobIdSelection:[],intervalSelection:"auto"}}},details:{queries:{[r.NetworkDetailsTableType.http]:{activePage:p.a,limit:p.b,sort:{direction:d.b.desc}},[r.NetworkDetailsTableType.topCountriesSource]:{activePage:p.a,limit:p.b,sort:{field:d.t.bytes_out,direction:d.b.desc}},[r.NetworkDetailsTableType.topCountriesDestination]:{activePage:p.a,limit:p.b,sort:{field:d.t.bytes_in,direction:d.b.desc}},[r.NetworkDetailsTableType.topNFlowSource]:{activePage:p.a,limit:p.b,sort:{field:d.t.bytes_out,direction:d.b.desc}},[r.NetworkDetailsTableType.topNFlowDestination]:{activePage:p.a,limit:p.b,sort:{field:d.t.bytes_in,direction:d.b.desc}},[r.NetworkDetailsTableType.tls]:{activePage:p.a,limit:p.b,sort:{field:d.s._id,direction:d.b.desc}},[r.NetworkDetailsTableType.users]:{activePage:p.a,limit:p.b,sort:{field:d.u.name,direction:d.b.asc}},[r.NetworkDetailsTableType.anomalies]:{jobIdSelection:[],intervalSelection:"auto"}},flowTarget:d.f.source}},f=Object(c.reducerWithInitialState)(y).case(i.updateNetworkTable,((e,{networkType:t,tableType:a,updates:n})=>({...e,[t]:{...e[t],queries:{...e[t].queries,[a]:{...Object(s.get)([t,"queries",a],e),...n}}}}))).case(i.setNetworkTablesActivePageToZero,(e=>({...e,page:{...e.page,queries:m(e)},details:{...e.details,queries:g(e)}}))).case(i.setNetworkDetailsTablesActivePageToZero,(e=>({...e,details:{...e.details,queries:g(e)}}))).case(i.updateNetworkAnomaliesJobIdFilter,((e,{jobIds:t,networkType:a})=>a===r.NetworkType.page?Object(u.set)("page.queries.anomalies.jobIdSelection",t,e):Object(u.set)("details.queries.anomalies.jobIdSelection",t,e))).case(i.updateNetworkAnomaliesInterval,((e,{interval:t,networkType:a})=>a===r.NetworkType.page?Object(u.set)("page.queries.anomalies.intervalSelection",t,e):Object(u.set)("details.queries.anomalies.intervalSelection",t,e))).build(),b=(e,t)=>Object(s.get)(t,e.network),h=e=>e.network.page,E=e=>e.network.details,v=()=>Object(o.createSelector)(h,(e=>e.queries.dns)),x=(e,t,a)=>{const n=a===l.b.source?"topNFlowSource":"topNFlowDestination",i=t===r.NetworkType.page?r.NetworkTableType[n]:r.NetworkDetailsTableType[n];return Object(s.get)([t,"queries",i],e.network)||Object(s.get)([t,"queries",i],y)},k=()=>Object(o.createSelector)(x,(e=>e)),S=(e,t)=>{const a=t===r.NetworkType.page?r.NetworkTableType.tls:r.NetworkDetailsTableType.tls;return Object(s.get)([t,"queries",a],e.network)||Object(s.get)([t,"queries",a],y)},w=()=>Object(o.createSelector)(S,(e=>e)),j=(e,t,a)=>{const n=a===l.b.source?"topCountriesSource":"topCountriesDestination",i=t===r.NetworkType.page?r.NetworkTableType[n]:r.NetworkDetailsTableType[n];return Object(s.get)([t,"queries",i],e.network)||Object(s.get)([t,"queries",i],y)},O=()=>Object(o.createSelector)(j,(e=>e)),I=(e,t)=>{const a=t===r.NetworkType.page?r.NetworkTableType.http:r.NetworkDetailsTableType.http;return Object(s.get)([t,"queries",a],e.network)||Object(s.get)([t,"queries",a],y)},T=()=>Object(o.createSelector)(I,(e=>e)),C=()=>Object(o.createSelector)(E,(e=>e.queries.users)),M=()=>Object(o.createSelector)(b,(e=>e.queries[r.NetworkTableType.anomalies].jobIdSelection)),F=()=>Object(o.createSelector)(b,(e=>e.queries[r.NetworkTableType.anomalies].intervalSelection))},function(e,t,a){"use strict";a.d(t,"j",(function(){return b})),a.d(t,"i",(function(){return h})),a.d(t,"m",(function(){return E})),a.d(t,"d",(function(){return v})),a.d(t,"e",(function(){return x})),a.d(t,"a",(function(){return k})),a.d(t,"c",(function(){return S})),a.d(t,"n",(function(){return w})),a.d(t,"l",(function(){return j})),a.d(t,"b",(function(){return F})),a.d(t,"f",(function(){return D})),a.d(t,"g",(function(){return A})),a.d(t,"h",(function(){return _})),a.d(t,"k",(function(){return N}));var n=a(2),i=a.n(n),r=a(40),o=a(8),s=a(50),l=a.n(s),c=a(120),u=a(210),d=a(214),p=a(655),m=a(458),g=a(880),y=a(563);const f=["kibana.alert.rule","signal.rule","rule"],b=e=>e.map((e=>({username:e.created_by,timestamp:l()(e.created_at).format("on MMM Do YYYY @ HH:mm:ss"),event:m.b,timelineAvatar:i.a.createElement(r.EuiAvatar,{size:"l",name:e.created_by.toUpperCase()}),children:i.a.createElement(r.EuiText,{size:"s"},e.comment),actions:i.a.createElement(g.a,{"data-test-subj":"copy-to-clipboard",text:e.comment,titleSummary:m.a})}))),h=e=>{const{created_at:t,created_by:a,list_id:n,tie_breaker_id:i,updated_at:r,updated_by:o,...s}=e;return{...s}},E=e=>e.map((e=>{if(void 0!==e.entries){const t=e.entries.map((e=>{const t=Object(o.omit)(e,"id");return{...t,field:t.field.startsWith("event.")?t.field.replace(/^event./,`${y.d}.`):t.field}}));return{...e,entries:t,comments:[]}}return{...e,comments:[]}})),v=(e,t)=>e.map((e=>({...e,comments:t}))),x=(e,t)=>{const a=void 0!==t?t.toISOString():void 0;return e.map((e=>({...e,expire_time:a})))},k=e=>({query:{match:{_id:{query:e||""}}}}),S=(e,t)=>e.map((e=>({...e,os_types:t}))),w=e=>{const t=["windows","macos"];if(null!=e){var a,n,i,r,o,s;const l="endpoint"===(null==e||null===(a=e.agent)||void 0===a?void 0:a.type)?null===(n=e.host)||void 0===n||null===(i=n.os)||void 0===i||null===(r=i.name)||void 0===r?void 0:r.toLowerCase():null===(o=e.host)||void 0===o||null===(s=o.os)||void 0===s?void 0:s.family;if(null!=l)return c.D.is(l)?[l]:t}return t},j=e=>e.map((e=>{const t=e.entries.map((e=>{if(e.field.includes(".hash")){if("match"===e.type)return{...e,value:e.value.toLowerCase()};if("match_any"===e.type)return{...e,value:e.value.map((e=>e.toLowerCase()))}}return e}));return{...e,entries:t}})),O=e=>{if(Array.isArray(e)&&e.length>0)return e.map((e=>{var t,a,n;return{subjectName:null!==(t=null==e?void 0:e.subject_name)&&void 0!==t?t:"",trusted:null!==(a=null==e||null===(n=e.trusted)||void 0===n?void 0:n.toString())&&void 0!==a?a:""}}));{var t,a;const n=Array.isArray(e)?void 0:e;return[{subjectName:null!==(t=null==n?void 0:n.subject_name)&&void 0!==t?t:"",trusted:null!==(a=null==n?void 0:n.trusted)&&void 0!==a?a:""}]}};function I(e){const t=[];for(const a of e)void 0!==a.entries?(a.entries=a.entries.filter((e=>void 0!==e.value&&e.value.length>0)),t.push(a)):void 0!==a.value&&a.value.length>0&&t.push(a);return t}const T=({listId:e,name:t,eventCode:a,listNamespace:n="agnostic",alertEcsData:i})=>{var r,o,s,l,c,d;const{process:p}=i,m=I([{field:"Memory_protection.feature",operator:"included",type:"match",value:null!==(r=null===(o=i.Memory_protection)||void 0===o?void 0:o.feature)&&void 0!==r?r:""},{field:"process.executable.caseless",operator:"included",type:"match",value:null!==(s=null==p?void 0:p.executable)&&void 0!==s?s:""},{field:"process.name.caseless",operator:"included",type:"match",value:null!==(l=null==p?void 0:p.name)&&void 0!==l?l:""},{field:"process.hash.sha256",operator:"included",type:"match",value:null!==(c=null==p||null===(d=p.hash)||void 0===d?void 0:d.sha256)&&void 0!==c?c:""}]);return{...Object(u.k)({listId:e,namespaceType:n,name:t}),entries:Object(u.c)(m)}},C=({listId:e,name:t,eventCode:a,listNamespace:n="agnostic",alertEcsData:i})=>{var r,o,s,l,c,d,p,m,g;const{process:y}=i,f=I([{field:"Memory_protection.feature",operator:"included",type:"match",value:null!==(r=null===(o=i.Memory_protection)||void 0===o?void 0:o.feature)&&void 0!==r?r:""},{field:"Memory_protection.self_injection",operator:"included",type:"match",value:null!==(s=String(null===(l=i.Memory_protection)||void 0===l?void 0:l.self_injection))&&void 0!==s?s:""},{field:"process.executable.caseless",operator:"included",type:"match",value:null!==(c=null==y?void 0:y.executable)&&void 0!==c?c:""},{field:"process.name.caseless",operator:"included",type:"match",value:null!==(d=null==y?void 0:y.name)&&void 0!==d?d:""},{field:"process.Ext.token.integrity_level_name",operator:"included",type:"match",value:null!==(p=null==y||null===(m=y.Ext)||void 0===m||null===(g=m.token)||void 0===g?void 0:g.integrity_level_name)&&void 0!==p?p:""}]);return{...Object(u.k)({listId:e,namespaceType:n,name:t}),entries:Object(u.c)(f)}},M=({listId:e,name:t,eventCode:a,listNamespace:n="agnostic",alertEcsData:i})=>{var r,o,s,l,c,d,p,m,g,y,f,b,h,E,v,x,k,S,w,j,O,T,C,M,F,D,A,_,N,R,q,P,L,B,z,$,V,G,U;const{process:H}=i,W=I([{field:"rule.id",operator:"included",type:"match",value:null!==(r=null===(o=i.rule)||void 0===o?void 0:o.id)&&void 0!==r?r:""},{field:"process.executable.caseless",operator:"included",type:"match",value:null!==(s=null==H?void 0:H.executable)&&void 0!==s?s:""},{field:"process.command_line",operator:"included",type:"match",value:null!==(l=null==H?void 0:H.command_line)&&void 0!==l?l:""},{field:"process.parent.executable",operator:"included",type:"match",value:null!==(c=null==H||null===(d=H.parent)||void 0===d?void 0:d.executable)&&void 0!==c?c:""},{field:"process.code_signature.subject_name",operator:"included",type:"match",value:null!==(p=null==H||null===(m=H.code_signature)||void 0===m?void 0:m.subject_name)&&void 0!==p?p:""},{field:"file.path",operator:"included",type:"match",value:null!==(g=null===(y=i.file)||void 0===y?void 0:y.path)&&void 0!==g?g:""},{field:"file.name",operator:"included",type:"match",value:null!==(f=null===(b=i.file)||void 0===b?void 0:b.name)&&void 0!==f?f:""},{field:"source.ip",operator:"included",type:"match",value:null!==(h=null===(E=i.source)||void 0===E?void 0:E.ip)&&void 0!==h?h:""},{field:"destination.ip",operator:"included",type:"match",value:null!==(v=null===(x=i.destination)||void 0===x?void 0:x.ip)&&void 0!==v?v:""},{field:"registry.path",operator:"included",type:"match",value:null!==(k=null===(S=i.registry)||void 0===S?void 0:S.path)&&void 0!==k?k:""},{field:"registry.value",operator:"included",type:"match",value:null!==(w=null===(j=i.registry)||void 0===j?void 0:j.value)&&void 0!==w?w:""},{field:"registry.data.strings",operator:"included",type:"match",value:null!==(O=null===(T=i.registry)||void 0===T||null===(C=T.data)||void 0===C?void 0:C.strings)&&void 0!==O?O:""},{field:"dll.path",operator:"included",type:"match",value:null!==(M=null===(F=i.dll)||void 0===F?void 0:F.path)&&void 0!==M?M:""},{field:"dll.code_signature.subject_name",operator:"included",type:"match",value:null!==(D=null===(A=i.dll)||void 0===A||null===(_=A.code_signature)||void 0===_?void 0:_.subject_name)&&void 0!==D?D:""},{field:"dll.pe.original_file_name",operator:"included",type:"match",value:null!==(N=null===(R=i.dll)||void 0===R||null===(q=R.pe)||void 0===q?void 0:q.original_file_name)&&void 0!==N?N:""},{field:"dns.question.name",operator:"included",type:"match",value:null!==(P=null===(L=i.dns)||void 0===L||null===(B=L.question)||void 0===B?void 0:B.name)&&void 0!==P?P:""},{field:"dns.question.type",operator:"included",type:"match",value:null!==(z=null===($=i.dns)||void 0===$||null===(V=$.question)||void 0===V?void 0:V.type)&&void 0!==z?z:""},{field:"user.id",operator:"included",type:"match",value:null!==(G=null===(U=i.user)||void 0===U?void 0:U.id)&&void 0!==G?G:""}]);return{...Object(u.k)({listId:e,namespaceType:n,name:t}),entries:Object(u.c)(W)}},F=(e,t,a)=>{var n,i;const r=null!==(n=a["event.code"])&&void 0!==n?n:null===(i=a.event)||void 0===i?void 0:i.code;switch(r){case"behavior":return[M({listId:e,name:t,eventCode:r,alertEcsData:a})];case"memory_signature":return[T({listId:e,name:t,eventCode:r,alertEcsData:a})];case"shellcode_thread":return[C({listId:e,name:t,eventCode:r,alertEcsData:a})];case"ransomware":return(e=>{const{process:t}=e,a=t&&t.Ext&&t.Ext.code_signature;return O(a)})(a).map((n=>(({listId:e,name:t,codeSignature:a,eventCode:n,listNamespace:i="agnostic",alertEcsData:r})=>{var o,s,l,c;const{process:d,Ransomware:p}=r,m=null!==(o=null==d||null===(s=d.hash)||void 0===s?void 0:s.sha256)&&void 0!==o?o:"",g=null!==(l=null==d?void 0:d.executable)&&void 0!==l?l:"",y=null!==(c=null==p?void 0:p.feature)&&void 0!==c?c:"";return{...Object(u.k)({listId:e,namespaceType:i,name:t}),entries:Object(u.c)([{field:"process.Ext.code_signature",type:"nested",entries:[{field:"subject_name",operator:"included",type:"match",value:null!=a?a.subjectName:""},{field:"trusted",operator:"included",type:"match",value:null!=a?a.trusted:""}]},{field:"process.executable",operator:"included",type:"match",value:null!=g?g:""},{field:"process.hash.sha256",operator:"included",type:"match",value:null!=m?m:""},{field:"Ransomware.feature",operator:"included",type:"match",value:null!=y?y:""},{field:"event.code",operator:"included",type:"match",value:null!=n?n:""}])}})({listId:e,name:t,eventCode:r,codeSignature:n,alertEcsData:a})));default:return(e=>{const{file:t}=e,a=t&&t.Ext&&t.Ext.code_signature;return O(a)})(a).map((n=>(({listId:e,name:t,codeSignature:a,eventCode:n,listNamespace:i="agnostic",alertEcsData:r})=>{var o,s,l,c;const{file:d,host:p}=r,m=null!==(o=null==d?void 0:d.path)&&void 0!==o?o:"",g=null!==(s=null==d||null===(l=d.hash)||void 0===l?void 0:l.sha256)&&void 0!==s?s:"",y="Linux"===(null==p||null===(c=p.os)||void 0===c?void 0:c.name),f=[{field:y?"file.path":"file.path.caseless",operator:"included",type:"match",value:null!=m?m:""},{field:"file.hash.sha256",operator:"included",type:"match",value:null!=g?g:""},{field:"event.code",operator:"included",type:"match",value:null!=n?n:""}];return{...Object(u.k)({listId:e,namespaceType:i,name:t}),entries:y?Object(u.c)(f):Object(u.c)([{field:"file.Ext.code_signature",type:"nested",entries:[{field:"subject_name",operator:"included",type:"match",value:null!=a?a.subjectName:""},{field:"trusted",operator:"included",type:"match",value:null!=a?a.trusted:""}]},...f])}})({listId:e,name:t,eventCode:null!=r?r:"",codeSignature:n,alertEcsData:a})))}},D=(e,t)=>e.map((e=>({...e,name:t}))),A=e=>e.map((e=>({...Object(d.a)(e),list_id:void 0,namespace_type:"single"}))),_=(e,t)=>t.flatMap((t=>e.map((e=>({...Object(d.a)(e),list_id:t.list_id,namespace_type:t.namespace_type}))))),N=({alertData:e,exceptionItemName:t,ruleCustomHighlightedFields:a})=>{const n=R(e,a);if(!n.length)return null;const i=(({highlightedFields:e,alertData:t})=>Object.values(e).reduce(((e,a)=>{var n;const i=a.id,r=null!==(n=Object(o.get)(t,i))&&void 0!==n?n:Object(o.get)(t,`kibana.alert.${i}`);if(null!=r){const t=Array.isArray(r)?c.d.MATCH_ANY:c.d.MATCH,a=Array.isArray(r)?r.map(String):r.toString();e.push({field:i,operator:c.c.INCLUDED,type:t,value:a})}return e}),[]))({highlightedFields:n,alertData:e});return i.length?(({name:e,exceptionEntries:t})=>({...Object(u.k)({listId:void 0,namespaceType:"single",name:e}),entries:Object(u.c)(t)}))({name:t,exceptionEntries:i}):null},R=(e,t)=>{const a=Object(o.get)(e,"event.category"),n=Object(o.get)(e,"event.code"),i=Object(o.get)(e,"kibana.alert.rule.type"),r={primaryEventCategory:Array.isArray(a)?a[0]:a,allEventCategories:[a]};return((e,t,a)=>e.filter((({id:e})=>"agent.id"===e?q(a):!t.some((t=>e.startsWith(t))))))(Object(p.b)({eventCategories:r,eventCode:n,eventRuleType:i,highlightedFieldsOverride:t}),f,e)},q=e=>{if(!Object(o.get)(e,"kibana.alert.rule.uuid"))return!1;const t=Object(o.get)(e,"agent.type");return"endpoint"===(Array.isArray(t)?t[0]:t)}},function(e,t,a){"use strict";a.d(t,"a",(function(){return g}));var n=a(129),i=a(109),r=a(2),o=a(255),s=a(108),l=a(232),c=a(233),u=a(409),d=a(304),p=a(552);const m=e=>({query:{bool:{filter:[{bool:{should:[{match:{"signal.rule.id":e}},{match:{[n.S]:e}}],minimum_should_match:1}}]}},size:1}),g=e=>{const{isFetching:t,data:a,error:n,refetch:o}=Object(p.a)(e,!1),{addError:g}=Object(s.a)(),f=!Object(i.u)(n),{loading:b,data:h}=Object(c.a)({query:m(e),skip:f,queryName:l.a.BY_RULE_ID});Object(r.useEffect)((()=>{null==n||Object(i.u)(n)||g(n,{title:d.b})}),[g,n]);const E=Object(r.useMemo)((()=>{const e=f?a:null==h?void 0:y(h);if(e)return Object(u.a)(e)}),[f,h,a]);return{error:n,loading:t||b,refresh:o,rule:null!=E?E:null,isExistingRule:f}},y=e=>{var t,a,n,i;if(0===e.hits.hits.length)return;const r=e.hits.hits[0],s=null!==(t=null===(a=r._source.signal)||void 0===a?void 0:a.rule)&&void 0!==t?t:null===(n=r._source.kibana)||void 0===n||null===(i=n.alert)||void 0===i?void 0:i.rule;if(null==s){var l,c,u,d,p,m;const e=Object(o.a)(null!==(l=r._source)&&void 0!==l?l:{}),t={...null==e||null===(c=e.kibana)||void 0===c||null===(u=c.alert)||void 0===u?void 0:u.rule,...null==e||null===(d=e.kibana)||void 0===d||null===(p=d.alert)||void 0===p||null===(m=p.rule)||void 0===m?void 0:m.parameters};return delete t.parameters,t}return s}},,function(e,t,a){"use strict";a.d(t,"c",(function(){return v})),a.d(t,"d",(function(){return k})),a.d(t,"b",(function(){return S})),a.d(t,"a",(function(){return w}));var n=a(2),i=a(162),r=a(533),o=a(102),s=a(4);const l=async e=>{const{indexName:t,entity:a}=e.query;return o.b.get().http.fetch(s.hc,{method:"GET",query:{indexName:t,entity:a},asSystemRequest:!0,signal:e.signal})};var c=a(414),u=a(216),d=a(113),p=a(5);p.i18n.translate("xpack.securitySolution.riskScore.errorSearchDescription",{defaultMessage:"An error has occurred on risk score search"});const m=p.i18n.translate("xpack.securitySolution.riskScore.failSearchDescription",{defaultMessage:"Failed to run search on risk score"});var g=a(108);const y=e=>{var t,a;return"index_not_found_exception"===(null===(t=e.attributes)||void 0===t||null===(a=t.caused_by)||void 0===a?void 0:a.type)};var f=a(266),b=a(194),h=a(124);const E={totalCount:0,data:void 0},v=({timerange:e,onlyLatest:t=!0,filterQuery:a,sort:o,skip:s=!1,pagination:p,riskEntity:v,includeAlertsCount:x=!1})=>{const k=Object(f.a)(),S=Object(h.a)("riskScoringRoutesEnabled"),w=k?v===d.w.host?Object(d.F)(k,t,S):Object(d.G)(k,t,S):void 0,j=v===d.w.host?d.v.hostsRiskScore:d.v.usersRiskScore,{querySize:O,cursorStart:I}=p||{},{addError:T}=Object(g.a)(),{isDeprecated:C,isEnabled:M,isAuthorized:F,isLoading:D,refetch:A}=((e,t)=>{const{isPlatinumOrTrialLicense:a,capabilitiesFetched:o}=Object(i.a)(),s=Object(c.a)("entity-analytics"),u=a&&s,{fetch:d,data:p,isLoading:m,error:g}=Object(r.b)(r.a.GET_RISK_SCORE_DEPRECATED,l),y=Object(n.useMemo)((()=>p||{isDeprecated:u,isEnabled:u}),[p]),f=Object(n.useCallback)((t=>{u&&d({query:{indexName:t,entity:e}})}),[u,d,e]);return Object(n.useEffect)((()=>{null!=t&&f(t)}),[t,f]),{error:g,isLoading:m||!o||null==t,refetch:f,isAuthorized:u,...y}})(v,w),{loading:_,result:N,search:R,refetch:q,inspect:P,error:L}=Object(b.a)({factoryQueryType:j,initialResult:E,abort:s,showErrorToast:!1}),B=Object(n.useCallback)((()=>{w&&(A(w),q())}),[w,q,A]);Object(n.useEffect)((()=>{B()}),[null==e?void 0:e.to,null==e?void 0:e.from]);const z=Object(n.useMemo)((()=>({data:N.data,inspect:P,refetch:B,totalCount:N.totalCount,isAuthorized:F,isDeprecated:C,isModuleEnabled:M,isInspected:!1})),[P,C,M,F,B,N.data,N.totalCount]),$=Object(n.useMemo)((()=>e?{to:e.to,from:e.from,interval:""}:void 0),[e]),V=Object(n.useMemo)((()=>w?{defaultIndex:[w],factoryQueryType:j,riskScoreEntity:v,includeAlertsCount:x,filterQuery:Object(u.a)(a),pagination:void 0!==I&&void 0!==O?{cursorStart:I,querySize:O}:void 0,sort:o,timerange:t?void 0:$,alertsTimerange:x?$:void 0}:null),[I,w,j,a,O,o,$,t,v,x]);return Object(n.useEffect)((()=>{L&&(y(L)||T(L,{title:m}))}),[T,L]),Object(n.useEffect)((()=>{s||D||null==V||!F||!M||C||R(V)}),[M,C,F,D,V,R,s]),{...z,loading:_||D}},x=p.i18n.translate("xpack.securitySolution.riskScore.kpi.failSearchDescription",{defaultMessage:"Failed to run search on risk score"}),k=({filterQuery:e,skip:t,riskEntity:a,timerange:r})=>{const{addError:o}=Object(g.a)(),s=Object(f.a)(),l=Object(i.a)().isPlatinumOrTrialLicense,c=Object(h.a)("riskScoringRoutesEnabled"),u=s?a===d.w.host?Object(d.F)(s,!0,c):Object(d.G)(s,!0,c):void 0,{loading:p,result:m,search:E,refetch:v,inspect:k,error:S}=Object(b.a)({factoryQueryType:d.v.kpiRiskScore,initialResult:{kpiRiskScore:d.c},abort:t,showErrorToast:!1}),w=!!S&&y(S);Object(n.useEffect)((()=>{!t&&u&&l&&E({filterQuery:e,defaultIndex:[u],entity:a})}),[u,E,e,t,a,l]),Object(n.useEffect)((()=>{v()}),[null==r?void 0:r.to,null==r?void 0:r.from]),Object(n.useEffect)((()=>{S&&(y(S)||o(S,{title:x}))}),[o,S]);const j=Object(n.useMemo)((()=>{var e,t,a,n,i;if(!p&&!S)return{[d.y.unknown]:null!==(e=m.kpiRiskScore[d.y.unknown])&&void 0!==e?e:0,[d.y.low]:null!==(t=m.kpiRiskScore[d.y.low])&&void 0!==t?t:0,[d.y.moderate]:null!==(a=m.kpiRiskScore[d.y.moderate])&&void 0!==a?a:0,[d.y.high]:null!==(n=m.kpiRiskScore[d.y.high])&&void 0!==n?n:0,[d.y.critical]:null!==(i=m.kpiRiskScore[d.y.critical])&&void 0!==i?i:0}}),[m,p,S]);return{error:S,severityCount:j,loading:p,isModuleDisabled:w,refetch:v,inspect:k}};let S,w;!function(e){e.USERS_BY_RISK="UsersByRisk",e.USER_DETAILS_RISK_SCORE="UserDetailsRiskScore"}(S||(S={})),function(e){e.DEFAULT="HostRiskScore",e.HOST_DETAILS_RISK_SCORE="HostDetailsRiskScore",e.OVERVIEW_RISKY_HOSTS="OverviewRiskyHosts",e.HOSTS_BY_RISK="HostsByRisk"}(w||(w={}))},,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(50),i=a.n(n);const r=(e,t)=>"second"===t||"minute"===t||"hour"===t?{from:i()(e.time).subtract(1,"hour").toISOString(),to:i()(e.time).add(1,"hour").toISOString()}:{from:i()(e.time).subtract(1,"day").toISOString(),to:i()(e.time).add(1,"day").toISOString()}},,,,,,function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"c",(function(){return r})),a.d(t,"a",(function(){return o}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.containers.detectionEngine.rulesAndTimelines",{defaultMessage:"Failed to fetch Rules and Timelines"}),r=n.i18n.translate("xpack.securitySolution.containers.detectionEngine.ruleManagementFiltersFetchFailure",{defaultMessage:"Failed to fetch rule filters"}),o=n.i18n.translate("xpack.securitySolution.containers.detectionEngine.addRuleFailDescription",{defaultMessage:"Failed to add Rule"});n.i18n.translate("xpack.securitySolution.containers.detectionEngine.createPrePackagedRuleAndTimelineFailDescription",{defaultMessage:"Failed to installed pre-packaged rules and timelines from elastic"}),n.i18n.translate("xpack.securitySolution.containers.detectionEngine.createPrePackagedRuleAndTimelineSuccesDescription",{defaultMessage:"Installed pre-packaged rules and timeline templates from elastic"}),n.i18n.translate("xpack.securitySolution.containers.detectionEngine.createPrePackagedRuleSuccesDescription",{defaultMessage:"Installed pre-packaged rules from elastic"}),n.i18n.translate("xpack.securitySolution.containers.detectionEngine.createPrePackagedTimelineSuccesDescription",{defaultMessage:"Installed pre-packaged timeline templates from elastic"})},,,,,,,,,function(e,t,a){"use strict";a.d(t,"b",(function(){return b})),a.d(t,"a",(function(){return h})),a.d(t,"d",(function(){return E})),a.d(t,"c",(function(){return v}));var n=a(2),i=a.n(n),r=a(42),o=a(120),s=a(40),l=a(244),c=a(728),u=a(281),d=a(692),p=a(565);const m=e=>t=>""!==e.trim()?Object(u.d)(t,[{comment:e}]):t,g=e=>t=>""!==e.trim()?Object(u.f)(t,e):t,y=e=>t=>Object(u.e)(t,e),f=(e,t)=>a=>e===o.b.ENDPOINT?Object(u.l)(Object(u.c)(a,t)):a,b=({itemName:e,commentToAdd:t,addToRules:a,addToSharedLists:n,sharedLists:i,selectedOs:s,listType:l,expireTime:c,items:d})=>{const p=Object(r.pipe)(m(t),y(c),g(e),f(l,s),((e,t)=>a=>t&&e!==o.b.ENDPOINT?Object(u.g)(a):a)(l,a),((e,t,a)=>n=>t&&e!==o.b.ENDPOINT?Object(u.h)(n,a):n)(l,n,i))(d);return p},h=({itemName:e,commentToAdd:t,selectedOs:a,listType:n,expireTime:i,items:o})=>Object(r.pipe)(m(t),y(i),g(e),f(n,a))(o),E=()=>[{field:"name",name:p.c,sortable:!0,"data-test-subj":"exceptionListNameCell"},{field:"referenced_rules",name:"Number of rules linked to",sortable:!1,"data-test-subj":"exceptionListRulesLinkedToIdCell",render:e=>i.a.createElement(l.e,{emptyButton:!0,useCustomActions:!0,actions:Object(l.j)({dataTestSubj:"addToSharedListsLinkedRulesMenu",linkedRules:e,securityLinkAnchorComponent:d.f}),panelPaddingSize:"none",disableActions:!1,text:e.length.toString(),dataTestSubj:"addToSharedListsLinkedRulesMenuAction"})},{name:p.a,"data-test-subj":"exceptionListRulesActionCell",render:e=>i.a.createElement(d.e,{dataTestSubj:"exceptionListActionCell-link",linkTitle:p.e,listId:e.list_id,external:!0})}],v=()=>[{field:"name",align:"left",name:p.c,sortable:!0,"data-test-subj":"ruleNameCell",truncateText:!1},{field:"tags",align:"left",name:p.d,"data-test-subj":"ruleNameCell",render:e=>0===e.length?null:i.a.createElement(c.a,{items:e,popoverTitle:p.d,popoverButtonTitle:e.length.toString(),popoverButtonIcon:"tag",dataTestPrefix:"tags",renderItem:(e,t)=>i.a.createElement(s.EuiBadge,{color:"hollow",key:`${e}-${t}`,"data-test-subj":"tag"},e)})},{name:p.a,"data-test-subj":"ruleAction-view",render:e=>i.a.createElement(d.f,{external:!0,referenceId:e.id,referenceName:p.f})}]},function(e,t,a){"use strict";a.d(t,"b",(function(){return n})),a.d(t,"a",(function(){return i}));const n=10,i=0},function(e,t,a){"use strict";var n=a(369);e.exports=function(e){return n({},e)}},function(e,t,a){"use strict";a.d(t,"b",(function(){return S})),a.d(t,"a",(function(){return _})),a.d(t,"d",(function(){return F})),a.d(t,"c",(function(){return g}));var n=a(5);const i=n.i18n.translate("autocomplete.loadingDescription",{defaultMessage:"Loading..."}),r=n.i18n.translate("autocomplete.selectField",{defaultMessage:"Please select a field first..."}),o=n.i18n.translate("autocomplete.fieldRequiredError",{defaultMessage:"Value cannot be empty"}),s=n.i18n.translate("autocomplete.invalidNumberError",{defaultMessage:"Not a valid number"}),l=n.i18n.translate("autocomplete.invalidDateError",{defaultMessage:"Not a valid date"}),c=n.i18n.translate("autocomplete.invalidBinaryType",{defaultMessage:"Binary fields are currently unsupported"}),u=n.i18n.translate("autocomplete.fieldSpaceWarning",{defaultMessage:"Warning: Spaces at the start or end of this value aren't being displayed."}),d=(n.i18n.translate("autocomplete.listsTooltipWarning",{defaultMessage:"Lists that aren't able to be processed by this rule type will be disabled."}),n.i18n.translate("autocomplete.seeDocumentation",{defaultMessage:"See Documentation"}),n.i18n.translate("autocomplete.conflictIndicesWarning.title",{defaultMessage:"Mapping Conflict"})),p=n.i18n.translate("autocomplete.conflictIndicesWarning.description",{defaultMessage:"This field is defined as different types across the following indices or is unmapped. This can cause unexpected query results."}),m=(e,t)=>n.i18n.translate("autocomplete.conflictIndicesWarning.index.description",{defaultMessage:"{name} ({count} indices)",values:{count:t,name:e}});var g={LOADING:i,SELECT_FIELD_FIRST:r,FIELD_REQUIRED_ERR:o,NUMBER_ERR:s,DATE_ERR:l,FIELD_SPACE_WARNING:u,BINARY_TYPE_NOT_SUPPORTED:c},y=a(2),f=a.n(y),b=a(40),h=a(21),E=a(210);const v=({getLabel:e,options:t,selectedOptions:a,disabledOptions:n})=>{const i=t.map(e),r=null==n?void 0:n.map(e),o=i.map((e=>({label:e,disabled:r&&0!==r.length&&r.includes(e)}))),s=a.map(e).filter((e=>-1!==i.indexOf(e))).map((e=>o[i.indexOf(e)]));return{comboOptions:o,labels:i,selectedComboOptions:s}},x={binary:c},k={asPlainText:!0},S=({fieldInputWidth:e,fieldTypeFilter:t=[],indexPattern:a,isClearable:i=!1,isDisabled:r=!1,isLoading:o=!1,isRequired:s=!1,onChange:l,placeholder:c,selectedField:u,acceptsCustomOptions:g=!1,showMappingConflicts:S=!1})=>{const{isInvalid:w,comboOptions:j,selectedComboOptions:O,fieldWidth:I,renderFields:T,handleTouch:C,handleValuesChange:M,handleCreateCustomOption:F}=(({indexPattern:e,fieldTypeFilter:t,isRequired:a,selectedField:n,fieldInputWidth:i,showMappingConflicts:r,onChange:o})=>{const[s,l]=Object(y.useState)(!1),[c,u]=Object(y.useState)(null),g=Object(b.useEuiPaddingSize)("s"),{availableFields:k,selectedFields:S}=Object(y.useMemo)((()=>((e,t,a)=>{const n=(e=>null!=e?e.fields:[])(e),i=(e=>e&&""!==e.name.trim()?[e]:[])(t),r=((e,t,a)=>{const n=new Map;e.forEach((e=>n.set(e.name,e))),t.forEach((e=>n.set(e.name,e)));const i=Array.from(n.values());return a&&(null==a?void 0:a.length)>0?i.filter((({type:e})=>a.includes(e))):i})(n,i,a);return{availableFields:r,selectedFields:i}})(null!=c&&null!=e?{...e,fields:[c,...null==e?void 0:e.fields]}:e,n,t)),[e,t,n,c]),{comboOptions:w,labels:j,selectedComboOptions:O,disabledLabelTooltipTexts:I,mappingConflictsTooltipInfo:T}=Object(y.useMemo)((()=>(e=>{const{availableFields:t,selectedFields:a}=e,n=v({getLabel:e=>e.name,options:t,selectedOptions:a}),i=(e=>e.availableFields.reduce(((e,t)=>{var a;const n=null===(a=t.esTypes)||void 0===a?void 0:a.find((e=>x[e])),i=n&&x[n]||x[t.type];return i&&(e[t.name]=i),e}),{}))(e),r=(e=>e.availableFields.reduce(((e,t)=>{const a=Object(E.j)(t);return a?(e[t.name]=a,e):e}),{}))(e);return{...n,disabledLabelTooltipTexts:i,mappingConflictsTooltipInfo:r}})({availableFields:k,selectedFields:S})),[k,S]),C=Object(y.useCallback)((e=>{const t=e.map((({label:e})=>k[j.indexOf(e)]));o(t)}),[k,j,o]),M=Object(y.useCallback)((e=>{e.trim().toLowerCase()&&(u({name:e,type:"text"}),o([{name:e,type:"text"}]))}),[o]),F=Object(y.useCallback)((()=>{l(!0)}),[l]),D=Object(y.useMemo)((()=>i?{width:`${i}px`}:{}),[i]);return{isInvalid:Object(y.useMemo)((()=>!!a&&s&&null==n),[a,n,s]),comboOptions:w,selectedComboOptions:O,fieldWidth:D,renderFields:e=>{const{label:t}=e,a=I[t];if(a)return e.disabled=!0,Object(h.jsx)(b.EuiToolTip,{"data-test-subj":"disabledLabelWithTooltip",content:a,position:"bottom"},Object(h.jsx)(f.a.Fragment,null,t));const n=T[t];if(r&&n){const e=Object(h.jsx)(f.a.Fragment,null,p,n.map((e=>{const t=e.groupedIndices.map((({name:e,count:t})=>`${t>1?m(e,t):e}`));return Object(h.jsx)(f.a.Fragment,null,Object(h.jsx)(b.EuiSpacer,{size:"s"}),`${e.totalIndexCount>1?m(e.type,e.totalIndexCount):e.type}: ${t.join(", ")}`)})));return Object(h.jsx)(b.EuiToolTip,{"data-test-subj":"mappingConflictsTooltip",position:"bottom",content:e},Object(h.jsx)(f.a.Fragment,null,t,Object(h.jsx)(b.EuiIcon,{"data-test-subj":"mappingConflictsWarningIcon",tabIndex:0,type:"warning",title:d,size:"s",css:Object(h.css)({marginLeft:`${g}`},"","")})))}return t},handleTouch:F,handleValuesChange:C,handleCreateCustomOption:M}})({indexPattern:a,fieldTypeFilter:t,isRequired:s,selectedField:u,fieldInputWidth:e,showMappingConflicts:S,onChange:l});return g?Object(h.jsx)(b.EuiComboBox,{placeholder:c,options:j,selectedOptions:O,onChange:M,isLoading:o,isDisabled:r,isClearable:i,isInvalid:w,onFocus:C,singleSelection:k,"data-test-subj":"fieldAutocompleteComboBox",style:I,onCreateOption:F,customOptionText:n.i18n.translate("autocomplete.customOptionText",{defaultMessage:"Add {searchValuePlaceholder} as a custom field",values:{searchValuePlaceholder:"{searchValue}"}}),fullWidth:!0,renderOption:T}):Object(h.jsx)(b.EuiComboBox,{placeholder:c,options:j,selectedOptions:O,onChange:M,isLoading:o,isDisabled:r,isClearable:i,isInvalid:w,onFocus:C,singleSelection:k,"data-test-subj":"fieldAutocompleteComboBox",style:I,fullWidth:!0,renderOption:T})};S.displayName="Field";a(214),a(74);var w=a(8),j=a(120),O=a(49);const I=({selectedField:e,operatorType:t,fieldValue:a,query:n,indexPattern:i,autocompleteService:r})=>{const[o,s]=Object(y.useState)(!1),[l,c]=Object(y.useState)(!0),[u,d]=Object(y.useState)([]),p=Object(y.useRef)(null);return Object(y.useEffect)((()=>{let o=!0;const l=new AbortController,u=Object(w.debounce)((async({fieldSelected:e,patterns:t,searchQuery:a})=>{try{if(o){if(null==e||null==t)return;if("boolean"===e.type)return void c(!1);s(!0);const n=Object(O.getDataViewFieldSubtypeNested)(e),i=n?{...e,name:`${n.nested.path}.${e.name}`}:e,o=await r.getValueSuggestions({field:i,indexPattern:t,query:a,signal:l.signal,useTimeRange:!1});0===o.length&&c(!1),s(!1),d([...o])}}catch(e){o&&(d([]),s(!1))}}),500);return t!==j.d.EXISTS&&u({fieldSelected:e,patterns:i,searchQuery:n,value:a}),p.current=u,()=>{o=!1,l.abort()}}),[e,t,a,i,n,r]),[o,l,u,p.current]};var T=a(62),C=a.n(T);const M=(e,t,a,n)=>{if(null==t)return;const i=((e,t,a,n)=>a&&n&&(null==e||""===e.trim())?o:null==t||a&&!n||!(a||null!=e&&""!==e)?void 0:null)(e,t,a,n);if(null!==i)return i;switch(t.type){case"date":const t=C.a.parse(null!=e?e:"");return Boolean(t&&t.isValid())?void 0:l;case"number":return null==e||""===e.trim()||isNaN(+e)?s:void 0;default:return}},F=e=>e&&e.trim().length!==e.length,D=[{inputDisplay:"true",value:"true"},{inputDisplay:"false",value:"false"}],A={asPlainText:!0},_=({placeholder:e,rowLabel:t,selectedField:a,selectedValue:n,indexPattern:o,isLoading:s,isDisabled:l=!1,isClearable:c=!1,isRequired:d=!1,fieldInputWidth:p,autocompleteService:m,onChange:g,onError:f})=>{const[E,x]=Object(y.useState)(""),[k,S]=Object(y.useState)(!1),[O,T]=Object(y.useState)(void 0),[C,_]=Object(y.useState)(!1),[N,R,q]=I({autocompleteService:m,fieldValue:n,indexPattern:o,operatorType:j.d.MATCH,query:E,selectedField:a}),P=Object(y.useCallback)((e=>e),[]),L=Object(y.useMemo)((()=>{const e=String(n);return null!=n&&""!==n.trim()?Object(w.uniq)([e,...q]):q}),[q,n]),B=Object(y.useMemo)((()=>{const e=String(n);return n?[e]:[]}),[n]),z=Object(y.useCallback)((e=>{if(!e)return _(!1);_(!!F(e))}),[_]),$=Object(y.useCallback)((e=>{T((t=>{const a=null!=e;return null!=t!==a&&null!=f&&f(a),e}))}),[T,f]),{comboOptions:V,labels:G,selectedComboOptions:U}=Object(y.useMemo)((()=>v({getLabel:P,options:L,selectedOptions:B})),[L,B,P]),H=Object(y.useCallback)((e=>{const[t]=e.map((({label:e})=>L[G.indexOf(e)]));z(t),$(void 0),g(null!=t?t:"")}),[$,z,G,g,L]),W=Object(y.useCallback)((e=>{if(""!==e&&null!=a){const t=M(e,a,d,k);$(t),t||z(e),x(e)}}),[$,z,d,a,k]),Q=Object(y.useCallback)((e=>{const t=M(e,a,d,k);if($(t),null!=t)return _(!1),!1;z(e),g(e)}),[d,g,a,k,$,z]),Y=Object(y.useCallback)((e=>{const t=e.target.value;g(t)}),[g]),K=Object(y.useCallback)((e=>{g(e)}),[g]),Z=Object(y.useCallback)((()=>{S(!0);const e=M(n,a,d,!0);$(e)}),[S,$,n,a,d]),J=Object(y.useMemo)((()=>s||N?i:null==a?r:e),[s,a,N,e]),X=Object(y.useMemo)((()=>s||N),[s,N]);Object(y.useEffect)((()=>{T(void 0),null!=f&&f(!1),z(n)}),[null==a?void 0:a.name,null==a?void 0:a.type,n,z,f]);const ee=Object(y.useMemo)((()=>Object(h.jsx)(b.EuiFormRow,{label:t,error:O,isInvalid:null!=a&&null!=O,"data-test-subj":"valuesAutocompleteMatchLabel",fullWidth:!0,helpText:C&&u},Object(h.jsx)(b.EuiComboBox,{placeholder:J,isDisabled:l||!a,isLoading:X,isClearable:c,options:V,selectedOptions:U,onChange:H,singleSelection:A,onSearchChange:W,onCreateOption:Q,isInvalid:null!=a&&null!=O,onBlur:Z,sortMatchesBy:"startsWith","data-test-subj":"valuesAutocompleteMatch",style:p?{width:`${p}px`}:{},fullWidth:!0,async:!0}))),[V,O,p,J,c,l,X,t,U,a,C,Q,W,H,Z]);if(R||null==a)return ee;switch(a.type){case"number":return Object(h.jsx)(b.EuiFormRow,{label:t,error:O,isInvalid:null!=a&&null!=O,"data-test-subj":"valuesAutocompleteMatchLabel",fullWidth:!0},Object(h.jsx)(b.EuiFieldNumber,{placeholder:J,onBlur:Z,value:"string"==typeof n&&n.trim().length>0?parseFloat(n):null!=n?n:"",onChange:Y,"data-test-subj":"valueAutocompleteFieldMatchNumber",style:p?{width:`${p}px`}:{},fullWidth:!0}));case"boolean":return Object(h.jsx)(b.EuiFormRow,{label:t,error:O,isInvalid:null!=a&&null!=O,"data-test-subj":"valuesAutocompleteMatchLabel",fullWidth:!0},Object(h.jsx)(b.EuiSuperSelect,{isLoading:X,options:D,valueOfSelected:null!=n?n:"true",onChange:K,"data-test-subj":"valuesAutocompleteMatchBoolean",style:p?{width:`${p}px`}:{},fullWidth:!0}));default:return ee}};_.displayName="AutocompleteFieldMatch";const N={asPlainText:!0};Object(y.memo)((({autocompleteService:e,placeholder:t,rowLabel:a,selectedField:n,selectedValue:o,indexPattern:s,isLoading:l,isDisabled:c=!1,isClearable:d=!1,isRequired:p=!1,fieldInputWidth:m,onChange:g,onError:f,onWarning:E,warning:x})=>{const[k,S]=Object(y.useState)(""),[O,T]=Object(y.useState)(!1),[C,D]=Object(y.useState)(void 0),[A,_]=Object(y.useState)(!1),[R,,q]=I({autocompleteService:e,fieldValue:o,indexPattern:s,operatorType:j.d.WILDCARD,query:k,selectedField:n}),P=Object(y.useCallback)((e=>e),[]),L=Object(y.useMemo)((()=>{const e=String(o);return null!=o&&""!==o.trim()?Object(w.uniq)([e,...q]):q}),[q,o]),B=Object(y.useMemo)((()=>{const e=String(o);return o?[e]:[]}),[o]),z=Object(y.useCallback)((e=>{if(!e)return _(!1);_(!!F(e))}),[_]),$=Object(y.useCallback)((e=>{D((t=>{const a=null!=e;return null!=t!==a&&null!=f&&f(a),e}))}),[D,f]),V=Object(y.useCallback)((e=>{E(void 0!==e)}),[E]),{comboOptions:G,labels:U,selectedComboOptions:H}=Object(y.useMemo)((()=>v({getLabel:P,options:L,selectedOptions:B})),[L,B,P]),W=Object(y.useCallback)((e=>{const[t]=e.map((({label:e})=>L[U.indexOf(e)]));$(void 0),z(t),_(!1),g(null!=t?t:"")}),[$,z,U,g,L]),Q=Object(y.useCallback)((e=>{if(""!==e.trim()&&null!=n){const t=M(e,n,p,O);$(t),V(x),t||z(e),S(e)}}),[$,z,p,n,O,x,V]),Y=Object(y.useCallback)((e=>{const t=M(e,n,p,O);if($(t),V(x),null!=t)return _(!1),!1;z(e),g(e)}),[p,z,g,n,O,$,V,x]),K=Object(y.useCallback)((()=>{T(!0);const e=M(o,n,p,!0);$(e),V(x)}),[T,$,o,n,p,V,x]),Z=Object(y.useMemo)((()=>l||R?i:null==n?r:t),[l,n,R,t]),J=Object(y.useMemo)((()=>l||R),[l,R]);return Object(y.useEffect)((()=>{D(void 0),null!=f&&f(!1),z(o),E(!1)}),[n,o,f,E,z]),Object(y.useMemo)((()=>Object(h.jsx)(b.EuiFormRow,{label:a,error:C,helpText:x||A&&u,isInvalid:null!=n&&null!=C,"data-test-subj":"valuesAutocompleteWildcardLabel",fullWidth:!0},Object(h.jsx)(b.EuiComboBox,{placeholder:Z,isDisabled:c||!n,isLoading:J,isClearable:d,options:G,selectedOptions:H,onChange:W,singleSelection:N,onSearchChange:Q,onCreateOption:Y,isInvalid:null!=n&&null!=C,onBlur:K,sortMatchesBy:"startsWith","data-test-subj":"valuesAutocompleteWildcard",style:m?{width:`${m}px`}:{},fullWidth:!0,async:!0}))),[G,C,m,Y,Q,W,Z,d,c,J,a,H,n,K,x,A])})).displayName="AutocompleteFieldWildcard"},,,function(e,t,a){"use strict";a.d(t,"c",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"a",(function(){return o}));var n=a(42);const i=e=>Object(n.some)({category:"kibana",field:"kibana.alert.rule.uuid"},e),r=({data:e})=>{var t;if(!i(e))return!1;const a=null===(t=Object(n.find)({field:"agent.type"},e))||void 0===t?void 0:t.values;return!!a&&"endpoint"===a[0]},o=({ecsData:e})=>{if(null==e)return!1;const t=Object(n.getOr)([],"kibana.alert.original_event.module",e),a=Object(n.getOr)([],"kibana.alert.original_event.kind",e);return t.includes("endpoint")&&a.includes("alert")}},function(e,t,a){"use strict";a.d(t,"a",(function(){return m})),a.d(t,"b",(function(){return g})),a.d(t,"c",(function(){return y}));var n=a(109),i=a(42),r=a(2),o=a(188),s=a(1387),l=a(485),c=a(434),u=a(380),d=a(167),p=a(142);const m=(e,t,a,i=p.e,r=!1)=>({and:[],enabled:!0,id:Object(n.j)(t),name:e,excluded:r,kqlQuery:"",queryMatch:{field:e,value:a,operator:i,displayValue:Object(c.d)(a)}}),g=(e,t,a,n=p.e,i=!1)=>{const{and:r,...o}=m(e,t,a,n,i);return o},y=({contextId:e,eventId:t,field:a,fieldFormat:n,fieldFromBrowserField:c,fieldType:p,isObjectArray:g,linkValue:y,values:f})=>Object(r.useMemo)((()=>{if(null==f)return null;const r=Array.isArray(f)?f:[f];let b=[];return r.length>1&&(b=[{meta:{},query:{bool:{must:r.map((e=>({term:{[a]:e}})))}}}]),r.reduce(((r,b,h)=>{let E="",v=Object(i.isString)(b)?b:`${f}`;const x=`${e}-${t}-${a}-${h}-${b}`;if(null==c)return r.values.push(v),r;if(g||p===o.f||[o.i].includes(a))return r.values.push(v),r;if(p===o.h){if(E=`formatted-ip-data-provider-${e}-${a}-${b}-${t}`,Object(i.isString)(b)&&!Object(i.isEmpty)(b)){let e=b;try{e=JSON.parse(b)}catch(e){}return Object(i.isArray)(e)&&(v=e.join(","),e.forEach((e=>r.dataProviders.push(m(a,E,e))))),r.dataProviders.push(m(a,E,e)),r.values.push(v),r}}else u.b.some((e=>a===e))?E=`port-default-draggable-${x}`:a===l.b?E=`duration-default-draggable-${x}`:a===o.g?E=`event-details-value-default-draggable-${x}`:n===s.a?E=`bytes-default-draggable-${x}`:a===o.n?E=`event-details-value-default-draggable-${x}-${y}`:a===o.c?E=`event-details-value-default-draggable-${x}-${b}`:a===o.o?E=`alert-details-value-default-draggable-${x}`:a===o.a?(E=`event-details-value-default-draggable-${x}`,v="string"==typeof b?b:""):E=[o.m,o.l,o.e,d.j].includes(a)?`event-details-value-default-draggable-${x}-${b}`:`event-details-value-default-draggable-${x}`;return r.values.push(v),r.dataProviders.push(m(a,E,b)),r}),{values:[],dataProviders:[],filters:b})}),[e,t,a,n,c,p,g,y,f])},,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return g}));var n=a(2),i=a.n(n),r=a(42),o=a(48),s=a(1408);const{euiColorVis0:l,euiColorVis5:c,euiColorVis7:u,euiColorVis9:d}=o.euiLightVars,p={low:l,medium:c,high:u,critical:d},m=({value:e})=>{var t;const a=Object(r.upperFirst)(e),n=null!==(t=p[e])&&void 0!==t?t:"subdued";return i.a.createElement(s.a,{healthColor:n,tooltipContent:a,dataTestSubj:"severity"},a)},g=i.a.memo(m)},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(40),i=a(2),r=a.n(i),o=a(168);const s=({dataTestSubj:e,descriptionList:t})=>r.a.createElement(n.EuiFlexItem,{grow:!0},r.a.createElement(o.d,{"data-test-subj":e,listItems:t}))},function(e,t,a){"use strict";a.d(t,"b",(function(){return y})),a.d(t,"a",(function(){return x}));var n=a(2),i=a.n(n),r=a(44),o=a(40),s=a(41),l=a.n(s),c=a(165),u=a(153),d=a(117),p=a(168),m=a(224);const g=l.a.div.withConfig({displayName:"Subtext",componentId:"sc-19v49l5-0"})(["font-size:",";"],(e=>e.theme.eui.euiFontSizeXS)),y=({values:e,fieldName:t,idPrefix:a,render:n,displayCount:r=5,maxOverflow:o=5})=>{if(null!=e&&e.length>0){const s=e.slice(0,r).map(((e,r)=>{const o=Object(u.i)(`${a}-${t}-${e}-${r}`);return i.a.createElement(c.c,{key:o,mode:c.a.HOVER_DOWN,visibleCellActions:5,showActionTooltips:!0,triggerId:c.d.DEFAULT,data:{value:e,field:t}},i.a.createElement(i.a.Fragment,null,n?n(e):Object(d.a)(e)))}));return s.length>0?i.a.createElement(i.a.Fragment,null,s," ",i.a.createElement(b,{fieldName:t,values:e,idPrefix:a,maxOverflowItems:o,overflowIndexStart:r})):Object(d.d)()}return Object(d.d)()},f=({fieldName:e,values:t,idPrefix:a,maxOverflowItems:n=5,overflowIndexStart:s=5})=>i.a.createElement(i.a.Fragment,null,t.length>s&&i.a.createElement(E,{count:t.length-s,idPrefix:a},i.a.createElement(o.EuiText,{size:"xs"},i.a.createElement(m.c,{fieldName:e,idPrefix:a,values:t,overflowIndexStart:s,moreMaxHeight:"none"}),t.length>s+n&&i.a.createElement("p",{"data-test-subj":"popover-additional-overflow"},i.a.createElement(o.EuiTextColor,{color:"subdued"},t.length-s-n," ",i.a.createElement(r.FormattedMessage,{id:"xpack.securitySolution.tables.rowItemHelper.moreDescription",defaultMessage:"more not shown"}))))));f.displayName="RowItemOverflowComponent";const b=i.a.memo(f),h=({children:e,count:t,idPrefix:a})=>{const[s,l]=Object(n.useState)(!1),c=Object(n.useCallback)((()=>{l(!s)}),[s]);return i.a.createElement(g,null,i.a.createElement(o.EuiPopover,{button:i.a.createElement(o.EuiLink,{onClick:c,"data-test-subj":"overflow-button"},i.a.createElement(r.FormattedMessage,{id:"xpack.securitySolution.tables.rowItemHelper.overflowButtonDescription",defaultMessage:"+{count} More",values:{count:t}})),closePopover:()=>l(!s),id:`${a}-popover`,isOpen:s,panelClassName:"withHoverActions__popover",repositionOnScroll:!0},e))};h.displayName="PopoverComponent";const E=i.a.memo(h);E.displayName="Popover";const v=({value:e,showToolTip:t=!0,overflowLength:a=50})=>i.a.createElement("span",null,t?i.a.createElement(o.EuiToolTip,{"data-test-subj":"message-tooltip",content:"message"},i.a.createElement(i.a.Fragment,null,e.substring(0,a))):i.a.createElement(i.a.Fragment,null,e.substring(0,a)),e.length>a&&i.a.createElement(o.EuiToolTip,{content:e},i.a.createElement(p.f,{type:"boxesHorizontal"})));v.displayName="OverflowFieldComponent";const x=i.a.memo(v);x.displayName="OverflowField"},function(e,t,a){"use strict";a.d(t,"a",(function(){return c})),a.d(t,"b",(function(){return u})),a.d(t,"c",(function(){return d}));var n=a(46),i=a(2),r=a(4),o=a(143),s=a(354);const l=["GET",r.hb],c=(e,t)=>Object(n.useQuery)([...l,e],(async({signal:t})=>{const a=await Object(o.j)({signal:t,...e});return{rules:a.data,total:a.total}}),{...s.a,staleTime:0,...t}),u=()=>{const e=Object(n.useQueryClient)();return Object(i.useCallback)((()=>{e.invalidateQueries(l,{refetchType:"active"})}),[e])},d=()=>{const e=Object(n.useQueryClient)();return Object(i.useCallback)((t=>{e.setQueriesData(l,(e=>e?{rules:p(e.rules,t),total:e.total}:void 0))}),[e])};function p(e,t){const a=new Map(t.map((e=>[e.id,e])));return e.some((e=>a.has(e.id)))?e.map((e=>{var t;return null!==(t=a.get(e.id))&&void 0!==t?t:e})):e}},function(e,t,a){"use strict";a.d(t,"d",(function(){return o})),a.d(t,"a",(function(){return s})),a.d(t,"c",(function(){return l})),a.d(t,"b",(function(){return c}));var n=a(137),i=a(204),r=a(586);const o=e=>"boolean"==typeof e,s=(e,t)=>{var a;return null==e||!((null===(a=e.actions)||void 0===a?void 0:a.length)>0&&o(t))||t},l=e=>null==e||e,c=(e,t,a,o)=>null==e?void 0:Object(i.d)(e.type)&&!t?r.d:s(e,a)?l(o)?void 0:n.Rb:n.Qb},function(e,t,a){"use strict";a.d(t,"g",(function(){return E})),a.d(t,"b",(function(){return k})),a.d(t,"f",(function(){return w})),a.d(t,"c",(function(){return I})),a.d(t,"h",(function(){return M})),a.d(t,"d",(function(){return q})),a.d(t,"e",(function(){return P})),a.d(t,"a",(function(){return L}));var n=a(62),i=a.n(n),r=a(50),o=a.n(r),s=a(240),l=a.n(s),c=(a(45),a(41)),u=a.n(c),d=a(40),p=a(163),m=a(197),g=a(207),y=a(145),f=a(737),b=a(213),h=a(739);const E=({rule:e,detailsView:t=!1})=>{const a=x(e);return{aboutRuleData:j(e,t),modifiedAboutRuleDetailsData:C(e),defineRuleData:a,scheduleRuleData:S(e),ruleActionsData:v(e)}},v=e=>{const{enabled:t,meta:a,actions:n=[],response_actions:i}=e;return{actions:null==n?void 0:n.map(f.d),responseActions:null==i?void 0:i.map(f.e),kibanaSiemAppUrl:null==a?void 0:a.kibana_siem_app_url,enabled:t}},x=e=>{var t,a,n,i,r,o,s,l,c,u,d,p,y,f,h,E,v,x,S,w,j,O,I,T,C,M,F,D;return{ruleType:e.type,anomalyThreshold:null!==(t=e.anomaly_threshold)&&void 0!==t?t:50,machineLearningJobId:null!==(a=e.machine_learning_job_id)&&void 0!==a?a:[],index:null!==(n=e.index)&&void 0!==n?n:[],dataViewId:e.data_view_id,threatIndex:null!==(i=e.threat_index)&&void 0!==i?i:[],threatQueryBar:{query:{query:null!==(r=e.threat_query)&&void 0!==r?r:"",language:null!==(o=e.threat_language)&&void 0!==o?o:""},filters:null!==(s=e.threat_filters)&&void 0!==s?s:[],saved_id:null},threatMapping:null!==(l=e.threat_mapping)&&void 0!==l?l:[],queryBar:{query:{query:null!==(c=e.query)&&void 0!==c?c:"",language:null!==(u=e.language)&&void 0!==u?u:""},filters:null!==(d=e.filters)&&void 0!==d?d:[],saved_id:null!==(p=e.saved_id)&&void 0!==p?p:null},relatedIntegrations:null!==(y=e.related_integrations)&&void 0!==y?y:[],requiredFields:null!==(f=e.required_fields)&&void 0!==f?f:[],timeline:{id:null!==(h=e.timeline_id)&&void 0!==h?h:null,title:null!==(E=e.timeline_title)&&void 0!==E?E:null},threshold:{field:Object(m.h)(null===(v=e.threshold)||void 0===v?void 0:v.field),value:`${(null===(x=e.threshold)||void 0===x?void 0:x.value)||100}`,...null!==(S=e.threshold)&&void 0!==S&&null!==(w=S.cardinality)&&void 0!==w&&w.length?{cardinality:{field:[`${e.threshold.cardinality[0].field}`],value:`${e.threshold.cardinality[0].value}`}}:{}},eqlOptions:{timestampField:e.timestamp_field,eventCategoryField:e.event_category_override,tiebreakerField:e.tiebreaker_field},dataSourceType:e.data_view_id?b.a.DataView:b.a.IndexPatterns,newTermsFields:null!==(j=e.new_terms_fields)&&void 0!==j?j:[],historyWindowSize:e.history_window_start?k(e.history_window_start):"7d",shouldLoadQueryDynamically:Boolean("saved_query"===e.type&&e.saved_id),groupByFields:null!==(O=null===(I=e.alert_suppression)||void 0===I?void 0:I.group_by)&&void 0!==O?O:[],groupByRadioSelection:null!==(T=e.alert_suppression)&&void 0!==T&&T.duration?b.b.PerTimePeriod:b.b.PerRuleExecution,groupByDuration:null!==(C=null===(M=e.alert_suppression)||void 0===M?void 0:M.duration)&&void 0!==C?C:{value:5,unit:"m"},suppressionMissingFields:null!==(F=null===(D=e.alert_suppression)||void 0===D?void 0:D.missing_fields_strategy)&&void 0!==F?F:g.f}},k=e=>e.startsWith("now-")?e.substring(4):e,S=e=>{const{interval:t,from:a}=e;return{interval:t,from:w(a,t)}},w=(e,t)=>{var a,n;const r=null!==(a=i.a.parse(e))&&void 0!==a?a:o()(),s=null!==(n=i.a.parse(`now-${t}`))&&void 0!==n?n:o()(),l=o.a.duration(s.diff(r)),c=Math.floor(l.asSeconds());return 0===c?"0s":c%3600==0?c/3600+"h":c%60==0?c/60+"m":`${c}s`},j=(e,t)=>{var a;const{name:n,description:i,note:r}=T(e,t),{author:o,building_block_type:s,exceptions_list:l,license:c,risk_score_mapping:u,rule_name_override:d,severity_mapping:m,timestamp_override:g,timestamp_override_fallback_disabled:y,references:f,severity:b,false_positives:h,risk_score:E,investigation_fields:v,tags:x,threat:k,threat_indicator_path:S}=e;return{author:o,isAssociatedToEndpointList:null!==(a=null==l?void 0:l.some((({id:e})=>e===p.k)))&&void 0!==a&&a,isBuildingBlock:void 0!==s,license:null!=c?c:"",ruleNameOverride:null!=d?d:"",timestampOverride:null!=g?g:"",timestampOverrideFallbackDisabled:y,name:n,description:i,note:r,references:f,severity:{value:b,mapping:I(m),isMappingChecked:m.length>0},tags:x,riskScore:{value:E,mapping:u,isMappingChecked:u.length>0},falsePositives:h,investigationFields:null!=v?v:[],threat:k,threatIndicatorPath:S}},O={low:0,medium:1,high:2,critical:3},I=e=>{const t=h.i.flatMap((t=>null==e.find((e=>e.severity===t.value))?[{field:"",value:"",operator:"equals",severity:t.value}]:[]));return[...e,...t].sort(((e,t)=>O[e.severity]-O[t.severity]))},T=(e,t)=>{const{name:a,description:n,note:i}=e;return t?{name:"",description:"",note:""}:{name:a,description:n,note:null!=i?i:""}},C=e=>{var t,a;return{note:null!==(t=e.note)&&void 0!==t?t:"",description:e.description,setup:null!==(a=e.setup)&&void 0!==a?a:""}},M=(e,t,a,n)=>!1===e||!1===t||!1===a||n,F=["id","name","description","false_positives","investigation_fields","rule_id","max_signals","risk_score","output_index","references","severity","timeline_id","timeline_title","threat","type","version"],D=["index","filters","language","query","saved_id","response_actions"],A=["anomaly_threshold","machine_learning_job_id"],_=["threshold",...D],N=e=>{switch(e){case"machine_learning":return A;case"threshold":return _;case"new_terms":case"threat_match":case"query":case"saved_query":case"eql":return D}Object(y.a)(e)},R=e=>({state:[{name:"signals_count",description:"state.signals_count"}],params:[],context:[{name:"results_link",description:"context.results_link",useWithTripleBracesInTemplates:!0},{name:"alerts",description:"context.alerts"},...e.map((e=>{const t=`rule.${e}`;return{name:t,description:`context.${t}`}}))]}),q=l()((e=>{if(!e)return{state:[],params:[]};const t=(e=>[...F,...N(e)].sort())(e);return R(t)})),P=()=>R((()=>{const e=[...F,...D,...A,..._].sort();return Array.from(new Set(e))})()),L=u()(d.EuiFlexItem).withConfig({displayName:"MaxWidthEuiFlexItem",componentId:"sc-15hicli-0"})(["max-width:1000px;overflow:hidden;"])},function(e,t,a){"use strict";a.d(t,"a",(function(){return h}));var n=a(41),i=a.n(n),r=a(40),o=a(2),s=a.n(o),l=(a(21),a(674)),c=a(679),u=a(1051),d=a(169),p=a(102);const m=i.a.div.attrs({className:"securitySolutionHeaderPage__linkBack"}).withConfig({displayName:"LinkBack",componentId:"sc-1acc7vc-0"})(["",""],(({theme:e})=>Object(n.css)(["font-size:",";line-height:",";margin-bottom:",";"],e.eui.euiFontSizeXS,e.eui.euiLineHeight,e.eui.euiSizeS)));m.displayName="LinkBack";const g=i()(r.EuiPageHeaderSection).withConfig({displayName:"HeaderSection",componentId:"sc-1acc7vc-1"})(["min-width:0;max-width:100%;"]);function y(){const{euiTheme:e}=Object(r.useEuiTheme)();return s.a.createElement(E,{$_css:e.border.thin})}g.displayName="HeaderSection";const f=s.a.memo((({backOptions:e})=>{var t,a;const{navigateToUrl:n}=Object(p.j)().services.application,{formatUrl:i}=Object(d.m)(e.pageId),r=i(null!==(t=e.path)&&void 0!==t?t:"");return s.a.createElement(m,null,s.a.createElement(l.a,{dataTestSubj:null!==(a=e.dataTestSubj)&&void 0!==a?a:"link-back",onClick:e=>{e.preventDefault(),n(r)},href:r,iconType:"arrowLeft"},e.text))}));f.displayName="HeaderLinkBack";const b=({backOptions:e,backComponent:t,badgeOptions:a,border:n,children:i,isLoading:o,rightSideItems:l,subtitle:d,subtitle2:p,title:m,titleNode:b})=>s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiPageHeader,{alignItems:"center",rightSideItems:l},s.a.createElement(g,null,e&&s.a.createElement(f,{backOptions:e}),!e&&t&&s.a.createElement(s.a.Fragment,null,t),b||s.a.createElement(u.a,{title:m,badgeOptions:a}),d&&s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiSpacer,{size:"s"}),s.a.createElement(c.a,{"data-test-subj":"header-page-subtitle",items:d})),n&&o&&s.a.createElement(r.EuiProgress,{size:"xs",color:"accent"})),i&&s.a.createElement(r.EuiPageHeaderSection,{"data-test-subj":"header-page-supplements"},i)),p&&s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiSpacer,{size:"xs"}),s.a.createElement(c.a,{"data-test-subj":"header-page-subtitle-2",items:p})),n&&s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiSpacer,{size:"m"}),s.a.createElement(y,null)),s.a.createElement(r.EuiSpacer,{size:"l"})),h=s.a.memo(b);var E=i()("div").withConfig({displayName:"_StyledDiv",componentId:"sc-1acc7vc-2"})(["border-bottom:",";"],(e=>e.$_css))},function(e,t,a){"use strict";a.d(t,"e",(function(){return k})),a.d(t,"f",(function(){return S})),a.d(t,"g",(function(){return w})),a.d(t,"c",(function(){return I})),a.d(t,"a",(function(){return C})),a.d(t,"b",(function(){return M})),a.d(t,"d",(function(){return F}));var n=a(8);const i={"@timestamp":{type:"date",array:!1,required:!0},"agent.build.original":{type:"keyword",array:!1,required:!1},"agent.ephemeral_id":{type:"keyword",array:!1,required:!1},"agent.id":{type:"keyword",array:!1,required:!1},"agent.name":{type:"keyword",array:!1,required:!1},"agent.type":{type:"keyword",array:!1,required:!1},"agent.version":{type:"keyword",array:!1,required:!1},"client.address":{type:"keyword",array:!1,required:!1},"client.as.number":{type:"long",array:!1,required:!1},"client.as.organization.name":{type:"keyword",array:!1,required:!1},"client.bytes":{type:"long",array:!1,required:!1},"client.domain":{type:"keyword",array:!1,required:!1},"client.geo.city_name":{type:"keyword",array:!1,required:!1},"client.geo.continent_code":{type:"keyword",array:!1,required:!1},"client.geo.continent_name":{type:"keyword",array:!1,required:!1},"client.geo.country_iso_code":{type:"keyword",array:!1,required:!1},"client.geo.country_name":{type:"keyword",array:!1,required:!1},"client.geo.location":{type:"geo_point",array:!1,required:!1},"client.geo.name":{type:"keyword",array:!1,required:!1},"client.geo.postal_code":{type:"keyword",array:!1,required:!1},"client.geo.region_iso_code":{type:"keyword",array:!1,required:!1},"client.geo.region_name":{type:"keyword",array:!1,required:!1},"client.geo.timezone":{type:"keyword",array:!1,required:!1},"client.ip":{type:"ip",array:!1,required:!1},"client.mac":{type:"keyword",array:!1,required:!1},"client.nat.ip":{type:"ip",array:!1,required:!1},"client.nat.port":{type:"long",array:!1,required:!1},"client.packets":{type:"long",array:!1,required:!1},"client.port":{type:"long",array:!1,required:!1},"client.registered_domain":{type:"keyword",array:!1,required:!1},"client.subdomain":{type:"keyword",array:!1,required:!1},"client.top_level_domain":{type:"keyword",array:!1,required:!1},"client.user.domain":{type:"keyword",array:!1,required:!1},"client.user.email":{type:"keyword",array:!1,required:!1},"client.user.full_name":{type:"keyword",array:!1,required:!1},"client.user.group.domain":{type:"keyword",array:!1,required:!1},"client.user.group.id":{type:"keyword",array:!1,required:!1},"client.user.group.name":{type:"keyword",array:!1,required:!1},"client.user.hash":{type:"keyword",array:!1,required:!1},"client.user.id":{type:"keyword",array:!1,required:!1},"client.user.name":{type:"keyword",array:!1,required:!1},"client.user.roles":{type:"keyword",array:!0,required:!1},"cloud.account.id":{type:"keyword",array:!1,required:!1},"cloud.account.name":{type:"keyword",array:!1,required:!1},"cloud.availability_zone":{type:"keyword",array:!1,required:!1},"cloud.instance.id":{type:"keyword",array:!1,required:!1},"cloud.instance.name":{type:"keyword",array:!1,required:!1},"cloud.machine.type":{type:"keyword",array:!1,required:!1},"cloud.origin.account.id":{type:"keyword",array:!1,required:!1},"cloud.origin.account.name":{type:"keyword",array:!1,required:!1},"cloud.origin.availability_zone":{type:"keyword",array:!1,required:!1},"cloud.origin.instance.id":{type:"keyword",array:!1,required:!1},"cloud.origin.instance.name":{type:"keyword",array:!1,required:!1},"cloud.origin.machine.type":{type:"keyword",array:!1,required:!1},"cloud.origin.project.id":{type:"keyword",array:!1,required:!1},"cloud.origin.project.name":{type:"keyword",array:!1,required:!1},"cloud.origin.provider":{type:"keyword",array:!1,required:!1},"cloud.origin.region":{type:"keyword",array:!1,required:!1},"cloud.origin.service.name":{type:"keyword",array:!1,required:!1},"cloud.project.id":{type:"keyword",array:!1,required:!1},"cloud.project.name":{type:"keyword",array:!1,required:!1},"cloud.provider":{type:"keyword",array:!1,required:!1},"cloud.region":{type:"keyword",array:!1,required:!1},"cloud.service.name":{type:"keyword",array:!1,required:!1},"cloud.target.account.id":{type:"keyword",array:!1,required:!1},"cloud.target.account.name":{type:"keyword",array:!1,required:!1},"cloud.target.availability_zone":{type:"keyword",array:!1,required:!1},"cloud.target.instance.id":{type:"keyword",array:!1,required:!1},"cloud.target.instance.name":{type:"keyword",array:!1,required:!1},"cloud.target.machine.type":{type:"keyword",array:!1,required:!1},"cloud.target.project.id":{type:"keyword",array:!1,required:!1},"cloud.target.project.name":{type:"keyword",array:!1,required:!1},"cloud.target.provider":{type:"keyword",array:!1,required:!1},"cloud.target.region":{type:"keyword",array:!1,required:!1},"cloud.target.service.name":{type:"keyword",array:!1,required:!1},"container.id":{type:"keyword",array:!1,required:!1},"container.image.name":{type:"keyword",array:!1,required:!1},"container.image.tag":{type:"keyword",array:!0,required:!1},"container.labels":{type:"object",array:!1,required:!1},"container.name":{type:"keyword",array:!1,required:!1},"container.runtime":{type:"keyword",array:!1,required:!1},"destination.address":{type:"keyword",array:!1,required:!1},"destination.as.number":{type:"long",array:!1,required:!1},"destination.as.organization.name":{type:"keyword",array:!1,required:!1},"destination.bytes":{type:"long",array:!1,required:!1},"destination.domain":{type:"keyword",array:!1,required:!1},"destination.geo.city_name":{type:"keyword",array:!1,required:!1},"destination.geo.continent_code":{type:"keyword",array:!1,required:!1},"destination.geo.continent_name":{type:"keyword",array:!1,required:!1},"destination.geo.country_iso_code":{type:"keyword",array:!1,required:!1},"destination.geo.country_name":{type:"keyword",array:!1,required:!1},"destination.geo.location":{type:"geo_point",array:!1,required:!1},"destination.geo.name":{type:"keyword",array:!1,required:!1},"destination.geo.postal_code":{type:"keyword",array:!1,required:!1},"destination.geo.region_iso_code":{type:"keyword",array:!1,required:!1},"destination.geo.region_name":{type:"keyword",array:!1,required:!1},"destination.geo.timezone":{type:"keyword",array:!1,required:!1},"destination.ip":{type:"ip",array:!1,required:!1},"destination.mac":{type:"keyword",array:!1,required:!1},"destination.nat.ip":{type:"ip",array:!1,required:!1},"destination.nat.port":{type:"long",array:!1,required:!1},"destination.packets":{type:"long",array:!1,required:!1},"destination.port":{type:"long",array:!1,required:!1},"destination.registered_domain":{type:"keyword",array:!1,required:!1},"destination.subdomain":{type:"keyword",array:!1,required:!1},"destination.top_level_domain":{type:"keyword",array:!1,required:!1},"destination.user.domain":{type:"keyword",array:!1,required:!1},"destination.user.email":{type:"keyword",array:!1,required:!1},"destination.user.full_name":{type:"keyword",array:!1,required:!1},"destination.user.group.domain":{type:"keyword",array:!1,required:!1},"destination.user.group.id":{type:"keyword",array:!1,required:!1},"destination.user.group.name":{type:"keyword",array:!1,required:!1},"destination.user.hash":{type:"keyword",array:!1,required:!1},"destination.user.id":{type:"keyword",array:!1,required:!1},"destination.user.name":{type:"keyword",array:!1,required:!1},"destination.user.roles":{type:"keyword",array:!0,required:!1},"dll.code_signature.digest_algorithm":{type:"keyword",array:!1,required:!1},"dll.code_signature.exists":{type:"boolean",array:!1,required:!1},"dll.code_signature.signing_id":{type:"keyword",array:!1,required:!1},"dll.code_signature.status":{type:"keyword",array:!1,required:!1},"dll.code_signature.subject_name":{type:"keyword",array:!1,required:!1},"dll.code_signature.team_id":{type:"keyword",array:!1,required:!1},"dll.code_signature.timestamp":{type:"date",array:!1,required:!1},"dll.code_signature.trusted":{type:"boolean",array:!1,required:!1},"dll.code_signature.valid":{type:"boolean",array:!1,required:!1},"dll.hash.md5":{type:"keyword",array:!1,required:!1},"dll.hash.sha1":{type:"keyword",array:!1,required:!1},"dll.hash.sha256":{type:"keyword",array:!1,required:!1},"dll.hash.sha512":{type:"keyword",array:!1,required:!1},"dll.hash.ssdeep":{type:"keyword",array:!1,required:!1},"dll.name":{type:"keyword",array:!1,required:!1},"dll.path":{type:"keyword",array:!1,required:!1},"dll.pe.architecture":{type:"keyword",array:!1,required:!1},"dll.pe.company":{type:"keyword",array:!1,required:!1},"dll.pe.description":{type:"keyword",array:!1,required:!1},"dll.pe.file_version":{type:"keyword",array:!1,required:!1},"dll.pe.imphash":{type:"keyword",array:!1,required:!1},"dll.pe.original_file_name":{type:"keyword",array:!1,required:!1},"dll.pe.product":{type:"keyword",array:!1,required:!1},"dns.answers":{type:"object",array:!0,required:!1},"dns.answers.class":{type:"keyword",array:!1,required:!1},"dns.answers.data":{type:"keyword",array:!1,required:!1},"dns.answers.name":{type:"keyword",array:!1,required:!1},"dns.answers.ttl":{type:"long",array:!1,required:!1},"dns.answers.type":{type:"keyword",array:!1,required:!1},"dns.header_flags":{type:"keyword",array:!0,required:!1},"dns.id":{type:"keyword",array:!1,required:!1},"dns.op_code":{type:"keyword",array:!1,required:!1},"dns.question.class":{type:"keyword",array:!1,required:!1},"dns.question.name":{type:"keyword",array:!1,required:!1},"dns.question.registered_domain":{type:"keyword",array:!1,required:!1},"dns.question.subdomain":{type:"keyword",array:!1,required:!1},"dns.question.top_level_domain":{type:"keyword",array:!1,required:!1},"dns.question.type":{type:"keyword",array:!1,required:!1},"dns.resolved_ip":{type:"ip",array:!0,required:!1},"dns.response_code":{type:"keyword",array:!1,required:!1},"dns.type":{type:"keyword",array:!1,required:!1},"ecs.version":{type:"keyword",array:!1,required:!0},"error.code":{type:"keyword",array:!1,required:!1},"error.id":{type:"keyword",array:!1,required:!1},"error.message":{type:"match_only_text",array:!1,required:!1},"error.stack_trace":{type:"wildcard",array:!1,required:!1},"error.type":{type:"keyword",array:!1,required:!1},"event.action":{type:"keyword",array:!1,required:!1},"event.agent_id_status":{type:"keyword",array:!1,required:!1},"event.category":{type:"keyword",array:!0,required:!1},"event.code":{type:"keyword",array:!1,required:!1},"event.created":{type:"date",array:!1,required:!1},"event.dataset":{type:"keyword",array:!1,required:!1},"event.duration":{type:"long",array:!1,required:!1},"event.end":{type:"date",array:!1,required:!1},"event.hash":{type:"keyword",array:!1,required:!1},"event.id":{type:"keyword",array:!1,required:!1},"event.ingested":{type:"date",array:!1,required:!1},"event.kind":{type:"keyword",array:!1,required:!1},"event.module":{type:"keyword",array:!1,required:!1},"event.original":{type:"keyword",array:!1,required:!1},"event.outcome":{type:"keyword",array:!1,required:!1},"event.provider":{type:"keyword",array:!1,required:!1},"event.reason":{type:"keyword",array:!1,required:!1},"event.reference":{type:"keyword",array:!1,required:!1},"event.risk_score":{type:"float",array:!1,required:!1},"event.risk_score_norm":{type:"float",array:!1,required:!1},"event.sequence":{type:"long",array:!1,required:!1},"event.severity":{type:"long",array:!1,required:!1},"event.start":{type:"date",array:!1,required:!1},"event.timezone":{type:"keyword",array:!1,required:!1},"event.type":{type:"keyword",array:!0,required:!1},"event.url":{type:"keyword",array:!1,required:!1},"faas.coldstart":{type:"boolean",array:!1,required:!1},"faas.execution":{type:"keyword",array:!1,required:!1},"faas.trigger":{type:"nested",array:!1,required:!1},"faas.trigger.request_id":{type:"keyword",array:!1,required:!1},"faas.trigger.type":{type:"keyword",array:!1,required:!1},"file.accessed":{type:"date",array:!1,required:!1},"file.attributes":{type:"keyword",array:!0,required:!1},"file.code_signature.digest_algorithm":{type:"keyword",array:!1,required:!1},"file.code_signature.exists":{type:"boolean",array:!1,required:!1},"file.code_signature.signing_id":{type:"keyword",array:!1,required:!1},"file.code_signature.status":{type:"keyword",array:!1,required:!1},"file.code_signature.subject_name":{type:"keyword",array:!1,required:!1},"file.code_signature.team_id":{type:"keyword",array:!1,required:!1},"file.code_signature.timestamp":{type:"date",array:!1,required:!1},"file.code_signature.trusted":{type:"boolean",array:!1,required:!1},"file.code_signature.valid":{type:"boolean",array:!1,required:!1},"file.created":{type:"date",array:!1,required:!1},"file.ctime":{type:"date",array:!1,required:!1},"file.device":{type:"keyword",array:!1,required:!1},"file.directory":{type:"keyword",array:!1,required:!1},"file.drive_letter":{type:"keyword",array:!1,required:!1},"file.elf.architecture":{type:"keyword",array:!1,required:!1},"file.elf.byte_order":{type:"keyword",array:!1,required:!1},"file.elf.cpu_type":{type:"keyword",array:!1,required:!1},"file.elf.creation_date":{type:"date",array:!1,required:!1},"file.elf.exports":{type:"flattened",array:!0,required:!1},"file.elf.header.abi_version":{type:"keyword",array:!1,required:!1},"file.elf.header.class":{type:"keyword",array:!1,required:!1},"file.elf.header.data":{type:"keyword",array:!1,required:!1},"file.elf.header.entrypoint":{type:"long",array:!1,required:!1},"file.elf.header.object_version":{type:"keyword",array:!1,required:!1},"file.elf.header.os_abi":{type:"keyword",array:!1,required:!1},"file.elf.header.type":{type:"keyword",array:!1,required:!1},"file.elf.header.version":{type:"keyword",array:!1,required:!1},"file.elf.imports":{type:"flattened",array:!0,required:!1},"file.elf.sections":{type:"nested",array:!0,required:!1},"file.elf.sections.chi2":{type:"long",array:!1,required:!1},"file.elf.sections.entropy":{type:"long",array:!1,required:!1},"file.elf.sections.flags":{type:"keyword",array:!1,required:!1},"file.elf.sections.name":{type:"keyword",array:!1,required:!1},"file.elf.sections.physical_offset":{type:"keyword",array:!1,required:!1},"file.elf.sections.physical_size":{type:"long",array:!1,required:!1},"file.elf.sections.type":{type:"keyword",array:!1,required:!1},"file.elf.sections.virtual_address":{type:"long",array:!1,required:!1},"file.elf.sections.virtual_size":{type:"long",array:!1,required:!1},"file.elf.segments":{type:"nested",array:!0,required:!1},"file.elf.segments.sections":{type:"keyword",array:!1,required:!1},"file.elf.segments.type":{type:"keyword",array:!1,required:!1},"file.elf.shared_libraries":{type:"keyword",array:!0,required:!1},"file.elf.telfhash":{type:"keyword",array:!1,required:!1},"file.extension":{type:"keyword",array:!1,required:!1},"file.fork_name":{type:"keyword",array:!1,required:!1},"file.gid":{type:"keyword",array:!1,required:!1},"file.group":{type:"keyword",array:!1,required:!1},"file.hash.md5":{type:"keyword",array:!1,required:!1},"file.hash.sha1":{type:"keyword",array:!1,required:!1},"file.hash.sha256":{type:"keyword",array:!1,required:!1},"file.hash.sha512":{type:"keyword",array:!1,required:!1},"file.hash.ssdeep":{type:"keyword",array:!1,required:!1},"file.inode":{type:"keyword",array:!1,required:!1},"file.mime_type":{type:"keyword",array:!1,required:!1},"file.mode":{type:"keyword",array:!1,required:!1},"file.mtime":{type:"date",array:!1,required:!1},"file.name":{type:"keyword",array:!1,required:!1},"file.owner":{type:"keyword",array:!1,required:!1},"file.path":{type:"keyword",array:!1,required:!1},"file.pe.architecture":{type:"keyword",array:!1,required:!1},"file.pe.company":{type:"keyword",array:!1,required:!1},"file.pe.description":{type:"keyword",array:!1,required:!1},"file.pe.file_version":{type:"keyword",array:!1,required:!1},"file.pe.imphash":{type:"keyword",array:!1,required:!1},"file.pe.original_file_name":{type:"keyword",array:!1,required:!1},"file.pe.product":{type:"keyword",array:!1,required:!1},"file.size":{type:"long",array:!1,required:!1},"file.target_path":{type:"keyword",array:!1,required:!1},"file.type":{type:"keyword",array:!1,required:!1},"file.uid":{type:"keyword",array:!1,required:!1},"file.x509.alternative_names":{type:"keyword",array:!0,required:!1},"file.x509.issuer.common_name":{type:"keyword",array:!0,required:!1},"file.x509.issuer.country":{type:"keyword",array:!0,required:!1},"file.x509.issuer.distinguished_name":{type:"keyword",array:!1,required:!1},"file.x509.issuer.locality":{type:"keyword",array:!0,required:!1},"file.x509.issuer.organization":{type:"keyword",array:!0,required:!1},"file.x509.issuer.organizational_unit":{type:"keyword",array:!0,required:!1},"file.x509.issuer.state_or_province":{type:"keyword",array:!0,required:!1},"file.x509.not_after":{type:"date",array:!1,required:!1},"file.x509.not_before":{type:"date",array:!1,required:!1},"file.x509.public_key_algorithm":{type:"keyword",array:!1,required:!1},"file.x509.public_key_curve":{type:"keyword",array:!1,required:!1},"file.x509.public_key_exponent":{type:"long",array:!1,required:!1},"file.x509.public_key_size":{type:"long",array:!1,required:!1},"file.x509.serial_number":{type:"keyword",array:!1,required:!1},"file.x509.signature_algorithm":{type:"keyword",array:!1,required:!1},"file.x509.subject.common_name":{type:"keyword",array:!0,required:!1},"file.x509.subject.country":{type:"keyword",array:!0,required:!1},"file.x509.subject.distinguished_name":{type:"keyword",array:!1,required:!1},"file.x509.subject.locality":{type:"keyword",array:!0,required:!1},"file.x509.subject.organization":{type:"keyword",array:!0,required:!1},"file.x509.subject.organizational_unit":{type:"keyword",array:!0,required:!1},"file.x509.subject.state_or_province":{type:"keyword",array:!0,required:!1},"file.x509.version_number":{type:"keyword",array:!1,required:!1},"group.domain":{type:"keyword",array:!1,required:!1},"group.id":{type:"keyword",array:!1,required:!1},"group.name":{type:"keyword",array:!1,required:!1},"host.architecture":{type:"keyword",array:!1,required:!1},"host.boot.id":{type:"keyword",array:!1,required:!1},"host.cpu.usage":{type:"scaled_float",array:!1,required:!1,scaling_factor:1e3},"host.disk.read.bytes":{type:"long",array:!1,required:!1},"host.disk.write.bytes":{type:"long",array:!1,required:!1},"host.domain":{type:"keyword",array:!1,required:!1},"host.geo.city_name":{type:"keyword",array:!1,required:!1},"host.geo.continent_code":{type:"keyword",array:!1,required:!1},"host.geo.continent_name":{type:"keyword",array:!1,required:!1},"host.geo.country_iso_code":{type:"keyword",array:!1,required:!1},"host.geo.country_name":{type:"keyword",array:!1,required:!1},"host.geo.location":{type:"geo_point",array:!1,required:!1},"host.geo.name":{type:"keyword",array:!1,required:!1},"host.geo.postal_code":{type:"keyword",array:!1,required:!1},"host.geo.region_iso_code":{type:"keyword",array:!1,required:!1},"host.geo.region_name":{type:"keyword",array:!1,required:!1},"host.geo.timezone":{type:"keyword",array:!1,required:!1},"host.hostname":{type:"keyword",array:!1,required:!1},"host.id":{type:"keyword",array:!1,required:!1},"host.ip":{type:"ip",array:!0,required:!1},"host.mac":{type:"keyword",array:!0,required:!1},"host.name":{type:"keyword",array:!1,required:!1},"host.network.egress.bytes":{type:"long",array:!1,required:!1},"host.network.egress.packets":{type:"long",array:!1,required:!1},"host.network.ingress.bytes":{type:"long",array:!1,required:!1},"host.network.ingress.packets":{type:"long",array:!1,required:!1},"host.os.family":{type:"keyword",array:!1,required:!1},"host.os.full":{type:"keyword",array:!1,required:!1},"host.os.kernel":{type:"keyword",array:!1,required:!1},"host.os.name":{type:"keyword",array:!1,required:!1},"host.os.platform":{type:"keyword",array:!1,required:!1},"host.os.type":{type:"keyword",array:!1,required:!1},"host.os.version":{type:"keyword",array:!1,required:!1},"host.pid_ns_ino":{type:"keyword",array:!1,required:!1},"host.risk.calculated_level":{type:"keyword",array:!1,required:!1},"host.risk.calculated_score":{type:"float",array:!1,required:!1},"host.risk.calculated_score_norm":{type:"float",array:!1,required:!1},"host.risk.static_level":{type:"keyword",array:!1,required:!1},"host.risk.static_score":{type:"float",array:!1,required:!1},"host.risk.static_score_norm":{type:"float",array:!1,required:!1},"host.type":{type:"keyword",array:!1,required:!1},"host.uptime":{type:"long",array:!1,required:!1},"http.request.body.bytes":{type:"long",array:!1,required:!1},"http.request.body.content":{type:"wildcard",array:!1,required:!1},"http.request.bytes":{type:"long",array:!1,required:!1},"http.request.id":{type:"keyword",array:!1,required:!1},"http.request.method":{type:"keyword",array:!1,required:!1},"http.request.mime_type":{type:"keyword",array:!1,required:!1},"http.request.referrer":{type:"keyword",array:!1,required:!1},"http.response.body.bytes":{type:"long",array:!1,required:!1},"http.response.body.content":{type:"wildcard",array:!1,required:!1},"http.response.bytes":{type:"long",array:!1,required:!1},"http.response.mime_type":{type:"keyword",array:!1,required:!1},"http.response.status_code":{type:"long",array:!1,required:!1},"http.version":{type:"keyword",array:!1,required:!1},labels:{type:"object",array:!1,required:!1},"log.file.path":{type:"keyword",array:!1,required:!1},"log.level":{type:"keyword",array:!1,required:!1},"log.logger":{type:"keyword",array:!1,required:!1},"log.origin.file.line":{type:"long",array:!1,required:!1},"log.origin.file.name":{type:"keyword",array:!1,required:!1},"log.origin.function":{type:"keyword",array:!1,required:!1},"log.syslog":{type:"object",array:!1,required:!1},"log.syslog.facility.code":{type:"long",array:!1,required:!1},"log.syslog.facility.name":{type:"keyword",array:!1,required:!1},"log.syslog.priority":{type:"long",array:!1,required:!1},"log.syslog.severity.code":{type:"long",array:!1,required:!1},"log.syslog.severity.name":{type:"keyword",array:!1,required:!1},message:{type:"match_only_text",array:!1,required:!1},"network.application":{type:"keyword",array:!1,required:!1},"network.bytes":{type:"long",array:!1,required:!1},"network.community_id":{type:"keyword",array:!1,required:!1},"network.direction":{type:"keyword",array:!1,required:!1},"network.forwarded_ip":{type:"ip",array:!1,required:!1},"network.iana_number":{type:"keyword",array:!1,required:!1},"network.inner":{type:"object",array:!1,required:!1},"network.inner.vlan.id":{type:"keyword",array:!1,required:!1},"network.inner.vlan.name":{type:"keyword",array:!1,required:!1},"network.name":{type:"keyword",array:!1,required:!1},"network.packets":{type:"long",array:!1,required:!1},"network.protocol":{type:"keyword",array:!1,required:!1},"network.transport":{type:"keyword",array:!1,required:!1},"network.type":{type:"keyword",array:!1,required:!1},"network.vlan.id":{type:"keyword",array:!1,required:!1},"network.vlan.name":{type:"keyword",array:!1,required:!1},"observer.egress":{type:"object",array:!1,required:!1},"observer.egress.interface.alias":{type:"keyword",array:!1,required:!1},"observer.egress.interface.id":{type:"keyword",array:!1,required:!1},"observer.egress.interface.name":{type:"keyword",array:!1,required:!1},"observer.egress.vlan.id":{type:"keyword",array:!1,required:!1},"observer.egress.vlan.name":{type:"keyword",array:!1,required:!1},"observer.egress.zone":{type:"keyword",array:!1,required:!1},"observer.geo.city_name":{type:"keyword",array:!1,required:!1},"observer.geo.continent_code":{type:"keyword",array:!1,required:!1},"observer.geo.continent_name":{type:"keyword",array:!1,required:!1},"observer.geo.country_iso_code":{type:"keyword",array:!1,required:!1},"observer.geo.country_name":{type:"keyword",array:!1,required:!1},"observer.geo.location":{type:"geo_point",array:!1,required:!1},"observer.geo.name":{type:"keyword",array:!1,required:!1},"observer.geo.postal_code":{type:"keyword",array:!1,required:!1},"observer.geo.region_iso_code":{type:"keyword",array:!1,required:!1},"observer.geo.region_name":{type:"keyword",array:!1,required:!1},"observer.geo.timezone":{type:"keyword",array:!1,required:!1},"observer.hostname":{type:"keyword",array:!1,required:!1},"observer.ingress":{type:"object",array:!1,required:!1},"observer.ingress.interface.alias":{type:"keyword",array:!1,required:!1},"observer.ingress.interface.id":{type:"keyword",array:!1,required:!1},"observer.ingress.interface.name":{type:"keyword",array:!1,required:!1},"observer.ingress.vlan.id":{type:"keyword",array:!1,required:!1},"observer.ingress.vlan.name":{type:"keyword",array:!1,required:!1},"observer.ingress.zone":{type:"keyword",array:!1,required:!1},"observer.ip":{type:"ip",array:!0,required:!1},"observer.mac":{type:"keyword",array:!0,required:!1},"observer.name":{type:"keyword",array:!1,required:!1},"observer.os.family":{type:"keyword",array:!1,required:!1},"observer.os.full":{type:"keyword",array:!1,required:!1},"observer.os.kernel":{type:"keyword",array:!1,required:!1},"observer.os.name":{type:"keyword",array:!1,required:!1},"observer.os.platform":{type:"keyword",array:!1,required:!1},"observer.os.type":{type:"keyword",array:!1,required:!1},"observer.os.version":{type:"keyword",array:!1,required:!1},"observer.product":{type:"keyword",array:!1,required:!1},"observer.serial_number":{type:"keyword",array:!1,required:!1},"observer.type":{type:"keyword",array:!1,required:!1},"observer.vendor":{type:"keyword",array:!1,required:!1},"observer.version":{type:"keyword",array:!1,required:!1},"orchestrator.api_version":{type:"keyword",array:!1,required:!1},"orchestrator.cluster.id":{type:"keyword",array:!1,required:!1},"orchestrator.cluster.name":{type:"keyword",array:!1,required:!1},"orchestrator.cluster.url":{type:"keyword",array:!1,required:!1},"orchestrator.cluster.version":{type:"keyword",array:!1,required:!1},"orchestrator.namespace":{type:"keyword",array:!1,required:!1},"orchestrator.organization":{type:"keyword",array:!1,required:!1},"orchestrator.resource.id":{type:"keyword",array:!1,required:!1},"orchestrator.resource.ip":{type:"ip",array:!0,required:!1},"orchestrator.resource.name":{type:"keyword",array:!1,required:!1},"orchestrator.resource.parent.type":{type:"keyword",array:!1,required:!1},"orchestrator.resource.type":{type:"keyword",array:!1,required:!1},"orchestrator.type":{type:"keyword",array:!1,required:!1},"organization.id":{type:"keyword",array:!1,required:!1},"organization.name":{type:"keyword",array:!1,required:!1},"package.architecture":{type:"keyword",array:!1,required:!1},"package.build_version":{type:"keyword",array:!1,required:!1},"package.checksum":{type:"keyword",array:!1,required:!1},"package.description":{type:"keyword",array:!1,required:!1},"package.install_scope":{type:"keyword",array:!1,required:!1},"package.installed":{type:"date",array:!1,required:!1},"package.license":{type:"keyword",array:!1,required:!1},"package.name":{type:"keyword",array:!1,required:!1},"package.path":{type:"keyword",array:!1,required:!1},"package.reference":{type:"keyword",array:!1,required:!1},"package.size":{type:"long",array:!1,required:!1},"package.type":{type:"keyword",array:!1,required:!1},"package.version":{type:"keyword",array:!1,required:!1},"process.args":{type:"keyword",array:!0,required:!1},"process.args_count":{type:"long",array:!1,required:!1},"process.code_signature.digest_algorithm":{type:"keyword",array:!1,required:!1},"process.code_signature.exists":{type:"boolean",array:!1,required:!1},"process.code_signature.signing_id":{type:"keyword",array:!1,required:!1},"process.code_signature.status":{type:"keyword",array:!1,required:!1},"process.code_signature.subject_name":{type:"keyword",array:!1,required:!1},"process.code_signature.team_id":{type:"keyword",array:!1,required:!1},"process.code_signature.timestamp":{type:"date",array:!1,required:!1},"process.code_signature.trusted":{type:"boolean",array:!1,required:!1},"process.code_signature.valid":{type:"boolean",array:!1,required:!1},"process.command_line":{type:"wildcard",array:!1,required:!1},"process.elf.architecture":{type:"keyword",array:!1,required:!1},"process.elf.byte_order":{type:"keyword",array:!1,required:!1},"process.elf.cpu_type":{type:"keyword",array:!1,required:!1},"process.elf.creation_date":{type:"date",array:!1,required:!1},"process.elf.exports":{type:"flattened",array:!0,required:!1},"process.elf.header.abi_version":{type:"keyword",array:!1,required:!1},"process.elf.header.class":{type:"keyword",array:!1,required:!1},"process.elf.header.data":{type:"keyword",array:!1,required:!1},"process.elf.header.entrypoint":{type:"long",array:!1,required:!1},"process.elf.header.object_version":{type:"keyword",array:!1,required:!1},"process.elf.header.os_abi":{type:"keyword",array:!1,required:!1},"process.elf.header.type":{type:"keyword",array:!1,required:!1},"process.elf.header.version":{type:"keyword",array:!1,required:!1},"process.elf.imports":{type:"flattened",array:!0,required:!1},"process.elf.sections":{type:"nested",array:!0,required:!1},"process.elf.sections.chi2":{type:"long",array:!1,required:!1},"process.elf.sections.entropy":{type:"long",array:!1,required:!1},"process.elf.sections.flags":{type:"keyword",array:!1,required:!1},"process.elf.sections.name":{type:"keyword",array:!1,required:!1},"process.elf.sections.physical_offset":{type:"keyword",array:!1,required:!1},"process.elf.sections.physical_size":{type:"long",array:!1,required:!1},"process.elf.sections.type":{type:"keyword",array:!1,required:!1},"process.elf.sections.virtual_address":{type:"long",array:!1,required:!1},"process.elf.sections.virtual_size":{type:"long",array:!1,required:!1},"process.elf.segments":{type:"nested",array:!0,required:!1},"process.elf.segments.sections":{type:"keyword",array:!1,required:!1},"process.elf.segments.type":{type:"keyword",array:!1,required:!1},"process.elf.shared_libraries":{type:"keyword",array:!0,required:!1},"process.elf.telfhash":{type:"keyword",array:!1,required:!1},"process.end":{type:"date",array:!1,required:!1},"process.entity_id":{type:"keyword",array:!1,required:!1},"process.entry_leader.entity_id":{type:"keyword",array:!1,required:!1},"process.executable":{type:"keyword",array:!1,required:!1},"process.exit_code":{type:"long",array:!1,required:!1},"process.hash.md5":{type:"keyword",array:!1,required:!1},"process.hash.sha1":{type:"keyword",array:!1,required:!1},"process.hash.sha256":{type:"keyword",array:!1,required:!1},"process.hash.sha512":{type:"keyword",array:!1,required:!1},"process.hash.ssdeep":{type:"keyword",array:!1,required:!1},"process.name":{type:"keyword",array:!1,required:!1},"process.parent.args":{type:"keyword",array:!0,required:!1},"process.parent.args_count":{type:"long",array:!1,required:!1},"process.parent.code_signature.digest_algorithm":{type:"keyword",array:!1,required:!1},"process.parent.code_signature.exists":{type:"boolean",array:!1,required:!1},"process.parent.code_signature.signing_id":{type:"keyword",array:!1,required:!1},"process.parent.code_signature.status":{type:"keyword",array:!1,required:!1},"process.parent.code_signature.subject_name":{type:"keyword",array:!1,required:!1},"process.parent.code_signature.team_id":{type:"keyword",array:!1,required:!1},"process.parent.code_signature.timestamp":{type:"date",array:!1,required:!1},"process.parent.code_signature.trusted":{type:"boolean",array:!1,required:!1},"process.parent.code_signature.valid":{type:"boolean",array:!1,required:!1},"process.parent.command_line":{type:"wildcard",array:!1,required:!1},"process.parent.elf.architecture":{type:"keyword",array:!1,required:!1},"process.parent.elf.byte_order":{type:"keyword",array:!1,required:!1},"process.parent.elf.cpu_type":{type:"keyword",array:!1,required:!1},"process.parent.elf.creation_date":{type:"date",array:!1,required:!1},"process.parent.elf.exports":{type:"flattened",array:!0,required:!1},"process.parent.elf.header.abi_version":{type:"keyword",array:!1,required:!1},"process.parent.elf.header.class":{type:"keyword",array:!1,required:!1},"process.parent.elf.header.data":{type:"keyword",array:!1,required:!1},"process.parent.elf.header.entrypoint":{type:"long",array:!1,required:!1},"process.parent.elf.header.object_version":{type:"keyword",array:!1,required:!1},"process.parent.elf.header.os_abi":{type:"keyword",array:!1,required:!1},"process.parent.elf.header.type":{type:"keyword",array:!1,required:!1},"process.parent.elf.header.version":{type:"keyword",array:!1,required:!1},"process.parent.elf.imports":{type:"flattened",array:!0,required:!1},"process.parent.elf.sections":{type:"nested",array:!0,required:!1},"process.parent.elf.sections.chi2":{type:"long",array:!1,required:!1},"process.parent.elf.sections.entropy":{type:"long",array:!1,required:!1},"process.parent.elf.sections.flags":{type:"keyword",array:!1,required:!1},"process.parent.elf.sections.name":{type:"keyword",array:!1,required:!1},"process.parent.elf.sections.physical_offset":{type:"keyword",array:!1,required:!1},"process.parent.elf.sections.physical_size":{type:"long",array:!1,required:!1},"process.parent.elf.sections.type":{type:"keyword",array:!1,required:!1},"process.parent.elf.sections.virtual_address":{type:"long",array:!1,required:!1},"process.parent.elf.sections.virtual_size":{type:"long",array:!1,required:!1},"process.parent.elf.segments":{type:"nested",array:!0,required:!1},"process.parent.elf.segments.sections":{type:"keyword",array:!1,required:!1},"process.parent.elf.segments.type":{type:"keyword",array:!1,required:!1},"process.parent.elf.shared_libraries":{type:"keyword",array:!0,required:!1},"process.parent.elf.telfhash":{type:"keyword",array:!1,required:!1},"process.parent.end":{type:"date",array:!1,required:!1},"process.parent.entity_id":{type:"keyword",array:!1,required:!1},"process.parent.executable":{type:"keyword",array:!1,required:!1},"process.parent.exit_code":{type:"long",array:!1,required:!1},"process.parent.hash.md5":{type:"keyword",array:!1,required:!1},"process.parent.hash.sha1":{type:"keyword",array:!1,required:!1},"process.parent.hash.sha256":{type:"keyword",array:!1,required:!1},"process.parent.hash.sha512":{type:"keyword",array:!1,required:!1},"process.parent.hash.ssdeep":{type:"keyword",array:!1,required:!1},"process.parent.name":{type:"keyword",array:!1,required:!1},"process.parent.pe.architecture":{type:"keyword",array:!1,required:!1},"process.parent.pe.company":{type:"keyword",array:!1,required:!1},"process.parent.pe.description":{type:"keyword",array:!1,required:!1},"process.parent.pe.file_version":{type:"keyword",array:!1,required:!1},"process.parent.pe.imphash":{type:"keyword",array:!1,required:!1},"process.parent.pe.original_file_name":{type:"keyword",array:!1,required:!1},"process.parent.pe.product":{type:"keyword",array:!1,required:!1},"process.parent.pgid":{type:"long",array:!1,required:!1},"process.parent.pid":{type:"long",array:!1,required:!1},"process.parent.start":{type:"date",array:!1,required:!1},"process.parent.thread.id":{type:"long",array:!1,required:!1},"process.parent.thread.name":{type:"keyword",array:!1,required:!1},"process.parent.title":{type:"keyword",array:!1,required:!1},"process.parent.uptime":{type:"long",array:!1,required:!1},"process.parent.working_directory":{type:"keyword",array:!1,required:!1},"process.pe.architecture":{type:"keyword",array:!1,required:!1},"process.pe.company":{type:"keyword",array:!1,required:!1},"process.pe.description":{type:"keyword",array:!1,required:!1},"process.pe.file_version":{type:"keyword",array:!1,required:!1},"process.pe.imphash":{type:"keyword",array:!1,required:!1},"process.pe.original_file_name":{type:"keyword",array:!1,required:!1},"process.pe.product":{type:"keyword",array:!1,required:!1},"process.pgid":{type:"long",array:!1,required:!1},"process.pid":{type:"long",array:!1,required:!1},"process.session_leader.entity_id":{type:"keyword",array:!1,required:!1},"process.start":{type:"date",array:!1,required:!1},"process.thread.id":{type:"long",array:!1,required:!1},"process.thread.name":{type:"keyword",array:!1,required:!1},"process.title":{type:"keyword",array:!1,required:!1},"process.uptime":{type:"long",array:!1,required:!1},"process.working_directory":{type:"keyword",array:!1,required:!1},"registry.data.bytes":{type:"keyword",array:!1,required:!1},"registry.data.strings":{type:"wildcard",array:!0,required:!1},"registry.data.type":{type:"keyword",array:!1,required:!1},"registry.hive":{type:"keyword",array:!1,required:!1},"registry.key":{type:"keyword",array:!1,required:!1},"registry.path":{type:"keyword",array:!1,required:!1},"registry.value":{type:"keyword",array:!1,required:!1},"related.hash":{type:"keyword",array:!0,required:!1},"related.hosts":{type:"keyword",array:!0,required:!1},"related.ip":{type:"ip",array:!0,required:!1},"related.user":{type:"keyword",array:!0,required:!1},"rule.author":{type:"keyword",array:!0,required:!1},"rule.category":{type:"keyword",array:!1,required:!1},"rule.description":{type:"keyword",array:!1,required:!1},"rule.id":{type:"keyword",array:!1,required:!1},"rule.license":{type:"keyword",array:!1,required:!1},"rule.name":{type:"keyword",array:!1,required:!1},"rule.reference":{type:"keyword",array:!1,required:!1},"rule.ruleset":{type:"keyword",array:!1,required:!1},"rule.uuid":{type:"keyword",array:!1,required:!1},"rule.version":{type:"keyword",array:!1,required:!1},"server.address":{type:"keyword",array:!1,required:!1},"server.as.number":{type:"long",array:!1,required:!1},"server.as.organization.name":{type:"keyword",array:!1,required:!1},"server.bytes":{type:"long",array:!1,required:!1},"server.domain":{type:"keyword",array:!1,required:!1},"server.geo.city_name":{type:"keyword",array:!1,required:!1},"server.geo.continent_code":{type:"keyword",array:!1,required:!1},"server.geo.continent_name":{type:"keyword",array:!1,required:!1},"server.geo.country_iso_code":{type:"keyword",array:!1,required:!1},"server.geo.country_name":{type:"keyword",array:!1,required:!1},"server.geo.location":{type:"geo_point",array:!1,required:!1},"server.geo.name":{type:"keyword",array:!1,required:!1},"server.geo.postal_code":{type:"keyword",array:!1,required:!1},"server.geo.region_iso_code":{type:"keyword",array:!1,required:!1},"server.geo.region_name":{type:"keyword",array:!1,required:!1},"server.geo.timezone":{type:"keyword",array:!1,required:!1},"server.ip":{type:"ip",array:!1,required:!1},"server.mac":{type:"keyword",array:!1,required:!1},"server.nat.ip":{type:"ip",array:!1,required:!1},"server.nat.port":{type:"long",array:!1,required:!1},"server.packets":{type:"long",array:!1,required:!1},"server.port":{type:"long",array:!1,required:!1},"server.registered_domain":{type:"keyword",array:!1,required:!1},"server.subdomain":{type:"keyword",array:!1,required:!1},"server.top_level_domain":{type:"keyword",array:!1,required:!1},"server.user.domain":{type:"keyword",array:!1,required:!1},"server.user.email":{type:"keyword",array:!1,required:!1},"server.user.full_name":{type:"keyword",array:!1,required:!1},"server.user.group.domain":{type:"keyword",array:!1,required:!1},"server.user.group.id":{type:"keyword",array:!1,required:!1},"server.user.group.name":{type:"keyword",array:!1,required:!1},"server.user.hash":{type:"keyword",array:!1,required:!1},"server.user.id":{type:"keyword",array:!1,required:!1},"server.user.name":{type:"keyword",array:!1,required:!1},"server.user.roles":{type:"keyword",array:!0,required:!1},"service.address":{type:"keyword",array:!1,required:!1},"service.environment":{type:"keyword",array:!1,required:!1},"service.ephemeral_id":{type:"keyword",array:!1,required:!1},"service.id":{type:"keyword",array:!1,required:!1},"service.name":{type:"keyword",array:!1,required:!1},"service.node.name":{type:"keyword",array:!1,required:!1},"service.origin.address":{type:"keyword",array:!1,required:!1},"service.origin.environment":{type:"keyword",array:!1,required:!1},"service.origin.ephemeral_id":{type:"keyword",array:!1,required:!1},"service.origin.id":{type:"keyword",array:!1,required:!1},"service.origin.name":{type:"keyword",array:!1,required:!1},"service.origin.node.name":{type:"keyword",array:!1,required:!1},"service.origin.state":{type:"keyword",array:!1,required:!1},"service.origin.type":{type:"keyword",array:!1,required:!1},"service.origin.version":{type:"keyword",array:!1,required:!1},"service.state":{type:"keyword",array:!1,required:!1},"service.target.address":{type:"keyword",array:!1,required:!1},"service.target.environment":{type:"keyword",array:!1,required:!1},"service.target.ephemeral_id":{type:"keyword",array:!1,required:!1},"service.target.id":{type:"keyword",array:!1,required:!1},"service.target.name":{type:"keyword",array:!1,required:!1},"service.target.node.name":{type:"keyword",array:!1,required:!1},"service.target.state":{type:"keyword",array:!1,required:!1},"service.target.type":{type:"keyword",array:!1,required:!1},"service.target.version":{type:"keyword",array:!1,required:!1},"service.type":{type:"keyword",array:!1,required:!1},"service.version":{type:"keyword",array:!1,required:!1},"source.address":{type:"keyword",array:!1,required:!1},"source.as.number":{type:"long",array:!1,required:!1},"source.as.organization.name":{type:"keyword",array:!1,required:!1},"source.bytes":{type:"long",array:!1,required:!1},"source.domain":{type:"keyword",array:!1,required:!1},"source.geo.city_name":{type:"keyword",array:!1,required:!1},"source.geo.continent_code":{type:"keyword",array:!1,required:!1},"source.geo.continent_name":{type:"keyword",array:!1,required:!1},"source.geo.country_iso_code":{type:"keyword",array:!1,required:!1},"source.geo.country_name":{type:"keyword",array:!1,required:!1},"source.geo.location":{type:"geo_point",array:!1,required:!1},"source.geo.name":{type:"keyword",array:!1,required:!1},"source.geo.postal_code":{type:"keyword",array:!1,required:!1},"source.geo.region_iso_code":{type:"keyword",array:!1,required:!1},"source.geo.region_name":{type:"keyword",array:!1,required:!1},"source.geo.timezone":{type:"keyword",array:!1,required:!1},"source.ip":{type:"ip",array:!1,required:!1},"source.mac":{type:"keyword",array:!1,required:!1},"source.nat.ip":{type:"ip",array:!1,required:!1},"source.nat.port":{type:"long",array:!1,required:!1},"source.packets":{type:"long",array:!1,required:!1},"source.port":{type:"long",array:!1,required:!1},"source.registered_domain":{type:"keyword",array:!1,required:!1},"source.subdomain":{type:"keyword",array:!1,required:!1},"source.top_level_domain":{type:"keyword",array:!1,required:!1},"source.user.domain":{type:"keyword",array:!1,required:!1},"source.user.email":{type:"keyword",array:!1,required:!1},"source.user.full_name":{type:"keyword",array:!1,required:!1},"source.user.group.domain":{type:"keyword",array:!1,required:!1},"source.user.group.id":{type:"keyword",array:!1,required:!1},"source.user.group.name":{type:"keyword",array:!1,required:!1},"source.user.hash":{type:"keyword",array:!1,required:!1},"source.user.id":{type:"keyword",array:!1,required:!1},"source.user.name":{type:"keyword",array:!1,required:!1},"source.user.roles":{type:"keyword",array:!0,required:!1},"span.id":{type:"keyword",array:!1,required:!1},tags:{type:"keyword",array:!0,required:!1},"threat.enrichments":{type:"nested",array:!0,required:!1},"threat.enrichments.indicator":{type:"object",array:!1,required:!1},"threat.enrichments.indicator.as.number":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.as.organization.name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.confidence":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.description":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.email.address":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.accessed":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.file.attributes":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.code_signature.digest_algorithm":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.code_signature.exists":{type:"boolean",array:!1,required:!1},"threat.enrichments.indicator.file.code_signature.signing_id":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.code_signature.status":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.code_signature.subject_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.code_signature.team_id":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.code_signature.timestamp":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.file.code_signature.trusted":{type:"boolean",array:!1,required:!1},"threat.enrichments.indicator.file.code_signature.valid":{type:"boolean",array:!1,required:!1},"threat.enrichments.indicator.file.created":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.file.ctime":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.file.device":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.directory":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.drive_letter":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.architecture":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.byte_order":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.cpu_type":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.creation_date":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.file.elf.exports":{type:"flattened",array:!0,required:!1},"threat.enrichments.indicator.file.elf.header.abi_version":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.header.class":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.header.data":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.header.entrypoint":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.file.elf.header.object_version":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.header.os_abi":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.header.type":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.header.version":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.imports":{type:"flattened",array:!0,required:!1},"threat.enrichments.indicator.file.elf.sections":{type:"nested",array:!0,required:!1},"threat.enrichments.indicator.file.elf.sections.chi2":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.file.elf.sections.entropy":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.file.elf.sections.flags":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.sections.name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.sections.physical_offset":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.sections.physical_size":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.file.elf.sections.type":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.sections.virtual_address":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.file.elf.sections.virtual_size":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.file.elf.segments":{type:"nested",array:!0,required:!1},"threat.enrichments.indicator.file.elf.segments.sections":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.segments.type":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.elf.shared_libraries":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.elf.telfhash":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.extension":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.fork_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.gid":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.group":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.hash.md5":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.hash.sha1":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.hash.sha256":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.hash.sha512":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.hash.ssdeep":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.inode":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.mime_type":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.mode":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.mtime":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.file.name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.owner":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.path":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.pe.architecture":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.pe.company":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.pe.description":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.pe.file_version":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.pe.imphash":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.pe.original_file_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.pe.product":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.size":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.file.target_path":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.type":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.uid":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.x509.alternative_names":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.issuer.common_name":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.issuer.country":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.issuer.distinguished_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.x509.issuer.locality":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.issuer.organization":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.issuer.organizational_unit":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.issuer.state_or_province":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.not_after":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.file.x509.not_before":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.file.x509.public_key_algorithm":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.x509.public_key_curve":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.x509.public_key_exponent":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.file.x509.public_key_size":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.file.x509.serial_number":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.x509.signature_algorithm":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.x509.subject.common_name":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.subject.country":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.subject.distinguished_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.file.x509.subject.locality":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.subject.organization":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.subject.organizational_unit":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.subject.state_or_province":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.file.x509.version_number":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.first_seen":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.geo.city_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.geo.continent_code":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.geo.continent_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.geo.country_iso_code":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.geo.country_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.geo.location":{type:"geo_point",array:!1,required:!1},"threat.enrichments.indicator.geo.name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.geo.postal_code":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.geo.region_iso_code":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.geo.region_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.geo.timezone":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.ip":{type:"ip",array:!1,required:!1},"threat.enrichments.indicator.last_seen":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.marking.tlp":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.modified_at":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.port":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.provider":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.reference":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.registry.data.bytes":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.registry.data.strings":{type:"wildcard",array:!0,required:!1},"threat.enrichments.indicator.registry.data.type":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.registry.hive":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.registry.key":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.registry.path":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.registry.value":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.scanner_stats":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.sightings":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.type":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.url.domain":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.url.extension":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.url.fragment":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.url.full":{type:"wildcard",array:!1,required:!1},"threat.enrichments.indicator.url.original":{type:"wildcard",array:!1,required:!1},"threat.enrichments.indicator.url.password":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.url.path":{type:"wildcard",array:!1,required:!1},"threat.enrichments.indicator.url.port":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.url.query":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.url.registered_domain":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.url.scheme":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.url.subdomain":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.url.top_level_domain":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.url.username":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.x509.alternative_names":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.issuer.common_name":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.issuer.country":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.issuer.distinguished_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.x509.issuer.locality":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.issuer.organization":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.issuer.organizational_unit":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.issuer.state_or_province":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.not_after":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.x509.not_before":{type:"date",array:!1,required:!1},"threat.enrichments.indicator.x509.public_key_algorithm":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.x509.public_key_curve":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.x509.public_key_exponent":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.x509.public_key_size":{type:"long",array:!1,required:!1},"threat.enrichments.indicator.x509.serial_number":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.x509.signature_algorithm":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.x509.subject.common_name":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.subject.country":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.subject.distinguished_name":{type:"keyword",array:!1,required:!1},"threat.enrichments.indicator.x509.subject.locality":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.subject.organization":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.subject.organizational_unit":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.subject.state_or_province":{type:"keyword",array:!0,required:!1},"threat.enrichments.indicator.x509.version_number":{type:"keyword",array:!1,required:!1},"threat.enrichments.matched.atomic":{type:"keyword",array:!1,required:!1},"threat.enrichments.matched.field":{type:"keyword",array:!1,required:!1},"threat.enrichments.matched.id":{type:"keyword",array:!1,required:!1},"threat.enrichments.matched.index":{type:"keyword",array:!1,required:!1},"threat.enrichments.matched.type":{type:"keyword",array:!1,required:!1},"threat.framework":{type:"keyword",array:!1,required:!1},"threat.group.alias":{type:"keyword",array:!0,required:!1},"threat.group.id":{type:"keyword",array:!1,required:!1},"threat.group.name":{type:"keyword",array:!1,required:!1},"threat.group.reference":{type:"keyword",array:!1,required:!1},"threat.indicator.as.number":{type:"long",array:!1,required:!1},"threat.indicator.as.organization.name":{type:"keyword",array:!1,required:!1},"threat.indicator.confidence":{type:"keyword",array:!1,required:!1},"threat.indicator.description":{type:"keyword",array:!1,required:!1},"threat.indicator.email.address":{type:"keyword",array:!1,required:!1},"threat.indicator.file.accessed":{type:"date",array:!1,required:!1},"threat.indicator.file.attributes":{type:"keyword",array:!0,required:!1},"threat.indicator.file.code_signature.digest_algorithm":{type:"keyword",array:!1,required:!1},"threat.indicator.file.code_signature.exists":{type:"boolean",array:!1,required:!1},"threat.indicator.file.code_signature.signing_id":{type:"keyword",array:!1,required:!1},"threat.indicator.file.code_signature.status":{type:"keyword",array:!1,required:!1},"threat.indicator.file.code_signature.subject_name":{type:"keyword",array:!1,required:!1},"threat.indicator.file.code_signature.team_id":{type:"keyword",array:!1,required:!1},"threat.indicator.file.code_signature.timestamp":{type:"date",array:!1,required:!1},"threat.indicator.file.code_signature.trusted":{type:"boolean",array:!1,required:!1},"threat.indicator.file.code_signature.valid":{type:"boolean",array:!1,required:!1},"threat.indicator.file.created":{type:"date",array:!1,required:!1},"threat.indicator.file.ctime":{type:"date",array:!1,required:!1},"threat.indicator.file.device":{type:"keyword",array:!1,required:!1},"threat.indicator.file.directory":{type:"keyword",array:!1,required:!1},"threat.indicator.file.drive_letter":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.architecture":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.byte_order":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.cpu_type":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.creation_date":{type:"date",array:!1,required:!1},"threat.indicator.file.elf.exports":{type:"flattened",array:!0,required:!1},"threat.indicator.file.elf.header.abi_version":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.header.class":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.header.data":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.header.entrypoint":{type:"long",array:!1,required:!1},"threat.indicator.file.elf.header.object_version":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.header.os_abi":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.header.type":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.header.version":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.imports":{type:"flattened",array:!0,required:!1},"threat.indicator.file.elf.sections":{type:"nested",array:!0,required:!1},"threat.indicator.file.elf.sections.chi2":{type:"long",array:!1,required:!1},"threat.indicator.file.elf.sections.entropy":{type:"long",array:!1,required:!1},"threat.indicator.file.elf.sections.flags":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.sections.name":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.sections.physical_offset":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.sections.physical_size":{type:"long",array:!1,required:!1},"threat.indicator.file.elf.sections.type":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.sections.virtual_address":{type:"long",array:!1,required:!1},"threat.indicator.file.elf.sections.virtual_size":{type:"long",array:!1,required:!1},"threat.indicator.file.elf.segments":{type:"nested",array:!0,required:!1},"threat.indicator.file.elf.segments.sections":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.segments.type":{type:"keyword",array:!1,required:!1},"threat.indicator.file.elf.shared_libraries":{type:"keyword",array:!0,required:!1},"threat.indicator.file.elf.telfhash":{type:"keyword",array:!1,required:!1},"threat.indicator.file.extension":{type:"keyword",array:!1,required:!1},"threat.indicator.file.fork_name":{type:"keyword",array:!1,required:!1},"threat.indicator.file.gid":{type:"keyword",array:!1,required:!1},"threat.indicator.file.group":{type:"keyword",array:!1,required:!1},"threat.indicator.file.hash.md5":{type:"keyword",array:!1,required:!1},"threat.indicator.file.hash.sha1":{type:"keyword",array:!1,required:!1},"threat.indicator.file.hash.sha256":{type:"keyword",array:!1,required:!1},"threat.indicator.file.hash.sha512":{type:"keyword",array:!1,required:!1},"threat.indicator.file.hash.ssdeep":{type:"keyword",array:!1,required:!1},"threat.indicator.file.inode":{type:"keyword",array:!1,required:!1},"threat.indicator.file.mime_type":{type:"keyword",array:!1,required:!1},"threat.indicator.file.mode":{type:"keyword",array:!1,required:!1},"threat.indicator.file.mtime":{type:"date",array:!1,required:!1},"threat.indicator.file.name":{type:"keyword",array:!1,required:!1},"threat.indicator.file.owner":{type:"keyword",array:!1,required:!1},"threat.indicator.file.path":{type:"keyword",array:!1,required:!1},"threat.indicator.file.pe.architecture":{type:"keyword",array:!1,required:!1},"threat.indicator.file.pe.company":{type:"keyword",array:!1,required:!1},"threat.indicator.file.pe.description":{type:"keyword",array:!1,required:!1},"threat.indicator.file.pe.file_version":{type:"keyword",array:!1,required:!1},"threat.indicator.file.pe.imphash":{type:"keyword",array:!1,required:!1},"threat.indicator.file.pe.original_file_name":{type:"keyword",array:!1,required:!1},"threat.indicator.file.pe.product":{type:"keyword",array:!1,required:!1},"threat.indicator.file.size":{type:"long",array:!1,required:!1},"threat.indicator.file.target_path":{type:"keyword",array:!1,required:!1},"threat.indicator.file.type":{type:"keyword",array:!1,required:!1},"threat.indicator.file.uid":{type:"keyword",array:!1,required:!1},"threat.indicator.file.x509.alternative_names":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.issuer.common_name":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.issuer.country":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.issuer.distinguished_name":{type:"keyword",array:!1,required:!1},"threat.indicator.file.x509.issuer.locality":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.issuer.organization":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.issuer.organizational_unit":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.issuer.state_or_province":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.not_after":{type:"date",array:!1,required:!1},"threat.indicator.file.x509.not_before":{type:"date",array:!1,required:!1},"threat.indicator.file.x509.public_key_algorithm":{type:"keyword",array:!1,required:!1},"threat.indicator.file.x509.public_key_curve":{type:"keyword",array:!1,required:!1},"threat.indicator.file.x509.public_key_exponent":{type:"long",array:!1,required:!1},"threat.indicator.file.x509.public_key_size":{type:"long",array:!1,required:!1},"threat.indicator.file.x509.serial_number":{type:"keyword",array:!1,required:!1},"threat.indicator.file.x509.signature_algorithm":{type:"keyword",array:!1,required:!1},"threat.indicator.file.x509.subject.common_name":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.subject.country":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.subject.distinguished_name":{type:"keyword",array:!1,required:!1},"threat.indicator.file.x509.subject.locality":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.subject.organization":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.subject.organizational_unit":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.subject.state_or_province":{type:"keyword",array:!0,required:!1},"threat.indicator.file.x509.version_number":{type:"keyword",array:!1,required:!1},"threat.indicator.first_seen":{type:"date",array:!1,required:!1},"threat.indicator.geo.city_name":{type:"keyword",array:!1,required:!1},"threat.indicator.geo.continent_code":{type:"keyword",array:!1,required:!1},"threat.indicator.geo.continent_name":{type:"keyword",array:!1,required:!1},"threat.indicator.geo.country_iso_code":{type:"keyword",array:!1,required:!1},"threat.indicator.geo.country_name":{type:"keyword",array:!1,required:!1},"threat.indicator.geo.location":{type:"geo_point",array:!1,required:!1},"threat.indicator.geo.name":{type:"keyword",array:!1,required:!1},"threat.indicator.geo.postal_code":{type:"keyword",array:!1,required:!1},"threat.indicator.geo.region_iso_code":{type:"keyword",array:!1,required:!1},"threat.indicator.geo.region_name":{type:"keyword",array:!1,required:!1},"threat.indicator.geo.timezone":{type:"keyword",array:!1,required:!1},"threat.indicator.ip":{type:"ip",array:!1,required:!1},"threat.indicator.last_seen":{type:"date",array:!1,required:!1},"threat.indicator.marking.tlp":{type:"keyword",array:!1,required:!1},"threat.indicator.modified_at":{type:"date",array:!1,required:!1},"threat.indicator.port":{type:"long",array:!1,required:!1},"threat.indicator.provider":{type:"keyword",array:!1,required:!1},"threat.indicator.reference":{type:"keyword",array:!1,required:!1},"threat.indicator.registry.data.bytes":{type:"keyword",array:!1,required:!1},"threat.indicator.registry.data.strings":{type:"wildcard",array:!0,required:!1},"threat.indicator.registry.data.type":{type:"keyword",array:!1,required:!1},"threat.indicator.registry.hive":{type:"keyword",array:!1,required:!1},"threat.indicator.registry.key":{type:"keyword",array:!1,required:!1},"threat.indicator.registry.path":{type:"keyword",array:!1,required:!1},"threat.indicator.registry.value":{type:"keyword",array:!1,required:!1},"threat.indicator.scanner_stats":{type:"long",array:!1,required:!1},"threat.indicator.sightings":{type:"long",array:!1,required:!1},"threat.indicator.type":{type:"keyword",array:!1,required:!1},"threat.indicator.url.domain":{type:"keyword",array:!1,required:!1},"threat.indicator.url.extension":{type:"keyword",array:!1,required:!1},"threat.indicator.url.fragment":{type:"keyword",array:!1,required:!1},"threat.indicator.url.full":{type:"wildcard",array:!1,required:!1},"threat.indicator.url.original":{type:"wildcard",array:!1,required:!1},"threat.indicator.url.password":{type:"keyword",array:!1,required:!1},"threat.indicator.url.path":{type:"wildcard",array:!1,required:!1},"threat.indicator.url.port":{type:"long",array:!1,required:!1},"threat.indicator.url.query":{type:"keyword",array:!1,required:!1},"threat.indicator.url.registered_domain":{type:"keyword",array:!1,required:!1},"threat.indicator.url.scheme":{type:"keyword",array:!1,required:!1},"threat.indicator.url.subdomain":{type:"keyword",array:!1,required:!1},"threat.indicator.url.top_level_domain":{type:"keyword",array:!1,required:!1},"threat.indicator.url.username":{type:"keyword",array:!1,required:!1},"threat.indicator.x509.alternative_names":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.issuer.common_name":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.issuer.country":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.issuer.distinguished_name":{type:"keyword",array:!1,required:!1},"threat.indicator.x509.issuer.locality":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.issuer.organization":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.issuer.organizational_unit":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.issuer.state_or_province":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.not_after":{type:"date",array:!1,required:!1},"threat.indicator.x509.not_before":{type:"date",array:!1,required:!1},"threat.indicator.x509.public_key_algorithm":{type:"keyword",array:!1,required:!1},"threat.indicator.x509.public_key_curve":{type:"keyword",array:!1,required:!1},"threat.indicator.x509.public_key_exponent":{type:"long",array:!1,required:!1},"threat.indicator.x509.public_key_size":{type:"long",array:!1,required:!1},"threat.indicator.x509.serial_number":{type:"keyword",array:!1,required:!1},"threat.indicator.x509.signature_algorithm":{type:"keyword",array:!1,required:!1},"threat.indicator.x509.subject.common_name":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.subject.country":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.subject.distinguished_name":{type:"keyword",array:!1,required:!1},"threat.indicator.x509.subject.locality":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.subject.organization":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.subject.organizational_unit":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.subject.state_or_province":{type:"keyword",array:!0,required:!1},"threat.indicator.x509.version_number":{type:"keyword",array:!1,required:!1},"threat.software.alias":{type:"keyword",array:!0,required:!1},"threat.software.id":{type:"keyword",array:!1,required:!1},"threat.software.name":{type:"keyword",array:!1,required:!1},"threat.software.platforms":{type:"keyword",array:!0,required:!1},"threat.software.reference":{type:"keyword",array:!1,required:!1},"threat.software.type":{type:"keyword",array:!1,required:!1},"threat.tactic.id":{type:"keyword",array:!0,required:!1},"threat.tactic.name":{type:"keyword",array:!0,required:!1},"threat.tactic.reference":{type:"keyword",array:!0,required:!1},"threat.technique.id":{type:"keyword",array:!0,required:!1},"threat.technique.name":{type:"keyword",array:!0,required:!1},"threat.technique.reference":{type:"keyword",array:!0,required:!1},"threat.technique.subtechnique.id":{type:"keyword",array:!0,required:!1},"threat.technique.subtechnique.name":{type:"keyword",array:!0,required:!1},"threat.technique.subtechnique.reference":{type:"keyword",array:!0,required:!1},"tls.cipher":{type:"keyword",array:!1,required:!1},"tls.client.certificate":{type:"keyword",array:!1,required:!1},"tls.client.certificate_chain":{type:"keyword",array:!0,required:!1},"tls.client.hash.md5":{type:"keyword",array:!1,required:!1},"tls.client.hash.sha1":{type:"keyword",array:!1,required:!1},"tls.client.hash.sha256":{type:"keyword",array:!1,required:!1},"tls.client.issuer":{type:"keyword",array:!1,required:!1},"tls.client.ja3":{type:"keyword",array:!1,required:!1},"tls.client.not_after":{type:"date",array:!1,required:!1},"tls.client.not_before":{type:"date",array:!1,required:!1},"tls.client.server_name":{type:"keyword",array:!1,required:!1},"tls.client.subject":{type:"keyword",array:!1,required:!1},"tls.client.supported_ciphers":{type:"keyword",array:!0,required:!1},"tls.client.x509.alternative_names":{type:"keyword",array:!0,required:!1},"tls.client.x509.issuer.common_name":{type:"keyword",array:!0,required:!1},"tls.client.x509.issuer.country":{type:"keyword",array:!0,required:!1},"tls.client.x509.issuer.distinguished_name":{type:"keyword",array:!1,required:!1},"tls.client.x509.issuer.locality":{type:"keyword",array:!0,required:!1},"tls.client.x509.issuer.organization":{type:"keyword",array:!0,required:!1},"tls.client.x509.issuer.organizational_unit":{type:"keyword",array:!0,required:!1},"tls.client.x509.issuer.state_or_province":{type:"keyword",array:!0,required:!1},"tls.client.x509.not_after":{type:"date",array:!1,required:!1},"tls.client.x509.not_before":{type:"date",array:!1,required:!1},"tls.client.x509.public_key_algorithm":{type:"keyword",array:!1,required:!1},"tls.client.x509.public_key_curve":{type:"keyword",array:!1,required:!1},"tls.client.x509.public_key_exponent":{type:"long",array:!1,required:!1},"tls.client.x509.public_key_size":{type:"long",array:!1,required:!1},"tls.client.x509.serial_number":{type:"keyword",array:!1,required:!1},"tls.client.x509.signature_algorithm":{type:"keyword",array:!1,required:!1},"tls.client.x509.subject.common_name":{type:"keyword",array:!0,required:!1},"tls.client.x509.subject.country":{type:"keyword",array:!0,required:!1},"tls.client.x509.subject.distinguished_name":{type:"keyword",array:!1,required:!1},"tls.client.x509.subject.locality":{type:"keyword",array:!0,required:!1},"tls.client.x509.subject.organization":{type:"keyword",array:!0,required:!1},"tls.client.x509.subject.organizational_unit":{type:"keyword",array:!0,required:!1},"tls.client.x509.subject.state_or_province":{type:"keyword",array:!0,required:!1},"tls.client.x509.version_number":{type:"keyword",array:!1,required:!1},"tls.curve":{type:"keyword",array:!1,required:!1},"tls.established":{type:"boolean",array:!1,required:!1},"tls.next_protocol":{type:"keyword",array:!1,required:!1},"tls.resumed":{type:"boolean",array:!1,required:!1},"tls.server.certificate":{type:"keyword",array:!1,required:!1},"tls.server.certificate_chain":{type:"keyword",array:!0,required:!1},"tls.server.hash.md5":{type:"keyword",array:!1,required:!1},"tls.server.hash.sha1":{type:"keyword",array:!1,required:!1},"tls.server.hash.sha256":{type:"keyword",array:!1,required:!1},"tls.server.issuer":{type:"keyword",array:!1,required:!1},"tls.server.ja3s":{type:"keyword",array:!1,required:!1},"tls.server.not_after":{type:"date",array:!1,required:!1},"tls.server.not_before":{type:"date",array:!1,required:!1},"tls.server.subject":{type:"keyword",array:!1,required:!1},"tls.server.x509.alternative_names":{type:"keyword",array:!0,required:!1},"tls.server.x509.issuer.common_name":{type:"keyword",array:!0,required:!1},"tls.server.x509.issuer.country":{type:"keyword",array:!0,required:!1},"tls.server.x509.issuer.distinguished_name":{type:"keyword",array:!1,required:!1},"tls.server.x509.issuer.locality":{type:"keyword",array:!0,required:!1},"tls.server.x509.issuer.organization":{type:"keyword",array:!0,required:!1},"tls.server.x509.issuer.organizational_unit":{type:"keyword",array:!0,required:!1},"tls.server.x509.issuer.state_or_province":{type:"keyword",array:!0,required:!1},"tls.server.x509.not_after":{type:"date",array:!1,required:!1},"tls.server.x509.not_before":{type:"date",array:!1,required:!1},"tls.server.x509.public_key_algorithm":{type:"keyword",array:!1,required:!1},"tls.server.x509.public_key_curve":{type:"keyword",array:!1,required:!1},"tls.server.x509.public_key_exponent":{type:"long",array:!1,required:!1},"tls.server.x509.public_key_size":{type:"long",array:!1,required:!1},"tls.server.x509.serial_number":{type:"keyword",array:!1,required:!1},"tls.server.x509.signature_algorithm":{type:"keyword",array:!1,required:!1},"tls.server.x509.subject.common_name":{type:"keyword",array:!0,required:!1},"tls.server.x509.subject.country":{type:"keyword",array:!0,required:!1},"tls.server.x509.subject.distinguished_name":{type:"keyword",array:!1,required:!1},"tls.server.x509.subject.locality":{type:"keyword",array:!0,required:!1},"tls.server.x509.subject.organization":{type:"keyword",array:!0,required:!1},"tls.server.x509.subject.organizational_unit":{type:"keyword",array:!0,required:!1},"tls.server.x509.subject.state_or_province":{type:"keyword",array:!0,required:!1},"tls.server.x509.version_number":{type:"keyword",array:!1,required:!1},"tls.version":{type:"keyword",array:!1,required:!1},"tls.version_protocol":{type:"keyword",array:!1,required:!1},"trace.id":{type:"keyword",array:!1,required:!1},"transaction.id":{type:"keyword",array:!1,required:!1},"url.domain":{type:"keyword",array:!1,required:!1},"url.extension":{type:"keyword",array:!1,required:!1},"url.fragment":{type:"keyword",array:!1,required:!1},"url.full":{type:"wildcard",array:!1,required:!1},"url.original":{type:"wildcard",array:!1,required:!1},"url.password":{type:"keyword",array:!1,required:!1},"url.path":{type:"wildcard",array:!1,required:!1},"url.port":{type:"long",array:!1,required:!1},"url.query":{type:"keyword",array:!1,required:!1},"url.registered_domain":{type:"keyword",array:!1,required:!1},"url.scheme":{type:"keyword",array:!1,required:!1},"url.subdomain":{type:"keyword",array:!1,required:!1},"url.top_level_domain":{type:"keyword",array:!1,required:!1},"url.username":{type:"keyword",array:!1,required:!1},"user.changes.domain":{type:"keyword",array:!1,required:!1},"user.changes.email":{type:"keyword",array:!1,required:!1},"user.changes.full_name":{type:"keyword",array:!1,required:!1},"user.changes.group.domain":{type:"keyword",array:!1,required:!1},"user.changes.group.id":{type:"keyword",array:!1,required:!1},"user.changes.group.name":{type:"keyword",array:!1,required:!1},"user.changes.hash":{type:"keyword",array:!1,required:!1},"user.changes.id":{type:"keyword",array:!1,required:!1},"user.changes.name":{type:"keyword",array:!1,required:!1},"user.changes.roles":{type:"keyword",array:!0,required:!1},"user.domain":{type:"keyword",array:!1,required:!1},"user.effective.domain":{type:"keyword",array:!1,required:!1},"user.effective.email":{type:"keyword",array:!1,required:!1},"user.effective.full_name":{type:"keyword",array:!1,required:!1},"user.effective.group.domain":{type:"keyword",array:!1,required:!1},"user.effective.group.id":{type:"keyword",array:!1,required:!1},"user.effective.group.name":{type:"keyword",array:!1,required:!1},"user.effective.hash":{type:"keyword",array:!1,required:!1},"user.effective.id":{type:"keyword",array:!1,required:!1},"user.effective.name":{type:"keyword",array:!1,required:!1},"user.effective.roles":{type:"keyword",array:!0,required:!1},"user.email":{type:"keyword",array:!1,required:!1},"user.full_name":{type:"keyword",array:!1,required:!1},"user.group.domain":{type:"keyword",array:!1,required:!1},"user.group.id":{type:"keyword",array:!1,required:!1},"user.group.name":{type:"keyword",array:!1,required:!1},"user.hash":{type:"keyword",array:!1,required:!1},"user.id":{type:"keyword",array:!1,required:!1},"user.name":{type:"keyword",array:!1,required:!1},"user.risk.calculated_level":{type:"keyword",array:!1,required:!1},"user.risk.calculated_score":{type:"float",array:!1,required:!1},"user.risk.calculated_score_norm":{type:"float",array:!1,required:!1},"user.risk.static_level":{type:"keyword",array:!1,required:!1},"user.risk.static_score":{type:"float",array:!1,required:!1},"user.risk.static_score_norm":{type:"float",array:!1,required:!1},"user.roles":{type:"keyword",array:!0,required:!1},"user.target.domain":{type:"keyword",array:!1,required:!1},"user.target.email":{type:"keyword",array:!1,required:!1},"user.target.full_name":{type:"keyword",array:!1,required:!1},"user.target.group.domain":{type:"keyword",array:!1,required:!1},"user.target.group.id":{type:"keyword",array:!1,required:!1},"user.target.group.name":{type:"keyword",array:!1,required:!1},"user.target.hash":{type:"keyword",array:!1,required:!1},"user.target.id":{type:"keyword",array:!1,required:!1},"user.target.name":{type:"keyword",array:!1,required:!1},"user.target.roles":{type:"keyword",array:!0,required:!1},"user_agent.device.name":{type:"keyword",array:!1,required:!1},"user_agent.name":{type:"keyword",array:!1,required:!1},"user_agent.original":{type:"keyword",array:!1,required:!1},"user_agent.os.family":{type:"keyword",array:!1,required:!1},"user_agent.os.full":{type:"keyword",array:!1,required:!1},"user_agent.os.kernel":{type:"keyword",array:!1,required:!1},"user_agent.os.name":{type:"keyword",array:!1,required:!1},"user_agent.os.platform":{type:"keyword",array:!1,required:!1},"user_agent.os.type":{type:"keyword",array:!1,required:!1},"user_agent.os.version":{type:"keyword",array:!1,required:!1},"user_agent.version":{type:"keyword",array:!1,required:!1},"vulnerability.category":{type:"keyword",array:!0,required:!1},"vulnerability.classification":{type:"keyword",array:!1,required:!1},"vulnerability.description":{type:"keyword",array:!1,required:!1},"vulnerability.enumeration":{type:"keyword",array:!1,required:!1},"vulnerability.id":{type:"keyword",array:!1,required:!1},"vulnerability.reference":{type:"keyword",array:!1,required:!1},"vulnerability.report_id":{type:"keyword",array:!1,required:!1},"vulnerability.scanner.vendor":{type:"keyword",array:!1,required:!1},"vulnerability.score.base":{type:"float",array:!1,required:!1},"vulnerability.score.environmental":{type:"float",array:!1,required:!1},"vulnerability.score.temporal":{type:"float",array:!1,required:!1},"vulnerability.score.version":{type:"keyword",array:!1,required:!1},"vulnerability.severity":{type:"keyword",array:!1,required:!1}};var r=a(129);const o={[r.a]:{type:"keyword",array:!1,required:!1},[r.c]:{type:"keyword",array:!0,required:!1},[r.e]:{type:"long",array:!1,required:!1},[r.f]:{type:"date",array:!1,required:!1},[r.j]:{type:"boolean",array:!1,required:!1},[r.k]:{type:"boolean",array:!0,required:!1},[r.n]:{type:"keyword",array:!0,required:!1},[r.l]:{type:"keyword",array:!1,required:!0},[r.m]:{type:"date",required:!1,array:!1},[r.p]:{type:"keyword",array:!1,required:!1},[r.s]:{type:"keyword",array:!1,required:!0},[r.t]:{type:"keyword",array:!1,required:!0},[r.z]:{type:"keyword",array:!1,required:!1},[r.D]:{type:"keyword",array:!1,required:!0},[r.G]:{array:!1,type:"flattened",ignore_above:4096,required:!1},[r.H]:{type:"keyword",array:!1,required:!0},[r.J]:{type:"long",array:!1,required:!0},[r.M]:{type:"keyword",array:!0,required:!1},[r.P]:{type:"keyword",array:!1,required:!0},[r.S]:{type:"keyword",array:!1,required:!0},[r.V]:{type:"date",array:!1,required:!1},[r.W]:{type:"keyword",array:!1,required:!0},[r.fb]:{type:"date_range",format:"epoch_millis||strict_date_optional_time",array:!1,required:!1},[r.gb]:{type:"keyword",array:!1,index:!1,required:!1,ignore_above:2048},[r.hb]:{type:"keyword",array:!1,required:!0},[r.jb]:{type:"keyword",array:!1,required:!1},[r.kb]:{type:"keyword",array:!0,required:!1},[r.ob]:{type:"keyword",array:!1,required:!1},[r.pb]:{type:"keyword",array:!1,required:!1},[r.qb]:{type:"keyword",array:!0,required:!0},[r.rb]:{type:"keyword",array:!0,required:!1},[r.sb]:{type:"date",required:!0,array:!1},[r.tb]:{type:"version",array:!1,required:!1}};var s=a(697);const l=["constant_keyword"],c=(Object.fromEntries(Object.entries(s.a).filter((([e,t])=>!l.includes(t.type))).map((([e,t])=>{const a=s.a[e];return[e,{type:a.type,array:a.normalize.includes("array"),required:!!a.required,...a.scaling_factor?{scaling_factor:a.scaling_factor}:{},...a.ignore_above?{ignore_above:a.ignore_above}:{},...a.multi_fields?{multi_fields:a.multi_fields}:{}}]}))),{[r.q]:{type:"float",array:!1,required:!1},[r.r]:{type:"keyword",array:!1,required:!1},[r.u]:{type:"date",array:!1,required:!1},[r.v]:{type:"keyword",array:!1,required:!1},[r.w]:{type:"keyword",array:!1,required:!1},[r.x]:{type:"keyword",array:!1,required:!1},[r.A]:{type:"keyword",array:!1,required:!1},[r.B]:{type:"keyword",array:!1,required:!1},[r.C]:{type:"keyword",array:!1,required:!1},[r.F]:{type:"keyword",array:!1,required:!1},[r.I]:{type:"keyword",array:!0,required:!1},[r.K]:{type:"keyword",array:!1,required:!1},[r.L]:{type:"keyword",array:!1,required:!1},[r.N]:{type:"keyword",array:!1,required:!1},[r.O]:{type:"keyword",array:!1,required:!1},[r.Q]:{type:"date",array:!1,required:!1},[r.R]:{type:"keyword",array:!1,required:!1},[r.T]:{type:"keyword",array:!1,required:!1},[r.U]:{type:"keyword",array:!1,required:!1},[r.Y]:{type:"long",array:!1,required:!1},[r.Z]:{type:"date",array:!1,required:!1},[r.ab]:{type:"keyword",array:!0,required:!1},[r.bb]:{type:"date",array:!1,required:!1},[r.db]:{type:"keyword",array:!0,required:!1},[r.eb]:{type:"keyword",array:!1,required:!1},[r.ib]:{type:"keyword",array:!1,required:!1},[r.lb]:{type:"keyword",array:!1,required:!1},[r.nb]:{type:"keyword",array:!1,required:!1}}),u={[r.g]:{type:"scaled_float",scaling_factor:100,required:!1},[r.h]:{type:"scaled_float",scaling_factor:100,required:!1},[r.d]:{type:"object",array:!1,required:!1},[r.i]:{type:"scaled_float",scaling_factor:100,required:!1,array:!0}};a(801);var d=a(42);function p(e,...t){const a=Object.keys(e).filter((e=>t.some((t=>{if(t===e)return!0;const a=e.split("."),n=t.split(".");return n.indexOf("*")===n.length-1&&a.every(((e,t)=>{const a=n.length-1<t?"*":n[t];return e===a||"*"===a}))}))));return Object(n.pick)(e,a)}r.t,r.kb,r.U,r.q,r.G;const m={...p(o,"*"),...p(c,"*")};var g=a(4);const y=e=>{if(Array.isArray(e))return e.reduce(((e,t)=>{if(null!=t)switch(typeof t){case"number":case"boolean":return[...e,t.toString()];case"object":try{return[...e,JSON.stringify(t)]}catch{return[...e,"Invalid Object"]}case"string":return[...e,t];default:return[...e,`${t}`]}return e}),[]);if(null==e)return[];if(Array.isArray(e)||"object"!=typeof e)return[`${e}`];try{return[JSON.stringify(e)]}catch{return["Invalid Object"]}},f=["@timestamp","labels","message","tags"],b=e=>{const t=e.length>0?e[0]:null;if(null!=t&&!Object(d.isEmpty)(t.coordinates))try{return y({lon:t.coordinates[0],lat:t.coordinates[1]})}catch{return y(e)}return y(e)},h=(e,t,a)=>Object.keys(e).reduce(((n,r)=>{const o=e[r],s=null!=a?a:(e=>{const t=e.split(".")[0];return!Object(d.isEmpty)(t)&&f.includes(t)?"base":t})(r);if((e=>e.includes("geo.location")||e.includes("geoip.location"))(r))return[...n,{category:s,field:r,values:b(o),originalValue:b(o),isObjectArray:!0}];const l=(e=>{if(Array.isArray(e))return e.reduce(((e,t)=>{if(null!=t)switch(typeof t){case"number":case"boolean":return[...e,{str:t.toString()}];case"object":try{return[...e,{str:JSON.stringify(t),isObjectArray:!0}]}catch{return[...e,{str:"Invalid Object"}]}case"string":return[...e,{str:t}];default:return[...e,{str:`${t}`}]}return e}),[]);if(null==e)return[];if(Array.isArray(e)||"object"!=typeof e)return[{str:`${e}`}];try{return[{str:JSON.stringify(e),isObjectArray:!0}]}catch{return[{str:"Invalid Object"}]}})(o),c=l.map((({str:e})=>e)),p=l.some((e=>e.isObjectArray)),y=t?`${t}.${r}`:r;if(!p||void 0===Object.keys({...i,...m,...u}).find((e=>e===r)))return[...n,{category:s,field:y,values:c,originalValue:c,isObjectArray:p}];const E=((e,t)=>(null==t?void 0:t.includes(g.pb))||e===g.pb)(r,t)?[{category:s,field:y,values:c,originalValue:c,isObjectArray:p}]:[],v=Array.isArray(o)?o.reduce(((e,t)=>[...e,h(t,y,s)]),[]).flat():h(o,t,s),x=[...n,...v,...E].reduce(((e,t)=>({...e,...null!=e[t.field]?{[t.field]:{...t,originalValue:e[t.field].originalValue.includes(t.originalValue[0])?e[t.field].originalValue:[...e[t.field].originalValue,...t.originalValue],values:e[t.field].values.includes(t.values[0])?e[t.field].values:[...e[t.field].values,...t.values]}}:{[t.field]:t}})),{});return Object.values(x)}),[]);var E=a(167),v=a(408),x=a(802);const k=e=>e===E.c.InvestigationTime,S=e=>{const t=e.find((({field:e,originalValue:t})=>e===g.pb&&t));if(!t)return[];const{originalValue:a}=t;return(Array.isArray(a)?a:[a]).reduce(((e,t)=>{try{const a=h(JSON.parse(t));e.push(a)}catch(e){}return e}),[])},w=e=>e.reduce(((e,t)=>(e[t.field]=t.originalValue,e)),{}),j=(e,t)=>Object(x.a)(e[t]),O=(e,t)=>j(e,t)||j(e,`threatintel.${t}`)||j(e,`threat.${t}`),I=e=>({id:j(e,E.m),field:j(e,E.l),value:j(e,E.k),type:j(e,E.n),feedName:O(e,E.e)}),T=e=>{const{id:t,field:a}=I(e);return`${t}${a}`},C=e=>{if(e.length<2)return e;const t=Object(n.groupBy)(e,T);return Object.values(t).map((e=>{var t;return null!==(t=e.find((e=>!k(j(e,E.n)))))&&void 0!==t?t:e[0]}))},M=e=>e.reduce(((e,t)=>{if(Object(v.b)(t.field)){const a=Object(x.a)(t.originalValue);if(a)return{...e,[t.field]:a}}return e}),{}),F=e=>{const t=O(e,E.f),a=Date.parse(null!=t?t:"no date");return Number.isInteger(a)?a:new Date(-1).valueOf()}},,,,,,,,function(e,t,a){"use strict";a.d(t,"s",(function(){return o})),a.d(t,"r",(function(){return s})),a.d(t,"m",(function(){return l})),a.d(t,"t",(function(){return c})),a.d(t,"u",(function(){return u})),a.d(t,"o",(function(){return d})),a.d(t,"q",(function(){return p})),a.d(t,"b",(function(){return m})),a.d(t,"n",(function(){return g})),a.d(t,"p",(function(){return y})),a.d(t,"a",(function(){return f})),a.d(t,"k",(function(){return b})),a.d(t,"l",(function(){return h})),a.d(t,"i",(function(){return E})),a.d(t,"j",(function(){return v})),a.d(t,"w",(function(){return x})),a.d(t,"v",(function(){return k})),a.d(t,"h",(function(){return S})),a.d(t,"g",(function(){return w})),a.d(t,"f",(function(){return j})),a.d(t,"c",(function(){return O})),a.d(t,"d",(function(){return I})),a.d(t,"e",(function(){return T}));var n=a(5),i=a(119);const r=(e,t)=>{switch(e){case i.d.alert:return n.i18n.translate("xpack.securitySolution.toolbar.bulkActions.entityAlerts",{values:{count:t},defaultMessage:"{count, plural, =1 {alert} other {alerts}}"});case i.d.event:return n.i18n.translate("xpack.securitySolution.toolbar.bulkActions.entityEvents",{values:{count:t},defaultMessage:"{count, plural, =1 {event} other {events}}"});case i.d.session:return n.i18n.translate("xpack.securitySolution.toolbar.bulkActions.entitySessions",{values:{count:t},defaultMessage:"{count, plural, =1 {session} other {sessions}}"})}},o=(e,t,a)=>n.i18n.translate("xpack.securitySolution.toolbar.bulkActions.selectAllEntitiesTitle",{values:{entityPlural:r(e,a),totalFormatted:t,total:a},defaultMessage:"Select {total, plural, =1 {} other {all}} {totalFormatted} {entityPlural}"}),s=(e,t,a)=>n.i18n.translate("xpack.securitySolution.toolbar.bulkActions.selectedEntitiesTitle",{values:{entityPlural:r(e,a),totalFormatted:t},defaultMessage:"Selected {totalFormatted} {entityPlural}"}),l=n.i18n.translate("xpack.securitySolution.toolbar.bulkActions.clearSelectionTitle",{defaultMessage:"Clear selection"}),c=e=>n.i18n.translate("xpack.securitySolution.bulkActions.updateAlertStatusFailed",{values:{conflicts:e},defaultMessage:"Failed to update { conflicts } {conflicts, plural, =1 {alert} other {alerts}}."}),u=(e,t)=>n.i18n.translate("xpack.securitySolution.bulkActions.updateAlertStatusFailedDetailed",{values:{updated:e,conflicts:t},defaultMessage:"{ updated } {updated, plural, =1 {alert was} other {alerts were}} updated successfully, but { conflicts } failed to update\n         because { conflicts, plural, =1 {it was} other {they were}} already being modified."}),d=e=>n.i18n.translate("xpack.securitySolution.bulkActions.closedAlertSuccessToastMessage",{values:{totalAlerts:e},defaultMessage:"Successfully closed {totalAlerts} {totalAlerts, plural, =1 {alert} other {alerts}}."}),p=e=>n.i18n.translate("xpack.securitySolution.bulkActions.openedAlertSuccessToastMessage",{values:{totalAlerts:e},defaultMessage:"Successfully opened {totalAlerts} {totalAlerts, plural, =1 {alert} other {alerts}}."}),m=e=>n.i18n.translate("xpack.securitySolution.bulkActions.acknowledgedAlertSuccessToastMessage",{values:{totalAlerts:e},defaultMessage:"Successfully marked {totalAlerts} {totalAlerts, plural, =1 {alert} other {alerts}} as acknowledged."}),g=n.i18n.translate("xpack.securitySolution.bulkActions.closedAlertFailedToastMessage",{defaultMessage:"Failed to close alert(s)."}),y=n.i18n.translate("xpack.securitySolution.bulkActions.openedAlertFailedToastMessage",{defaultMessage:"Failed to open alert(s)"}),f=n.i18n.translate("xpack.securitySolution.bulkActions.acknowledgedAlertFailedToastMessage",{defaultMessage:"Failed to mark alert(s) as acknowledged"}),b=n.i18n.translate("xpack.securitySolution.bulkActions.updateAlertStatusFailedSingleAlert",{defaultMessage:"Failed to update alert because it was already being modified."}),h=n.i18n.translate("xpack.securitySolution.bulkActions.openSelectedTitle",{defaultMessage:"Mark as open"}),E=n.i18n.translate("xpack.securitySolution.bulkActions.acknowledgedSelectedTitle",{defaultMessage:"Mark as acknowledged"}),v=n.i18n.translate("xpack.securitySolution.bulkActions.closeSelectedTitle",{defaultMessage:"Mark as closed"}),x=e=>n.i18n.translate("xpack.securitySolution.bulkActions.updateAlertTagsSuccessToastMessage",{values:{totalAlerts:e},defaultMessage:"Successfully updated tags for {totalAlerts} {totalAlerts, plural, =1 {alert} other {alerts}}."}),k=n.i18n.translate("xpack.securitySolution.bulkActions.updateAlertTagsFailedToastMessage",{defaultMessage:"Failed to update alert tags."}),S=n.i18n.translate("xpack.securitySolution.bulkActions.alertTagsMenuSearchPlaceholderMessage",{defaultMessage:"Search tags"}),w=n.i18n.translate("xpack.securitySolution.bulkActions.alertTagsMenuSearchNoTagsFoundMessage",{defaultMessage:"No tags match current search"}),j=n.i18n.translate("xpack.securitySolution.bulkActions.alertTagsMenuEmptyMessage",{defaultMessage:"No alert tag options exist, add tag options in Kibana Advanced Settings."}),O=n.i18n.translate("xpack.securitySolution.bulkActions.alertTagsApplyButtonMessage",{defaultMessage:"Apply tags"}),I=n.i18n.translate("xpack.securitySolution.bulkActions.alertTagsContextMenuItemTitle",{defaultMessage:"Apply alert tags"}),T=n.i18n.translate("xpack.securitySolution.bulkActions.alertTagsContextMenuItemTooltip",{defaultMessage:"Change alert tag options in Kibana Advanced Settings."})},,,function(e,t,a){"use strict";a.d(t,"a",(function(){return r})),a.d(t,"b",(function(){return o}));var n=a(5),i=a(174);n.i18n.translate("xpack.securitySolution.endpointsTab",{defaultMessage:"Endpoints"}),n.i18n.translate("xpack.securitySolution.policiesTab",{defaultMessage:"Policies"}),n.i18n.translate("xpack.securitySolution.trustedAppsTab",{defaultMessage:"Trusted applications"}),n.i18n.translate("xpack.securitySolution.eventFiltersTab",{defaultMessage:"Event filters"});const r={[i.c.WINDOWS]:n.i18n.translate("xpack.securitySolution.administration.os.windows",{defaultMessage:"Windows"}),[i.c.MAC]:n.i18n.translate("xpack.securitySolution.administration.os.macos",{defaultMessage:"Mac"}),[i.c.LINUX]:n.i18n.translate("xpack.securitySolution.administration.os.linux",{defaultMessage:"Linux"})},o=e=>n.i18n.translate("xpack.securitySolution.exceptions.failedLoadPolicies",{defaultMessage:'There was an error loading policies: "{error}"',values:{error:e.message}})},function(e,t,a){"use strict";a.d(t,"a",(function(){return h}));var n=a(42),i=a(2),r=a(64),o=a.n(r),s=a(130),l=a.n(s),c=a(3),u=a(51),d=a(54),p=a(102),m=a(113),g=a(108),y=a(5);const f=y.i18n.translate("xpack.securitySolution.timeline.failDescription",{defaultMessage:"An error has occurred"}),b=y.i18n.translate("xpack.securitySolution.timeline.failSearchDescription",{defaultMessage:"Failed to run search"}),h=({entityType:e=d.EntityType.EVENTS,indexName:t,eventId:a,runtimeMappings:r,skip:s})=>{const{data:y}=Object(p.j)().services,h=Object(i.useRef)((()=>Promise.resolve())),E=Object(i.useRef)(new AbortController),v=Object(i.useRef)(new c.Subscription),[x,k]=Object(i.useState)(!0),[S,w]=Object(i.useState)(null),{addError:j,addWarning:O}=Object(g.a)(),[I,T]=Object(i.useState)(null),[C,M]=Object(i.useState)(null),[F,D]=Object(i.useState)(void 0),A=Object(i.useCallback)((e=>{if(null==e||s||Object(n.isEmpty)(e.eventId))return;const t=async()=>{E.current=new AbortController,k(!0),v.current=y.search.search(e,{strategy:"timelineSearchStrategy",abortSignal:E.current.signal}).subscribe({next:e=>{Object(u.isCompleteResponse)(e)?Promise.resolve().then((()=>{o.a.unstable_batchedUpdates((()=>{k(!1),T(e.data||[]),D(e.rawResponse.hits.hits[0]),M(e.ecs||null),v.current.unsubscribe()}))})):Object(u.isErrorResponse)(e)&&(k(!1),O(f),v.current.unsubscribe())},error:e=>{k(!1),j(e,{title:b}),v.current.unsubscribe()}})};v.current.unsubscribe(),E.current.abort(),t(),h.current=t}),[y.search,j,O,s]);return Object(i.useEffect)((()=>{w((n=>{const i={...null!=n?n:{},entityType:e,indexName:t,eventId:a,factoryQueryType:m.A.details,runtimeMappings:r};return l()(n,i)?n:i}))}),[e,a,t,r]),Object(i.useEffect)((()=>(A(S),()=>{v.current.unsubscribe(),E.current.abort()})),[S,A]),[x,I,F,C,h.current]}},,function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(42);const i=({category:e,field:t},a)=>{const i=(({category:e,field:t},a)=>{var i,r,o;const s="signal"===e?"kibana":"kibana"===e?"signal":e,l="signal"===e?t.replace("signal","kibana.alert").replace("rule.id","rule.uuid"):"kibana"===e?t.replace("kibana.alert","signal").replace("rule.uuid","rule.id"):t;return null!==(i=null===(r=Object(n.find)({category:e,field:t},a))||void 0===r?void 0:r.values)&&void 0!==i?i:null===(o=Object(n.find)({category:s,field:l},a))||void 0===o?void 0:o.values})({category:e,field:t},a);return i&&i.length>0?i[0]:""}},,,function(e,t,a){"use strict";a.d(t,"a",(function(){return u})),a.d(t,"b",(function(){return d})),a.d(t,"c",(function(){return p}));var n=a(46),i=a(2),r=a(4),o=a(409),s=a(143),l=a(354);const c=["GET",r.gb],u=(e,t)=>Object(n.useQuery)([...c,e],(async({signal:t})=>{const a=await Object(s.h)({signal:t,id:e});return Object(o.a)(a)}),{...l.a,...t,staleTime:0,enabled:!!e}),d=()=>{const e=Object(n.useQueryClient)();return Object(i.useCallback)((()=>{e.invalidateQueries(c,{refetchType:"active"})}),[e])},p=()=>{const e=Object(n.useQueryClient)();return Object(i.useCallback)((t=>{e.setQueryData([...c,t.id],Object(o.a)(t))}),[e])}},,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a.n(n),r=a(385),o=a(610);const s=i.a.memo((({influencers:e,startDate:t,endDate:a,children:s,criteriaFields:l,skip:c})=>{const{jobNameById:u}=Object(r.a)(),d=Object(n.useMemo)((()=>Object.keys(u)),[u]),[p,m]=Object(o.a)({criteriaFields:l,influencers:e,startDate:t,endDate:a,skip:c,jobIds:d,aggregationInterval:"auto"});return i.a.createElement(i.a.Fragment,null,s({isLoadingAnomaliesData:p,anomaliesData:m,jobNameById:u}))}));s.displayName="AnomalyTableProvider"},function(e,t,a){"use strict";a.d(t,"d",(function(){return o})),a.d(t,"c",(function(){return s})),a.d(t,"b",(function(){return l})),a.d(t,"a",(function(){return c}));var n=a(47),i=a(226);const r=i.b.length,o=e=>{var t;return void 0!==(null!==(t=e.tags)&&void 0!==t?t:[]).find((e=>e===i.d))},s=e=>!o(e),l=e=>{var t;const a=[],n=null!==(t=e.tags)&&void 0!==t?t:[];for(const e of n)e!==i.d&&e.startsWith(i.b)&&a.push(e.substring(r));return a},c=e=>({comments:[],description:"",entries:[],item_id:void 0,list_id:e,meta:{temporaryUuid:Object(n.v4)()},name:"",namespace_type:"agnostic",tags:[i.d],type:"simple",os_types:["windows"]})},function(e,t,a){"use strict";var n=Object.assign;e.exports=n},function(e,t,a){"use strict";a.d(t,"g",(function(){return s})),a.d(t,"i",(function(){return l})),a.d(t,"e",(function(){return c})),a.d(t,"f",(function(){return u})),a.d(t,"d",(function(){return d})),a.d(t,"h",(function(){return p})),a.d(t,"c",(function(){return m})),a.d(t,"a",(function(){return g})),a.d(t,"j",(function(){return y})),a.d(t,"b",(function(){return f}));var n=a(47),i=a(5),r=a(174),o=a(193);const s=(e,t,a)=>a.reduce(((a,i,r)=>{const o=((e,t,a,i,r=n.v4)=>{var o;const{fields:s}=e,{fields:l}=t,c=a.field,u=a.value,[d]=s.filter((({name:e})=>null!=c&&c===e)),[p]=l.filter((({name:e})=>null!=u&&u===e));return{id:null!==(o=a.id)&&void 0!==o?o:r(),field:d,type:"mapping",value:p,entryIndex:i}})(e,t,i,r);return[...a,o]}),[]),l=(e,t)=>({...e,entries:[...e.entries.slice(0,t),...e.entries.slice(t+1)]}),c=(e,t)=>{const{entryIndex:a}=e;return{updatedEntry:{id:e.id,field:null!=t?t.name:"",type:"mapping",value:null!=e.value?e.value.name:""},index:a}},u=(e,t)=>{const{entryIndex:a}=e;return{updatedEntry:{id:e.id,field:null!=e.field?e.field.name:"",type:"mapping",value:null!=t?t.name:""},index:a}},d=()=>Object(r.d)({field:"",type:"mapping",value:""}),p=()=>Object(r.d)({entries:[Object(r.d)({field:"",type:"mapping",value:""})]}),m=e=>e.reduce(((e,t)=>{const a={...t,entries:t.entries};return o.w.is(a)?[...e,a]:e}),[]),g=e=>e.some((e=>e.entries.some((e=>""===e.field||""===e.value)))),y=e=>1===e.length&&1===e[0].entries.length&&""===e[0].entries[0].field&&""===e[0].entries[0].value,f={forbiddenField:(e,t)=>{let a;if(a="string"==typeof e?e===t:!!Array.isArray(e)&&!!e.find((e=>e===t)),a)return{code:"ERR_FIELD_FORMAT",message:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError",{defaultMessage:"The index pattern cannot be { forbiddenString }. Please choose a more specific index pattern.",values:{forbiddenString:t}})}}}},function(e,t,a){"use strict";a.d(t,"m",(function(){return i})),a.d(t,"k",(function(){return r})),a.d(t,"l",(function(){return o})),a.d(t,"i",(function(){return s})),a.d(t,"j",(function(){return l})),a.d(t,"h",(function(){return c})),a.d(t,"g",(function(){return u})),a.d(t,"b",(function(){return d})),a.d(t,"a",(function(){return p})),a.d(t,"d",(function(){return m})),a.d(t,"c",(function(){return g})),a.d(t,"f",(function(){return y})),a.d(t,"e",(function(){return f}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlValidation.requestError",{defaultMessage:"An error occurred while validating your EQL query"}),r=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlValidation.title",{defaultMessage:"EQL Validation Errors"}),o=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlValidation.showErrorsLabel",{defaultMessage:"Show EQL Validation Errors"}),s=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlOverViewLink.text",{defaultMessage:"Event Query Language (EQL) Overview"}),l=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlSettings.title",{defaultMessage:"EQL settings"}),c=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlOptionsSize.label",{defaultMessage:"Size"}),u=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlOptionsSize.text",{defaultMessage:"For basic queries, the maximum number of matching events to return. For sequence queries, the maximum number of matching sequences to return."}),d=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlOptionsEventCategoryField.label",{defaultMessage:"Event category field"}),p=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlOptionsEventCategoryField.text",{defaultMessage:"Field containing the event classification, such as process, file, or network. This field is typically mapped as a field type in the keyword family"}),m=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlOptionsEventTiebreakerField.label",{defaultMessage:"Tiebreaker field"}),g=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlOptionsEventTiebreakerField.text",{defaultMessage:"Field used to sort hits with the same timestamp in ascending, lexicographic order"}),y=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlOptionsEventTimestampField.label",{defaultMessage:"Timestamp field"}),f=n.i18n.translate("xpack.securitySolution.detectionEngine.eqlOptionsEventTimestampField.text",{defaultMessage:"Field containing event timestamp"})},,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"b",(function(){return A})),a.d(t,"a",(function(){return _}));var n=a(601),i=a(2),r=a.n(i),o=a(321),s=a(153),l=a(117),c=a(150),u=a(379),d=a(1407);const p={isInstance:(e,t)=>((e,t)=>-1===t.findIndex((t=>t.field===e)))(e,t),renderColumn:({columnName:e,eventId:t,field:a,isDraggable:n=!0,scopeId:i,truncate:p})=>n?r.a.createElement(o.b,{dataProvider:{enabled:!0,id:Object(s.i)(`empty-column-renderer-draggable-wrapper-${i}-${e}-${t}-${a.id}`),name:`${e}: ${Object(d.a)(null)}`,queryMatch:{field:a.id,value:Object(d.a)(null),displayValue:Object(l.e)(),operator:c.b},excluded:!0,kqlQuery:"",and:[]},isDraggable:n,key:`empty-column-renderer-draggable-wrapper-${i}-${e}-${t}-${a.id}`,render:(e,t,a)=>a.isDragging?r.a.createElement(o.a,null,r.a.createElement(u.a,{dataProvider:e})):r.a.createElement("span",null,Object(l.e)()),truncate:p,scopeId:i}):r.a.createElement("span",null,Object(l.e)())};var m=a(820),g=a(42),y=a(337);const f={isInstance:(e,t)=>((e,t)=>-1!==t.findIndex((t=>t.field===e)))(e,t),renderColumn:({asPlainText:e,columnName:t,eventId:a,field:n,isDraggable:i=!0,scopeId:o,truncate:s,values:c,linkValues:u})=>{return Array.isArray(c)&&0!==c.length?i?c.map(((l,c)=>{var d,p,m;return r.a.createElement(y.a,{asPlainText:e,contextId:`plain-column-renderer-formatted-field-value-${o}`,eventId:a,fieldFormat:null!==(d=n.format)&&void 0!==d?d:"",fieldName:t,isAggregatable:null!==(p=n.aggregatable)&&void 0!==p&&p,fieldType:null!==(m=n.type)&&void 0!==m?m:"",isDraggable:i,key:`plain-column-renderer-formatted-field-value-${o}-${t}-${a}-${n.id}-${l}-${c}`,linkValue:Object(g.head)(u),truncate:s,value:l})})):r.a.createElement(y.a,{asPlainText:e,contextId:`plain-column-renderer-formatted-field-value-${o}`,eventId:a,fieldFormat:null!==(d=n.format)&&void 0!==d?d:"",fieldName:t,isAggregatable:null!==(p=n.aggregatable)&&void 0!==p&&p,fieldType:null!==(m=n.type)&&void 0!==m?m:"",isDraggable:i,key:`plain-column-renderer-formatted-field-value-${o}-${t}-${a}-${n.id}`,linkValue:Object(g.head)(u),truncate:s,value:b(c)}):Object(l.d)();var d,p,m}};function b(e){return Array.isArray(e)?e.length>0?e.join(", "):e[0]:e}var h=a(871);const E={isInstance:()=>!0,renderColumn:()=>Object(l.d)()};var v=a(873),x=a(206),k=a(870),S=a(40),w=a(119),j=a(188),O=a(420);const I={isInstance:Object(g.isEqual)(j.k),renderColumn:({columnName:e,ecsData:t,eventId:a,field:n,isDetails:i,isDraggable:o=!0,linkValues:s,rowRenderers:l=[],scopeId:c,truncate:u,values:d})=>i&&d&&t&&l?d.map(((i,o)=>r.a.createElement(T,{ecsData:t,key:`reason-column-renderer-value-${c}-${e}-${a}-${n.id}-${i}-${o}`,rowRenderers:l,scopeId:c,value:i}))):f.renderColumn({columnName:e,eventId:a,field:n,isDetails:i,isDraggable:o,linkValues:s,scopeId:c,truncate:u,values:d})},T=({ecsData:e,rowRenderers:t,scopeId:a,value:n})=>{const o=Object(i.useMemo)((()=>Object(O.a)({data:e,rowRenderers:t})),[e,t]),s=Object(i.useMemo)((()=>o&&o.renderRow({data:e,isDraggable:!1,scopeId:a})),[o,e,a]),l=Object(i.useMemo)((()=>a===w.e.rulePreview),[a]);return r.a.createElement(r.a.Fragment,null,o&&s&&!l?r.a.createElement(S.EuiPanel,{color:"subdued",className:"eui-xScroll","data-test-subj":"reason-cell-renderer"},r.a.createElement(S.EuiText,{size:"xs"},r.a.createElement("div",{className:"eui-displayInlineBlock"},s))):n)};var C=a(41);const M=a.n(C)()(S.EuiFlexItem).withConfig({displayName:"EventRenderedFlexItem",componentId:"sc-1jiiiew-0"})(["div:first-child{padding-left:0px;div{margin:0px;}}"]),F={isInstance:Object(g.isEqual)(j.d),renderColumn:({ecsData:e,columnName:t,eventId:a,field:n,isDetails:i,linkValues:o,rowRenderers:s=[],scopeId:l,truncate:c,values:u})=>e&&s?r.a.createElement(D,{ecsData:e,key:`reason-column-renderer-value-${l}-${t}-${a}-${n.id}`,rowRenderers:s,scopeId:l,values:u}):f.renderColumn({columnName:t,eventId:a,field:n,isDetails:i,isDraggable:!1,linkValues:o,scopeId:l,truncate:c,values:u})},D=({ecsData:e,rowRenderers:t,scopeId:a,values:n})=>{const o=Object(i.useMemo)((()=>Object(O.a)({data:e,rowRenderers:t})),[e,t]),s=Object(i.useMemo)((()=>o&&o.renderRow({data:e,isDraggable:!1,scopeId:a})),[o,e,a]);return r.a.createElement(S.EuiFlexGroup,{gutterSize:"none",direction:"column",className:"eui-fullWidth"},o&&s?r.a.createElement(M,{className:"eui-xScroll"},r.a.createElement("div",{className:"eui-displayInlineBlock",style:{width:"fit-content"}},s)):n&&r.a.createElement(S.EuiFlexItem,{"data-test-subj":"plain-text-reason"},n))},A=[k.a,...n.a,...x.k,h.a,v.a,m.a],_=[I,F,f,p,E]},,function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(2),i=a.n(n),r=a(41),o=a.n(r),s=a(365),l=a(40),c=a(1102);const u=o.a.header.withConfig({displayName:"FiltersGlobalContainer",componentId:"sc-sjn739-0"})(["display:",";"],(({show:e})=>e?"block":"none"));u.displayName="FiltersGlobalContainer";const d=i.a.memo((({children:e,show:t=!0})=>{const{globalKQLHeaderPortalNode:a}=Object(c.a)();return i.a.createElement(s.a,{node:a},i.a.createElement(l.EuiPanel,{borderRadius:"none",color:"subdued",paddingSize:"none"},i.a.createElement(u,{"data-test-subj":"filters-global-container",show:t},e)))}));d.displayName="FiltersGlobal"},function(e,t,a){"use strict";a.d(t,"b",(function(){return p})),a.d(t,"a",(function(){return m}));var n=a(2),i=a(486),r=a(231),o=a(4);const s=e=>e.groups.some((e=>o.Lb.includes(e)));var l=a(108),c=a(1041),u=a(1436),d=a(162);const p=()=>{const{addError:e}=Object(l.a)(),t=Object(d.a)(),a=Object(r.a)(t),n=Object(i.a)(t),{isFetching:o,data:p=[]}=Object(u.a)({},{enabled:a&&n,onError:t=>{e(t,{title:c.a})}});return{isLicensed:n,isMlUser:a,jobs:p.filter(s),loading:o}},m=()=>{const{jobs:e,loading:t}=p();return{jobNameById:Object(n.useMemo)((()=>e.reduce(((e,t)=>{var a;return e[t.id]=null===(a=t.customSettings)||void 0===a?void 0:a.security_app_display_name,e}),{})),[e]),loading:t}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return c})),a.d(t,"b",(function(){return u}));var n=a(2);const i=a(5).i18n.translate("xpack.securitySolution.userDetails.failSearchDescription",{defaultMessage:"Failed to run search on user details"});var r=a(508),o=a(425),s=a(194),l=a(124);const c="observedUsersDetailsQuery",u=({endDate:e,userName:t,indexNames:a,id:u=c,skip:d=!1,startDate:p})=>{const m=Object(l.a)("newUserDetailsFlyout"),{loading:g,result:y,search:f,refetch:b,inspect:h}=Object(s.a)({factoryQueryType:r.c.observedDetails,initialResult:{userDetails:{}},errorMessage:i,abort:d}),E=Object(n.useMemo)((()=>({endDate:e,userDetails:y.userDetails,id:u,inspect:h,refetch:b,startDate:p})),[e,u,h,b,y.userDetails,p]),v=Object(n.useMemo)((()=>({defaultIndex:a,factoryQueryType:r.c.observedDetails,userName:t,timerange:{interval:"12h",from:p,to:e},filterQuery:m?o.a:void 0})),[e,a,p,t,m]);return Object(n.useEffect)((()=>{d||f(v)}),[v,f,d]),[g,E]}},,,,,,,function(e,t,a){"use strict";a.d(t,"b",(function(){return u})),a.d(t,"a",(function(){return d}));var n=a(2),i=a.n(n),r=a(40),o=a(886),s=a(117),l=a(132),c=a(113);let u;!function(e){e.FIRST_SEEN="first-seen",e.LAST_SEEN="last-seen"}(u||(u={}));const d=i.a.memo((({indexPatterns:e,field:t,type:a,value:d})=>{const[p,{firstSeen:m,lastSeen:g,errorMessage:y}]=Object(o.a)({field:t,value:d,order:a===u.FIRST_SEEN?c.b.asc:c.b.desc,defaultIndex:e}),f=Object(n.useMemo)((()=>a===u.FIRST_SEEN?m:g),[m,g,a]);return null!=y?i.a.createElement(r.EuiToolTip,{position:"top",content:y,"data-test-subj":"firstLastSeenErrorToolTip","aria-label":`firstLastSeenError-${a}`,id:`firstLastSeenError-${t}-${a}`},i.a.createElement(r.EuiIcon,{"aria-describedby":`firstLastSeenError-${t}-${a}`,type:"warning"})):i.a.createElement(i.a.Fragment,null,p&&i.a.createElement(r.EuiLoadingSpinner,{"data-test-subj":"loading-spinner",size:"m"}),p||null==f||"Invalid Date"!==new Date(f).toString()?!p&&null!==f&&i.a.createElement(r.EuiText,{"data-test-subj":"first-last-seen-value",size:"s"},i.a.createElement(l.b,{value:`${f}`})):f,!p&&null===f&&Object(s.d)())}));d.displayName="FirstLastSeen"},function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(2),i=a(4),r=a(134),o=a(233),s=a(232),l=a(105),c=a(122);const u="countOfAlertsWithSameFieldAndValue",d=({field:e,value:t,isActiveTimelines:a,signalIndexName:i,includeAlertIds:d=!1,ignoreTimerange:m=!1})=>{const g=Object(l.a)((e=>c.d.timelineTimeRangeSelector(e))),y=Object(r.a)();let f,b;!1===m&&({to:f,from:b}=a?g:y);const[h]=Object(n.useState)((()=>p(e,t,b,f,d))),{loading:E,data:v,setQuery:x}=Object(o.a)({query:h,indexName:i,queryName:s.a.PREVALENCE});let k;if(Object(n.useEffect)((()=>{x(p(e,t,b,f,d))}),[x,e,t,b,f,d]),v){var S,w;const e=null===(S=v.aggregations)||void 0===S||null===(w=S[u])||void 0===w?void 0:w.buckets;e&&e.length>0&&(k=e[0].doc_count)}const j=!E&&void 0===k;return Object(n.useMemo)((()=>({loading:E,count:k,error:j,alertIds:null==v?void 0:v.hits.hits.map((({_id:e})=>e))})),[k,v,j,E])},p=(e,t,a,n,r)=>{const o=r?{size:i.N}:{size:0},s=r?{sort:{"@timestamp":"desc"}}:{},l=Array.isArray(t)&&1===t.length?t[0]:t;let c;return c={bool:{must:{match:{[e]:l}}}},void 0!==a&&void 0!==n&&(c={...c,bool:{...c.bool,filter:[{range:{"@timestamp":{gte:a,lte:n}}}]}}),Array.isArray(t)&&t.length>1&&(c={bool:{must:t.map((t=>({term:{[e]:t}})))}},void 0!==a&&void 0!==n&&c.bool.must.push({range:{"@timestamp":{gte:a,lte:n}}})),{...o,...s,_source:!1,aggs:{[u]:{terms:{field:e,size:i.N}}},query:c,runtime_mappings:{}}}},,function(e,t,a){const n=a(192);e.exports=(e,t,a)=>n(e,t,a)<=0},function(e,t,a){"use strict";a.d(t,"a",(function(){return c})),a.d(t,"b",(function(){return u}));var n=a(2),i=a(46),r=a(547),o=a(143),s=a(354);const l=["GET",r.b],c=e=>Object(i.useQuery)(l,(async({signal:e})=>await Object(o.i)({signal:e})),{...s.a,...e}),u=()=>{const e=Object(i.useQueryClient)();return Object(n.useCallback)((()=>{e.invalidateQueries(l,{refetchType:"active"})}),[e])}},,function(e,t,a){"use strict";a.d(t,"c",(function(){return h})),a.d(t,"b",(function(){return v})),a.d(t,"d",(function(){return x})),a.d(t,"a",(function(){return k}));var n=a(2),i=a.n(n),r=a(40),o=a(44),s=a(5);const l=s.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.cancel",{defaultMessage:"Cancel"}),c=s.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.confirm",{defaultMessage:"Confirm"}),u=s.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.comment",{defaultMessage:"Comment"}),d=s.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.comment.placeholder",{defaultMessage:"You may leave an optional note here."}),p=e=>s.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.isolation.successfulMessage",{defaultMessage:"Isolation on host {hostName} successfully submitted",values:{hostName:e}}),m=e=>s.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.unisolate.successfulMessage",{defaultMessage:"Release on host {hostName} successfully submitted",values:{hostName:e}}),g=s.i18n.translate("xpack.securitySolution.endpoint.hostisolation.unisolate",{defaultMessage:"release"}),y=s.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.isolated",{defaultMessage:"isolated"});var f=a(822),b=a(123);const h=Object(n.memo)((({hostName:e,alertId:t,isolateAction:a="isolateHost",additionalInfo:s})=>i.a.createElement(r.EuiCallOut,{iconType:"check",color:"success",title:"isolateHost"===a?p(e):m(e),"data-test-subj":"isolateHost"===a?"hostIsolateSuccessMessage":"hostUnisolateSuccessMessage"},void 0!==t?(({alertIdForCase:e})=>{const{casesInfo:t}=Object(f.a)({alertId:e}),a=Object(n.useMemo)((()=>t.length),[t]),s=Object(n.useMemo)((()=>t.map(((e,t)=>i.a.createElement("li",{key:e.id},i.a.createElement(b.a,{detailName:e.id},i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.endpoint.hostIsolation.placeholderCase",defaultMessage:"{caseName}",values:{caseName:e.title}})))))),[t]);return i.a.createElement(i.a.Fragment,null,a>0&&i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiText,{size:"s"},i.a.createElement("p",null,i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.endpoint.hostIsolation.successfulIsolation.cases",defaultMessage:"This action has been attached to the following {caseCount, plural, one {case} other {cases}}:",values:{caseCount:a}}))),i.a.createElement(r.EuiText,{size:"s"},i.a.createElement("ul",null,s))))})({alertIdForCase:t}):s)));h.displayName="EndpointIsolateSuccess";var E=a(1065);const v=Object(n.memo)((({hostName:e,onCancel:t,onConfirm:a,onChange:s,comment:p="",messageAppend:m,isLoading:g=!1})=>{const y=Object(n.useCallback)((e=>{s({comment:e.target.value})}),[s]);return i.a.createElement(i.a.Fragment,null,i.a.createElement(E.a,null),i.a.createElement(r.EuiForm,{"data-test-subj":"endpointHostIsolationForm"},i.a.createElement(r.EuiFormRow,{fullWidth:!0},i.a.createElement(r.EuiText,{size:"s"},i.a.createElement("p",null,i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.endpoint.hostIsolation.isolateThisHost",defaultMessage:"Isolate host {hostName} from network.",values:{hostName:i.a.createElement("b",null,e)}}),i.a.createElement("br",null)),i.a.createElement("p",null,i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.endpoint.hostIsolation.isolateThisHostAbout",defaultMessage:"Isolating a host will disconnect it from the network. The host will only be able to communicate with the Kibana platform."})," ",m))),i.a.createElement(r.EuiFormRow,{label:u,fullWidth:!0},i.a.createElement(r.EuiTextArea,{"data-test-subj":"host_isolation_comment",fullWidth:!0,placeholder:d,value:p,onChange:y})),i.a.createElement(r.EuiFormRow,{fullWidth:!0},i.a.createElement(r.EuiFlexGroup,{justifyContent:"flexEnd"},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButtonEmpty,{onClick:t,disabled:g,"data-test-subj":"hostIsolateCancelButton"},l)),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButton,{fill:!0,onClick:a,disabled:g,isLoading:g,"data-test-subj":"hostIsolateConfirmButton"},c))))))}));v.displayName="EndpointIsolateForm";const x=Object(n.memo)((({hostName:e,onCancel:t,onConfirm:a,onChange:s,comment:p="",messageAppend:m,isLoading:f=!1})=>{const b=Object(n.useCallback)((e=>{s({comment:e.target.value})}),[s]);return i.a.createElement(i.a.Fragment,null,i.a.createElement(E.a,null),i.a.createElement(r.EuiForm,{"data-test-subj":"endpointHostIsolationForm"},i.a.createElement(r.EuiFormRow,{fullWidth:!0},i.a.createElement(r.EuiText,{size:"s"},i.a.createElement("p",null,i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.endpoint.hostIsolation.unIsolateThisHost",defaultMessage:"{hostName} is currently {isolated}. Are you sure you want to {unisolate} this host?",values:{hostName:i.a.createElement("b",null,e),isolated:i.a.createElement("b",null,y),unisolate:i.a.createElement("b",null,g)}})," ",m))),i.a.createElement(r.EuiFormRow,{label:u,fullWidth:!0},i.a.createElement(r.EuiTextArea,{"data-test-subj":"host_isolation_comment",fullWidth:!0,placeholder:d,value:p,onChange:b})),i.a.createElement(r.EuiFormRow,{fullWidth:!0},i.a.createElement(r.EuiFlexGroup,{justifyContent:"flexEnd"},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButtonEmpty,{onClick:t,disabled:f,"data-test-subj":"hostIsolateCancelButton"},l)),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButton,{fill:!0,onClick:a,disabled:f,isLoading:f},c))))))}));x.displayName="EndpointUnisolateForm";const k=i.a.memo((({onClick:e,buttonText:t})=>{const a=Object(n.useCallback)((()=>e()),[e]);return i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiSpacer,{size:"m"}),i.a.createElement(r.EuiFlexGroup,{gutterSize:"none",justifyContent:"flexEnd"},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButtonEmpty,{flush:"right",onClick:a,"data-test-subj":"hostIsolateSuccessCompleteButton"},i.a.createElement(r.EuiText,{size:"s"},i.a.createElement("p",null,t))))))}));k.displayName="ActionCompletionReturnButton"},function(e,t,a){"use strict";a.d(t,"a",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"d",(function(){return n})),a.d(t,"e",(function(){return v})),a.d(t,"c",(function(){return x}));var n={};a.r(n),a.d(n,"authenticationsSelector",(function(){return c})),a.d(n,"hostsSelector",(function(){return u})),a.d(n,"hostRiskScoreSelector",(function(){return d})),a.d(n,"hostRiskScoreSeverityFilterSelector",(function(){return p})),a.d(n,"uncommonProcessesSelector",(function(){return m})),a.d(n,"hostsAnomaliesJobIdFilterSelector",(function(){return g})),a.d(n,"hostsAnomaliesIntervalSelector",(function(){return y}));var i=a(525),r=a(200),o=a(42),s=a(139);const l=(e,t)=>Object(o.get)(t,e.hosts),c=()=>Object(s.createSelector)(l,(e=>e.queries.authentications)),u=()=>Object(s.createSelector)(l,(e=>e.queries[r.HostsTableType.hosts])),d=()=>Object(s.createSelector)(l,(e=>e.queries[r.HostsTableType.risk])),p=()=>Object(s.createSelector)(l,(e=>e.queries[r.HostsTableType.risk].severitySelection)),m=()=>Object(s.createSelector)(l,(e=>e.queries.uncommonProcesses)),g=()=>Object(s.createSelector)(l,(e=>e.queries[r.HostsTableType.anomalies].jobIdSelection)),y=()=>Object(s.createSelector)(l,(e=>e.queries[r.HostsTableType.anomalies].intervalSelection));var f=a(208),b=a(113),h=a(314),E=a(835);const v={page:{queries:{[r.HostsTableType.authentications]:{activePage:h.a,limit:h.b},[r.HostsTableType.hosts]:{activePage:h.a,limit:h.b,direction:b.b.desc,sortField:b.h.lastSeen},[r.HostsTableType.events]:{activePage:h.a,limit:h.b},[r.HostsTableType.uncommonProcesses]:{activePage:h.a,limit:h.b},[r.HostsTableType.anomalies]:{jobIdSelection:[],intervalSelection:"auto"},[r.HostsTableType.risk]:{activePage:h.a,limit:h.b,sort:{field:b.x.hostRiskScore,direction:b.b.desc},severitySelection:[]},[r.HostsTableType.sessions]:{activePage:h.a,limit:h.b}}},details:{queries:{[r.HostsTableType.authentications]:{activePage:h.a,limit:h.b},[r.HostsTableType.hosts]:{activePage:h.a,direction:b.b.desc,limit:h.b,sortField:b.h.lastSeen},[r.HostsTableType.events]:{activePage:h.a,limit:h.b},[r.HostsTableType.uncommonProcesses]:{activePage:h.a,limit:h.b},[r.HostsTableType.anomalies]:{jobIdSelection:[],intervalSelection:"auto"},[r.HostsTableType.risk]:{activePage:h.a,limit:h.b,sort:{field:b.x.hostRiskScore,direction:b.b.desc},severitySelection:[]},[r.HostsTableType.sessions]:{activePage:h.a,limit:h.b}}}},x=Object(f.reducerWithInitialState)(v).case(i.setHostTablesActivePageToZero,(e=>({...e,page:{...e.page,queries:Object(E.c)(e)},details:{...e.details,queries:Object(E.b)(e)}}))).case(i.setHostDetailsTablesActivePageToZero,(e=>({...e,details:{...e.details,queries:Object(E.b)(e)}}))).case(i.updateTableActivePage,((e,{activePage:t,hostsType:a,tableType:n})=>({...e,[a]:{...e[a],queries:{...e[a].queries,[n]:{...e[a].queries[n],activePage:t}}}}))).case(i.updateTableLimit,((e,{limit:t,hostsType:a,tableType:n})=>({...e,[a]:{...e[a],queries:{...e[a].queries,[n]:{...e[a].queries[n],limit:t}}}}))).case(i.updateHostsSort,((e,{sort:t,hostsType:a})=>({...e,[a]:{...e[a],queries:{...e[a].queries,[r.HostsTableType.hosts]:{...e[a].queries[r.HostsTableType.hosts],direction:t.direction,sortField:t.field,activePage:h.a}}}}))).case(i.updateHostRiskScoreSort,((e,{sort:t,hostsType:a})=>({...e,[a]:{...e[a],queries:{...e[a].queries,[r.HostsTableType.risk]:{...e[a].queries[r.HostsTableType.risk],sort:t}}}}))).case(i.updateHostRiskScoreSeverityFilter,((e,{severitySelection:t,hostsType:a})=>({...e,[a]:{...e[a],queries:{...e[a].queries,[r.HostsTableType.risk]:{...e[a].queries[r.HostsTableType.risk],severitySelection:t,activePage:h.a}}}}))).case(i.updateHostsAnomaliesJobIdFilter,((e,{jobIds:t,hostsType:a})=>({...e,[a]:{...e[a],queries:{...e[a].queries,[r.HostsTableType.anomalies]:{...e[a].queries[r.HostsTableType.anomalies],jobIdSelection:t}}}}))).case(i.updateHostsAnomaliesInterval,((e,{interval:t,hostsType:a})=>({...e,[a]:{...e[a],queries:{...e[a].queries,[r.HostsTableType.anomalies]:{...e[a].queries[r.HostsTableType.anomalies],intervalSelection:t}}}}))).build()},function(e,t,a){"use strict";a.d(t,"a",(function(){return y})),a.d(t,"b",(function(){return f}));var n=a(46),i=a(2),r=a(373),o=a(143),s=a(8);const l=["TA0043","TA0042","TA0001","TA0002","TA0003","TA0004","TA0005","TA0006","TA0007","TA0008","TA0009","TA0011","TA0010","TA0040"],c=()=>a.e(19).then(a.bind(null,1443));function u(e){const t={totalRulesCount:Object.keys(e).length,totalEnabledRulesCount:0};for(const a of Object.keys(e))e[a].activity===r.b.Enabled&&t.totalEnabledRulesCount++;return t}function d(e){const t={enabledRules:[],disabledRules:[],availableRules:[]};for(const a of e.unmapped_rule_ids)p(t,a,e.rules_data[a]);return t}function p(e,t,a){a&&(a.activity===r.b.Enabled?e.enabledRules.push({id:t,name:a.name}):a.activity===r.b.Disabled&&e.disabledRules.push({id:t,name:a.name}))}var m=a(354);const g=["POST",r.d],y=(e={},t)=>Object(n.useQuery)([...g,e],(async({signal:t})=>async function(e){const t=await c(),{tactics:a,techniques:n,subtechniques:i}=t,r=function(e,t,a){const n=new Map;for(const e of a){const t={id:e.id,name:e.name,reference:e.reference,enabledRules:[],disabledRules:[],availableRules:[]},a=n.get(e.techniqueId);a?a.push(t):n.set(e.techniqueId,[t])}const i=new Map;for(const e of t){var r;const t={id:e.id,name:e.name,reference:e.reference,subtechniques:null!==(r=n.get(e.id))&&void 0!==r?r:[],enabledRules:[],disabledRules:[],availableRules:[]};for(const a of e.tactics){const e=i.get(a);e?e.push(t):i.set(a,[t])}}const o=e.sort(((e,t)=>l.indexOf(e.id)-l.indexOf(t.id))),c=[];for(const e of o){var u;c.push({id:e.id,name:e.name,reference:e.reference,techniques:null!==(u=i.get(Object(s.kebabCase)(e.name)))&&void 0!==u?u:[],enabledRules:[],disabledRules:[],availableRules:[]})}return c}(a,n,i);for(const t of r){for(const a of null!==(o=e.coverage[t.id])&&void 0!==o?o:[]){var o;p(t,a,e.rules_data[a])}for(const a of t.techniques){for(const t of null!==(m=e.coverage[a.id])&&void 0!==m?m:[]){var m;p(a,t,e.rules_data[t])}for(const t of a.subtechniques)for(const a of null!==(g=e.coverage[t.id])&&void 0!==g?g:[]){var g;p(t,a,e.rules_data[a])}}}return{mitreTactics:r,unmappedRules:d(e),metrics:u(e.rules_data)}}(await Object(o.g)({signal:t,filter:e}))),{...m.a,...t}),f=()=>{const e=Object(n.useQueryClient)();return Object(i.useCallback)((()=>{e.invalidateQueries(g,{refetchType:"active"})}),[e])}},,,,,,,,function(e,t,a){"use strict";a.d(t,"b",(function(){return r})),a.d(t,"a",(function(){return o}));var n=a(324),i=a(174);const r=e=>Object(n.flow)(l)(e),o=e=>Object(n.flow)(s)(e),s=e=>{if("threat_match"===e.type&&null!=e.threat_mapping){const t=e.threat_mapping.map((e=>{const t=e.entries.map((e=>Object(i.d)(e)));return Object(i.d)({entries:t})}));return{...e,threat_mapping:t}}return e},l=e=>{if("threat_match"===e.type&&null!=e.threat_mapping){const t=e.threat_mapping.map((e=>{const t=e.entries.map((e=>Object(i.g)(e)));return{...Object(i.g)(e),entries:t}}));return{...e,threat_mapping:t}}return e}},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(239);const i=({status:e,query:t,signalIds:a,signal:i})=>{if(a&&a.length>0)return Object(n.j)({status:e,signalIds:a,signal:i}).then((({items:e})=>({updated:e.length,version_conflicts:0})));if(t)return Object(n.k)({status:e,query:t,signal:i}).then((({updated:e,version_conflicts:t})=>({updated:null!=e?e:0,version_conflicts:t})));throw new Error("Either query or signalIds must be provided")}},,,,function(e,t,a){"use strict";a.d(t,"b",(function(){return r})),a.d(t,"a",(function(){return o}));var n=a(2),i=a(102);const r=()=>{const[e,t]=Object(n.useState)(!1),a=Object(n.useCallback)((()=>{t(!1)}),[]);return[e,Object(n.useCallback)((()=>{t(!0)}),[]),a]},o=e=>{const{capabilities:t}=Object(i.j)().services.application;return!!t.siem[e]}},function(e,t,a){"use strict";a.d(t,"l",(function(){return i})),a.d(t,"o",(function(){return r})),a.d(t,"u",(function(){return o})),a.d(t,"s",(function(){return s})),a.d(t,"q",(function(){return l})),a.d(t,"r",(function(){return c})),a.d(t,"m",(function(){return u})),a.d(t,"k",(function(){return d})),a.d(t,"p",(function(){return p})),a.d(t,"x",(function(){return m})),a.d(t,"t",(function(){return g})),a.d(t,"n",(function(){return y})),a.d(t,"w",(function(){return f})),a.d(t,"v",(function(){return b})),a.d(t,"h",(function(){return h})),a.d(t,"i",(function(){return E})),a.d(t,"j",(function(){return v})),a.d(t,"b",(function(){return x})),a.d(t,"e",(function(){return k})),a.d(t,"c",(function(){return S})),a.d(t,"d",(function(){return w})),a.d(t,"a",(function(){return j})),a.d(t,"g",(function(){return O})),a.d(t,"f",(function(){return I}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.filtersLabel",{defaultMessage:"Filters"}),r=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.QueryLabel",{defaultMessage:"Custom query"}),o=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.threatQueryLabel",{defaultMessage:"Indicator index query"}),s=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.savedIdLabel",{defaultMessage:"Saved query name"}),l=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.savedQueryFiltersLabel",{defaultMessage:"Saved query filters"}),c=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.savedQueryLabel",{defaultMessage:"Saved query"}),u=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.mlRuleTypeDescription",{defaultMessage:"Machine Learning"}),d=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.eqlRuleTypeDescription",{defaultMessage:"Event Correlation"}),p=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.queryRuleTypeDescription",{defaultMessage:"Query"}),m=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.thresholdRuleTypeDescription",{defaultMessage:"Threshold"}),g=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.threatMatchRuleTypeDescription",{defaultMessage:"Indicator Match"}),y=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.newTermsRuleTypeDescription",{defaultMessage:"New Terms"}),f=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.thresholdResultsAllDescription",{defaultMessage:"All results"}),b=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.thresholdResultsAggregatedByDescription",{defaultMessage:"Results aggregated by"}),h=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.eqlEventCategoryFieldLabel",{defaultMessage:"Event category field"}),E=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.eqlTiebreakerFieldLabel",{defaultMessage:"Tiebreaker field"}),v=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.eqlTimestampFieldLabel",{defaultMessage:"Timestamp field"}),x=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.alertSuppressionInsufficientLicense",{defaultMessage:"Alert suppression is configured but will not be applied due to insufficient licensing"}),k=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.alertSuppressionTechnicalPreview",{defaultMessage:"Technical Preview"}),S=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.alertSuppressionPerRuleExecution",{defaultMessage:"One rule execution"}),w=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.alertSuppressionSuppressOnMissingFieldsDescription",{defaultMessage:"Suppress and group alerts for events with missing fields"}),j=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.alertSuppressionDoNotSuppressOnMissingFieldsDescription",{defaultMessage:"Do not suppress alerts for events with missing fields"}),O=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.buildingBlockLabel",{defaultMessage:"Building block"}),I=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.buildingBlockDescription",{defaultMessage:'All generated alerts will be marked as "building block" alerts'})},function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(2),i=a.n(n),r=a(10),o=a.n(r),s=a(102);const l=Object(n.memo)((()=>{const{getStartedComponent$:e}=Object(s.j)().services,t=o()(e);return i.a.createElement(i.a.Fragment,null,t)}));l.displayName="LandingPageComponent"},function(e,t,a){"use strict";a.d(t,"f",(function(){return f})),a.d(t,"b",(function(){return b})),a.d(t,"a",(function(){return E})),a.d(t,"e",(function(){return v})),a.d(t,"d",(function(){return j})),a.d(t,"c",(function(){return O}));var n=a(42),i=a(50),r=a.n(i),o=a(343),s=a.n(o),l=a(1309),c=a.n(l),u=a(163),d=a(145),p=a(737),m=a(213),g=a(207),y=a(528);const f=e=>{const t={unit:"ms",value:0},a=e.match(/\d+/g),i=e.match(/[a-zA-Z]+/g);return Object(n.isEmpty)(a)||null==a||isNaN(Number(a[0]))||(t.value=Number(a[0])),!Object(n.isEmpty)(i)&&null!=i&&["s","m","h","d"].includes(i[0])&&(t.unit=i[0]),t},b=(e,t)=>{switch(t){case"machine_learning":const{index:t,queryBar:a,threshold:n,threatIndex:i,threatQueryBar:r,threatMapping:o,eqlOptions:s,newTermsFields:l,historyWindowSize:c,...u}=e;return u;case"threshold":const{anomalyThreshold:d,machineLearningJobId:p,threatIndex:m,threatQueryBar:g,threatMapping:y,eqlOptions:f,newTermsFields:b,historyWindowSize:h,...E}=e;return E;case"threat_match":const{anomalyThreshold:v,machineLearningJobId:x,threshold:k,eqlOptions:S,newTermsFields:w,historyWindowSize:j,...O}=e;return O;case"query":case"saved_query":const{anomalyThreshold:I,machineLearningJobId:T,threshold:C,threatIndex:M,threatQueryBar:F,threatMapping:D,eqlOptions:A,newTermsFields:_,historyWindowSize:N,...R}=e;return R;case"eql":const{anomalyThreshold:q,machineLearningJobId:P,threshold:L,threatIndex:B,threatQueryBar:z,threatMapping:$,newTermsFields:V,historyWindowSize:G,...U}=e;return U;case"new_terms":const{anomalyThreshold:H,machineLearningJobId:W,threshold:Q,threatIndex:Y,threatQueryBar:K,threatMapping:Z,eqlOptions:J,...X}=e;return X}Object(d.a)(t)};function h(e){return e.filter((e=>"none"!==e.name))}const E=e=>e.filter((e=>"none"!==e.tactic.name)).map((e=>{var t;return{...e,technique:h(null!==(t=e.technique)&&void 0!==t?t:[]).map((e=>({...e,subtechnique:null!=e.subtechnique?h(e.subtechnique):[]})))}})),v=e=>{const t={...e};return e.dataSourceType===m.a.DataView?c()(t,["index","dataSourceType"]):e.dataSourceType===m.a.IndexPatterns?c()(t,["dataViewId","dataSourceType"]):t},x=e=>{var t,a,i,r,o,s,l,c,u,d,p,y,f,h,E,x,k,S,w,j,O,I,T,C,M,F,D,A,_,N,R,q,P,L,B,z,$,V,G,U,H,W,Q,Y,K,Z;const J=v(e),X=b(J,J.ruleType),{ruleType:ee,timeline:te}=X;var ae;return{...{type:ee,...null!=te.id&&null!=te.title&&{timeline_id:te.id,timeline_title:te.title}},...(ae=X,Object(n.has)("anomalyThreshold",ae)?{anomaly_threshold:X.anomalyThreshold,machine_learning_job_id:X.machineLearningJobId}:(e=>Object(n.has)("threshold",e))(X)?{index:X.index,filters:null===(t=X.queryBar)||void 0===t?void 0:t.filters,language:null===(a=X.queryBar)||void 0===a||null===(i=a.query)||void 0===i?void 0:i.language,query:null===(r=X.queryBar)||void 0===r||null===(o=r.query)||void 0===o?void 0:o.query,saved_id:null!==(s=null===(l=X.queryBar)||void 0===l?void 0:l.saved_id)&&void 0!==s?s:void 0,..."threshold"===ee&&{threshold:{field:null!==(c=null===(u=X.threshold)||void 0===u?void 0:u.field)&&void 0!==c?c:[],value:null!==(d=parseInt(null===(p=X.threshold)||void 0===p?void 0:p.value,10))&&void 0!==d?d:0,cardinality:Object(n.isEmpty)(null===(y=X.threshold.cardinality)||void 0===y?void 0:y.field)||null==(null===(f=X.threshold.cardinality)||void 0===f?void 0:f.value)?[]:[{field:X.threshold.cardinality.field[0],value:parseInt(X.threshold.cardinality.value,10)}]}}}:(e=>Object(n.has)("threatIndex",e))(X)?{index:X.index,filters:null===(h=X.queryBar)||void 0===h?void 0:h.filters,language:null===(E=X.queryBar)||void 0===E||null===(x=E.query)||void 0===x?void 0:x.language,query:null===(k=X.queryBar)||void 0===k||null===(S=k.query)||void 0===S?void 0:S.query,saved_id:null!==(w=null===(j=X.queryBar)||void 0===j?void 0:j.saved_id)&&void 0!==w?w:void 0,threat_index:X.threatIndex,threat_query:null===(O=X.threatQueryBar)||void 0===O||null===(I=O.query)||void 0===I?void 0:I.query,threat_filters:null===(T=X.threatQueryBar)||void 0===T?void 0:T.filters,threat_mapping:X.threatMapping,threat_language:null===(C=X.threatQueryBar)||void 0===C||null===(M=C.query)||void 0===M?void 0:M.language}:(e=>Object(n.has)("eqlOptions",e))(X)?{index:X.index,filters:null===(F=X.queryBar)||void 0===F?void 0:F.filters,language:null===(D=X.queryBar)||void 0===D||null===(A=D.query)||void 0===A?void 0:A.language,query:null===(_=X.queryBar)||void 0===_||null===(N=_.query)||void 0===N?void 0:N.query,saved_id:null!==(R=null===(q=X.queryBar)||void 0===q?void 0:q.saved_id)&&void 0!==R?R:void 0,timestamp_field:null===(P=X.eqlOptions)||void 0===P?void 0:P.timestampField,event_category_override:null===(L=X.eqlOptions)||void 0===L?void 0:L.eventCategoryField,tiebreaker_field:null===(B=X.eqlOptions)||void 0===B?void 0:B.tiebreakerField}:(e=>Object(n.has)("newTermsFields",e))(X)?{index:X.index,filters:null===(z=X.queryBar)||void 0===z?void 0:z.filters,language:null===($=X.queryBar)||void 0===$||null===(V=$.query)||void 0===V?void 0:V.language,query:null===(G=X.queryBar)||void 0===G||null===(U=G.query)||void 0===U?void 0:U.query,new_terms_fields:X.newTermsFields,history_window_start:`now-${X.historyWindowSize}`}:{...X.groupByFields.length>0?{alert_suppression:{group_by:X.groupByFields,duration:X.groupByRadioSelection===m.b.PerTimePeriod?X.groupByDuration:void 0,missing_fields_strategy:X.suppressionMissingFields||g.f}}:{},index:X.index,filters:null===(H=X.queryBar)||void 0===H?void 0:H.filters,language:null===(W=X.queryBar)||void 0===W||null===(Q=W.query)||void 0===Q?void 0:Q.language,query:null===(Y=X.queryBar)||void 0===Y||null===(K=Y.query)||void 0===K?void 0:K.query,saved_id:void 0,type:"query",...["query","saved_query"].includes(ee)&&(null===(Z=X.queryBar)||void 0===Z?void 0:Z.saved_id)&&X.shouldLoadQueryDynamically&&{type:"saved_query",query:void 0,filters:void 0,saved_id:X.queryBar.saved_id}}),data_view_id:X.dataViewId}},k=e=>{const{...t}=e;if(!Object(n.isEmpty)(t.interval)&&!Object(n.isEmpty)(t.from)){const{unit:e,value:a}=f(t.interval),{unit:n,value:i}=f(t.from),o=r.a.duration(a,e);o.add(i,n),t.from=`now-${o.asSeconds()}s`,t.to="now"}return{...t,meta:{from:e.from}}},S=(e,t)=>{const{author:a,falsePositives:i,investigationFields:r,references:o,riskScore:s,severity:l,threat:c,isAssociatedToEndpointList:d,isBuildingBlock:p,note:m,ruleNameOverride:g,threatIndicatorPath:y,timestampOverride:f,timestampOverrideFallbackDisabled:b,...h}=e,v=null!=t?t.filter((e=>"endpoint"!==e.type)):[];return{author:a.filter((e=>!Object(n.isEmpty)(e))),...p?{building_block_type:"default"}:{},...d?{exceptions_list:[{id:u.k,list_id:u.k,namespace_type:"agnostic",type:"endpoint"},...v]}:null!=t?{exceptions_list:[...v]}:{},false_positives:i.filter((e=>!Object(n.isEmpty)(e))),references:o.filter((e=>!Object(n.isEmpty)(e))),investigation_fields:r.filter((e=>!Object(n.isEmpty)(e.trim()))),risk_score:s.value,risk_score_mapping:s.isMappingChecked?s.mapping.filter((e=>null!=e.field&&""!==e.field)):[],rule_name_override:""!==g?g:void 0,severity:l.value,severity_mapping:l.isMappingChecked?l.mapping.filter((e=>null!=e.field&&""!==e.field&&null!=e.value)):[],threat:E(c).map((e=>({...e,framework:"MITRE ATT&CK"}))),threat_indicator_path:y,timestamp_override:""!==f?f:void 0,timestamp_override_fallback_disabled:b,...Object(n.isEmpty)(m)?{}:{note:m},...h}},w=e=>{const{actions:t=[],responseActions:a,enabled:n,kibanaSiemAppUrl:i}=e;return{actions:t.map(p.b),response_actions:null==a?void 0:a.map(p.c),enabled:n,meta:{kibana_siem_app_url:i}}},j=(e,t,a,n,i)=>s.a.all([x(e),S(t,i),k(a),w(n)]),O=({defineRuleData:e,aboutRuleData:t,scheduleRuleData:a,exceptionsList:n})=>{const i={...t,name:"Preview Rule",description:"Preview Rule"};return{...j(e,i,a,y.c,n)}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return se}));var n=a(2),i=a.n(n),r=a(41),o=a.n(r),s=a(42),l=a(40),c=a(163),u=a(120),d=a(5);const p=d.i18n.translate("xpack.securitySolution.ruleExceptions.addException.cancel",{defaultMessage:"Cancel"}),m=d.i18n.translate("xpack.securitySolution.ruleExceptions.addException.createRuleExceptionLabel",{defaultMessage:"Add rule exception"}),g=d.i18n.translate("xpack.securitySolution.ruleExceptions.addException.addEndpointException",{defaultMessage:"Add Endpoint Exception"}),y=d.i18n.translate("xpack.securitySolution.ruleExceptions.addException.submitError.title",{defaultMessage:"An error occured submitting exception"}),f=d.i18n.translate("xpack.securitySolution.ruleExceptions.addException.submitError.dismissButton",{defaultMessage:"Dismiss"}),b=d.i18n.translate("xpack.securitySolution.ruleExceptions.addException.submitError.message",{defaultMessage:"View toast for error details."}),h=d.i18n.translate("xpack.securitySolution.ruleExceptions.addException.success",{defaultMessage:"Rule exception added to shared exception list"}),E=d.i18n.translate("xpack.securitySolution.ruleExceptions.addExceptionFlyout.addRuleExceptionToastSuccessTitle",{defaultMessage:"Rule exception added"});var v=a(611),x=a(281);const k={initialItems:[],exceptionItems:[],exceptionItemMeta:{name:""},newComment:"",itemConditionValidationErrorExists:!1,closeSingleAlert:!1,bulkCloseAlerts:!1,disableBulkClose:!1,bulkCloseIndex:void 0,selectedOs:void 0,exceptionListsToAddTo:[],addExceptionToRadioSelection:"add_to_rule",selectedRulesToAddTo:[],listType:u.b.RULE_DEFAULT,errorSubmitting:null,expireTime:void 0,expireErrorExists:!1};var S=a(890),w=a(891),j=a(806),O=a(882);const I=d.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addExceptionToRuleOrList.addToListsLabel",{defaultMessage:"Add to rule or lists"});var T=a(44),C=a(874);const M=({possibleRules:e,isSingleRule:t,isBulkAction:a,selectedRadioOption:r,onRuleSelectionChange:o,onRadioChange:s})=>{const c=Object(n.useMemo)((()=>a&&null!=e?{id:"add_to_rules",label:i.a.createElement(l.EuiText,{"data-test-subj":"addToRulesRadioOption"},i.a.createElement(T.FormattedMessage,{defaultMessage:"Add to [{numRules}] selected rules: {ruleNames}",id:"xpack.securitySolution.exceptions.common.addToRulesOptionLabel",values:{numRules:e.length,ruleNames:i.a.createElement("span",{style:{fontWeight:"bold"}},e.map((({name:e})=>e)).join(","))}})),checked:"add_to_rules"===r,"data-test-subj":"addToRulesOptionsRadio",onChange:()=>{s("add_to_rules"),o(e)}}:t&&null!=e?{id:"add_to_rule",label:i.a.createElement(l.EuiText,{"data-test-subj":"addToRuleRadioOption"},i.a.createElement(T.FormattedMessage,{defaultMessage:"Add to this rule: {ruleName}",id:"xpack.securitySolution.exceptions.common.addToRuleOptionLabel",values:{ruleName:i.a.createElement("span",{style:{fontWeight:"bold"}},e[0].name)}})),checked:"add_to_rule"===r,"data-test-subj":"addToRuleOptionsRadio",onChange:()=>{s("add_to_rule"),o(e)}}:{id:"select_rules_to_add_to",label:i.a.createElement(l.EuiText,{"data-test-subj":"selectRulesToAddToRadioOption"},i.a.createElement(T.FormattedMessage,{defaultMessage:"Add to rules",id:"xpack.securitySolution.exceptions.common.selectRulesOptionLabel"})),checked:"select_rules_to_add_to"===r,"data-test-subj":"selectRulesToAddToOptionRadio",onChange:()=>s("select_rules_to_add_to")}),[a,e,t,r,s,o]);return i.a.createElement(i.a.Fragment,null,i.a.createElement(l.EuiRadio,c),"select_rules_to_add_to"===r&&i.a.createElement(C.a,{onRuleSelectionChange:o,initiallySelectedRules:[]}))},F=i.a.memo(M);F.displayName="ExceptionsAddToRulesOptions";const D=d.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToListsOptions.addToListsOptionLabel",{defaultMessage:"Add to shared exception lists"}),A=d.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToListsOptions.gotToSharedExceptions",{defaultMessage:"Manage shared exception lists"}),_=d.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToListsOptions.addToListsTooltip",{defaultMessage:"Shared exception list is a group of exceptions. Select this option if you’d like to add this exception to shared exception lists."}),N=e=>d.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToListsOptions.addToListsTooltipTitle",{values:{rulesCount:e},defaultMessage:"Shared exception list is a group of exceptions shared across rules. {rulesCount, plural, =1 {This rule currently has no shared} other {These rules currently have no commonly shared}} exception lists attached. To create one, visit the Shared Exception Lists page."});var R=a(605);const q=d.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToListsTableSelection.addToListsDescription",{defaultMessage:"After you create the exception, it is added to the exception lists you select."}),P=(d.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToListsTableSelection.viewListDetailActionLabel",{defaultMessage:"View list detail"}),d.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToListsTableSelection.referencesFetchError",{defaultMessage:"Unable to load shared exception lists"}));var L=a(565);const B=Object(n.memo)((({list:e,linkedList:t,onListLinkChange:a,dataTestSubj:r})=>{const o=Object(n.useMemo)((()=>Boolean(t.find((t=>t.id===e.id)))),[t,e.id]),s=Object(n.useCallback)((({target:{checked:n}})=>{const i=n?[...t,e]:null==t?void 0:t.filter((t=>t.id!==e.id));"function"==typeof a&&a(i)}),[t,a,e]);return i.a.createElement(l.EuiFlexItem,{grow:!1},i.a.createElement(l.EuiSwitch,{"data-test-subj":r,onChange:s,label:"",checked:o}))}));B.displayName="LinkListSwitch";var z=a(313);const $=({showAllSharedLists:e,sharedExceptionLists:t,onListSelectionChange:a})=>{const{error:r,isLoading:o,pagination:s,lists:c,listTableColumnsWithLinkSwitch:d,onTableChange:p,addToSelectedListDescription:m}=(({showAllSharedLists:e,sharedExceptionLists:t,onListSelectionChange:a})=>{const[r,o]=Object(n.useState)([]),[s,l]=Object(n.useState)(!1),c=Object(n.useMemo)((()=>e?[]:t),[e,t]),[d,p]=Object(n.useState)([]),[m,g]=Object(n.useState)({pageIndex:0,initialPageSize:5,showPerPageOptions:!1}),[y,f]=Object(n.useState)(void 0),b=Object(n.useCallback)((async()=>{try{return l(!0),Object(R.c)(c.length?c:[{namespace_type:"single"}])}catch(e){f(P)}}),[c]),h=Object(n.useCallback)((async()=>{const e=await b();if(!e)return l(!1);const t=[];for(const a of Object.values(e))a.type===u.b.DETECTION&&t.push(a);o(t),l(!1)}),[b]);Object(n.useEffect)((()=>{h()}),[c,b,h]),Object(n.useEffect)((()=>{a(d.map((({referenced_rules:e,namespace_type:t,os_types:a,tags:n,...i})=>({...i,namespace_type:null!=t?t:"single",os_types:null!=a?a:[],tags:null!=n?n:[]}))))}),[d,a]);const E=Object(n.useMemo)((()=>[{field:"link",name:L.b,align:"left","data-test-subj":"ruleActionLinkRuleSwitch",render:(e,t)=>i.a.createElement(B,{dataTestSubj:"addToSharedListSwitch",list:t,linkedList:d,onListLinkChange:p})},...Object(z.d)()]),[d]),v=Object(n.useCallback)((({page:{index:e}})=>g({...m,pageIndex:e})),[m]);return{error:y,isLoading:s,pagination:m,lists:r,listTableColumnsWithLinkSwitch:E,addToSelectedListDescription:q,onTableChange:v}})({showAllSharedLists:e,sharedExceptionLists:t,onListSelectionChange:a});return i.a.createElement(l.EuiPanel,{color:"subdued",borderRadius:"none",hasShadow:!1},i.a.createElement(i.a.Fragment,null,i.a.createElement(l.EuiText,{size:"s"},m),i.a.createElement(l.EuiSpacer,{size:"s"}),i.a.createElement(l.EuiSpacer,{size:"s"}),i.a.createElement(l.EuiInMemoryTable,{sorting:!0,tableLayout:"auto",tableCaption:"Table of exception lists","data-test-subj":"addExceptionToSharedListsTable",error:r,items:c,loading:o,message:o?i.a.createElement(l.EuiSkeletonText,{lines:4,"data-test-subj":"exceptionItemViewerEmptyPrompts-loading"}):void 0,columns:d,pagination:s,onTableChange:p})))},V=i.a.memo($);V.displayName="ExceptionsAddToListsTable";var G=a(102);const U=({rulesCount:e,selectedRadioOption:t,sharedLists:a,onListsSelectionChange:r,onRadioChange:o})=>{const{navigateToApp:s}=Object(G.j)().services.application,[c,u]=Object(n.useState)(!1);return i.a.createElement(i.a.Fragment,null,i.a.createElement(l.EuiRadio,{id:"add_to_lists",label:i.a.createElement(l.EuiFlexGroup,{alignItems:"flexStart",gutterSize:"none",responsive:!1,"data-test-subj":"addToListsRadioOptionLabel"},i.a.createElement(l.EuiFlexItem,{grow:!1},i.a.createElement(l.EuiText,null,D)),i.a.createElement(l.EuiFlexItem,{grow:!1,"data-test-subj":"addToListsOption"},i.a.createElement(l.EuiPopover,{button:i.a.createElement(l.EuiButtonIcon,{iconType:"iInCircle",onClick:()=>u(!c)}),isOpen:c,closePopover:()=>u(!1),anchorPosition:"upCenter"},i.a.createElement("div",{style:{width:"300px"}},i.a.createElement(l.EuiText,{size:"s"},0===a.length?N(e):_)),i.a.createElement(l.EuiPopoverFooter,null,i.a.createElement(l.EuiButtonEmpty,{size:"s",iconType:"popout",iconSide:"right",onClick:()=>s("security",{openInNewTab:!0,path:"/exceptions"})},A))))),checked:"add_to_lists"===t,disabled:0===a.length&&e>0,onChange:()=>o("add_to_lists"),"data-test-subj":"addToListsRadioOption"}),"add_to_lists"===t&&(a.length>0||0===e)&&i.a.createElement(V,{showAllSharedLists:0===e,sharedExceptionLists:a,onListSelectionChange:r,"data-test-subj":"exceptionsAddToListTable"}))},H=i.a.memo(U);H.displayName="ExceptionsAddToListsOptions";const W=o()(l.EuiTitle).withConfig({displayName:"SectionHeader",componentId:"sc-oec11w-0"})(["",""],(()=>Object(r.css)(["font-weight:",";"],(({theme:e})=>e.eui.euiFontWeightSemiBold)))),Q=({rules:e,isBulkAction:t,selectedRadioOption:a,onListSelectionChange:r,onRuleSelectionChange:o,onRadioChange:s})=>{const c=Object(n.useMemo)((()=>null!=e&&1===e.length),[e]),d=Object(n.useMemo)((()=>{var t,a,n;if(null==e)return[];if(1===e.length)return null!==(t=null===(a=e[0].exceptions_list)||void 0===a?void 0:a.filter((e=>e.type===u.b.DETECTION)))&&void 0!==t?t:[];const i=null!==(n=null==e?void 0:e.map((e=>null!=e.exceptions_list?e.exceptions_list:[])))&&void 0!==n?n:[];i.sort(((e,t)=>e.length-t.length));const r=i.shift();return null!=r&&r.length?r.filter((e=>i.every((t=>t.some((({id:t})=>e.id===t)))))).filter((e=>e.type===u.b.DETECTION)):[]}),[e]),p=Object(n.useMemo)((()=>null!=e?e.length:0),[e]);return i.a.createElement(l.EuiPanel,{paddingSize:"none",hasShadow:!1,"data-test-subj":"exceptionItemAddToRuleOrListSection"},i.a.createElement(W,{size:"xs"},i.a.createElement("h3",null,I)),i.a.createElement(l.EuiSpacer,{size:"s"}),i.a.createElement(F,{possibleRules:e,isSingleRule:c,isBulkAction:t,selectedRadioOption:a,onRuleSelectionChange:o,onRadioChange:s}),i.a.createElement(H,{rulesCount:p,selectedRadioOption:a,sharedLists:d,onListsSelectionChange:r,onRadioChange:s}))},Y=i.a.memo(Q);Y.displayName="ExceptionsAddToRulesOrLists";var K=a(108),Z=a(808),J=a(143);var X=a(883);const ee=["query","machine_learning","saved_query","threat_match"];var te=a(353),ae=a(892);const ne=o()(l.EuiTitle).withConfig({displayName:"SectionHeader",componentId:"sc-v0j9bz-0"})(["",""],(()=>Object(r.css)(["font-weight:",";"],(({theme:e})=>e.eui.euiFontWeightSemiBold)))),ie=o()(l.EuiFlyoutBody).withConfig({displayName:"FlyoutBodySection",componentId:"sc-v0j9bz-1"})(["",""],(()=>Object(r.css)(["&.builder-section{overflow-y:scroll;}"]))),re=o()(l.EuiFlyoutHeader).withConfig({displayName:"FlyoutHeader",componentId:"sc-v0j9bz-2"})(["",""],(({theme:e})=>Object(r.css)(["border-bottom:1px solid ",";"],e.eui.euiColorLightShade))),oe=o()(l.EuiFlexGroup).withConfig({displayName:"FlyoutFooterGroup",componentId:"sc-v0j9bz-3"})(["",""],(({theme:e})=>Object(r.css)(["padding:",";"],e.eui.euiSizeS))),se=Object(n.memo)((function({rules:e,isBulkAction:t,isEndpointItem:a,alertData:r,showAlertCloseOptions:o,isAlertDataLoading:I,alertStatus:T,sharedListToAddTo:C,onCancel:M,onConfirm:F}){const{isLoading:D,indexPatterns:A,getExtendedFields:_}=Object(j.a)(e),[N,R]=(()=>{const{addSuccess:e,addError:t,addWarning:a}=Object(K.a)(),[i,r]=(()=>{const[e,t]=Object(n.useState)(!1),a=Object(n.useRef)(null);return Object(n.useEffect)((()=>{const e=new AbortController;return a.current=async(a,n)=>{t(!0);const i=await Promise.all(n.map((async t=>Object(J.a)({items:a,ruleId:t.id,signal:e.signal}))));return t(!1),i.flatMap((e=>e))},()=>{t(!1),e.abort()}}),[]),[e,a.current]})(),[o,s]=Object(Z.a)(),[l,c]=Object(n.useState)(!1),p=Object(n.useRef)(null),m=Object(n.useCallback)((e=>e.every((e=>u.i.is(e)))),[]),g=Object(n.useCallback)((e=>e.every((e=>u.n.is(e)||u.h.is(e)))),[]);return Object(n.useEffect)((()=>{const a=new AbortController;return p.current=async({itemsToAdd:a,listType:n,selectedRulesToAddTo:i,addToRules:o,addToSharedLists:l,sharedLists:p})=>{try{let t=[];if(c(!0),o&&null!=r&&n!==u.b.ENDPOINT&&m(a)){t=await r(a,i);const n=i.map((({name:e})=>e)).join(", ");e({title:E,text:(b=n,d.i18n.translate("xpack.securitySolution.ruleExceptions.addExceptionFlyout.addRuleExceptionToastSuccessText",{values:{ruleName:b},defaultMessage:"Exception has been added to rules - {ruleName}."}))})}else if((n===u.b.ENDPOINT||l)&&null!=s&&g(a)){t=await s(a);const n=p.map((({name:e})=>e));e({title:h,text:(f=n.join(","),d.i18n.translate("xpack.securitySolution.ruleExceptions.addExceptionFlyout.closeAlerts.successDetails",{values:{listNames:f},defaultMessage:"Rule exception has been added to shared lists: {listNames}."}))})}return c(!1),t}catch(e){throw c(!1),t(e,{title:y}),e}var f,b},()=>{a.abort()}}),[e,t,a,r,s,m,g]),[l||o||i,p.current]})(),[q,P]=Object(X.a)(),L=Object(te.b)(),B=Object(n.useMemo)((()=>null==e||1!==e.length||ee.includes(e[0].type)),[e]),$=Object(n.useMemo)((()=>t?"add_to_rules":1===(null==e?void 0:e.length)||void 0!==I?"add_to_rule":"select_rules_to_add_to"),[I,t,e]),V=Object(n.useMemo)((()=>a?u.b.ENDPOINT:C?u.b.DETECTION:u.b.RULE_DEFAULT),[a,C]),[{exceptionItemMeta:{name:G},listType:U,selectedOs:H,initialItems:W,exceptionItems:Q,disableBulkClose:se,bulkCloseAlerts:le,closeSingleAlert:ce,bulkCloseIndex:ue,addExceptionToRadioSelection:de,selectedRulesToAddTo:pe,exceptionListsToAddTo:me,newComment:ge,itemConditionValidationErrorExists:ye,errorSubmitting:fe,expireTime:be,expireErrorExists:he},Ee]=Object(n.useReducer)(((e,t)=>{switch(t.type){case"setExceptionItemMeta":{const{value:a}=t;return{...e,exceptionItemMeta:{...e.exceptionItemMeta,[a[0]]:a[1]}}}case"setInitialExceptionItems":{const{items:a}=t;return{...e,initialItems:a}}case"setExceptionItems":{const{items:a}=t;return{...e,exceptionItems:a}}case"setConditionValidationErrorExists":{const{errorExists:a}=t;return{...e,itemConditionValidationErrorExists:a}}case"setComment":{const{comment:a}=t;return{...e,newComment:a}}case"setCloseSingleAlert":{const{close:a}=t;return{...e,closeSingleAlert:a}}case"setBulkCloseAlerts":{const{bulkClose:a}=t;return{...e,bulkCloseAlerts:a}}case"setBulkCloseIndex":{const{bulkCloseIndex:a}=t;return{...e,bulkCloseIndex:a}}case"setSelectedOsOptions":{const{selectedOs:a}=t;return{...e,selectedOs:a}}case"setAddExceptionToLists":{const{listsToAddTo:a}=t;return{...e,exceptionListsToAddTo:a}}case"setListOrRuleRadioOption":{const{option:a}=t;return{...e,addExceptionToRadioSelection:a,listType:"add_to_lists"===a?u.b.DETECTION:u.b.RULE_DEFAULT,selectedRulesToAddTo:"add_to_lists"===a?[]:e.selectedRulesToAddTo}}case"setSelectedRulesToAddTo":{const{rules:a}=t;return{...e,selectedRulesToAddTo:a}}case"setListType":{const{listType:a}=t;return{...e,listType:a}}case"setDisableBulkCloseAlerts":{const{disableBulkCloseAlerts:a}=t;return{...e,disableBulkClose:a}}case"setErrorSubmitting":{const{err:a}=t;return{...e,errorSubmitting:a}}case"setExpireTime":{const{expireTime:a}=t;return{...e,expireTime:a}}case"setExpireError":{const{errorExists:a}=t;return{...e,expireErrorExists:a}}default:return e}}),{...k,addExceptionToRadioSelection:$,listType:V,selectedRulesToAddTo:null!=e?e:[]}),ve=Object(n.useMemo)((()=>null!=r),[r]),xe=Object(n.useCallback)((e=>{Ee({type:"setInitialExceptionItems",items:e})}),[Ee]),ke=Object(n.useCallback)((e=>{Ee({type:"setExceptionItems",items:e})}),[Ee]),Se=Object(n.useCallback)((e=>{Ee({type:"setListOrRuleRadioOption",option:e})}),[Ee]),we=Object(n.useCallback)((e=>{Ee({type:"setSelectedRulesToAddTo",rules:e})}),[Ee]),je=Object(n.useCallback)((e=>{Ee({type:"setAddExceptionToLists",listsToAddTo:e})}),[Ee]),Oe=Object(n.useCallback)((e=>{Ee({type:"setExceptionItemMeta",value:e})}),[Ee]),Ie=Object(n.useCallback)((e=>{Ee({type:"setConditionValidationErrorExists",errorExists:e})}),[Ee]),Te=Object(n.useCallback)((e=>{Ee({type:"setSelectedOsOptions",selectedOs:e})}),[Ee]),Ce=Object(n.useCallback)((e=>{Ee({type:"setComment",comment:e})}),[Ee]),Me=Object(n.useCallback)((e=>{Ee({type:"setBulkCloseIndex",bulkCloseIndex:e})}),[Ee]),Fe=Object(n.useCallback)((e=>{Ee({type:"setCloseSingleAlert",close:e})}),[Ee]),De=Object(n.useCallback)((e=>{Ee({type:"setBulkCloseAlerts",bulkClose:e})}),[Ee]),Ae=Object(n.useCallback)((e=>{Ee({type:"setDisableBulkCloseAlerts",disableBulkCloseAlerts:e})}),[Ee]),_e=Object(n.useCallback)((e=>{Ee({type:"setErrorSubmitting",err:e})}),[Ee]),Ne=Object(n.useCallback)((e=>{Ee({type:"setExpireTime",expireTime:e})}),[Ee]),Re=Object(n.useCallback)((e=>{Ee({type:"setExpireError",errorExists:e})}),[Ee]);Object(n.useEffect)((()=>{if(r)switch(U){case u.b.ENDPOINT:return xe(Object(x.b)(c.k,G,r));case u.b.RULE_DEFAULT:{var t,a;const i=Object(x.k)({alertData:r,exceptionItemName:G,ruleCustomHighlightedFields:null!==(t=null==e||null===(a=e[0])||void 0===a?void 0:a.investigation_fields)&&void 0!==t?t:[]});if(i)return Ce((n=r._id,d.i18n.translate("xpack.securitySolution.ruleExceptions.addExceptionFlyout.addRuleExceptionFromAlertComment",{values:{alertId:n},defaultMessage:"Exception conditions are pre-filled with relevant data from an alert with the alert id (_id): {alertId}."}))),xe([i])}}var n}),[U,G,r,e,xe,Ce]);const qe=Object(n.useMemo)((()=>ve?Object(x.n)(r):H?[...H]:[]),[ve,r,H]),Pe=Object(n.useCallback)((async()=>{if(null!=R)try{const t=["add_to_rule","add_to_rules","select_rules_to_add_to"].includes(de),a=!(null==C||!C.length)||"add_to_lists"===de&&!Object(s.isEmpty)(me),n=null!=C&&C.length?C:me,i=Object(z.b)({itemName:G,commentToAdd:ge,addToRules:t,addToSharedLists:a,sharedLists:n,listType:U,selectedOs:qe,expireTime:be,items:Q}),o=await R({itemsToAdd:i,selectedRulesToAddTo:pe,listType:U,addToRules:t&&!Object(s.isEmpty)(pe),addToSharedLists:a,sharedLists:n}),l=ce&&r?r._id:void 0,c=t?pe.map((({rule_id:e})=>e)):(null!=e?e:[]).map((({rule_id:e})=>e));null==P||Object(s.isEmpty)(c)||!le&&!ce||await P(c,o,l,ue),L(),F(!0,ce,le)}catch(e){_e(e)}}),[C,R,de,G,ge,me,U,qe,Q,pe,ce,r,e,P,le,F,ue,_e,L,be]),Le=Object(n.useMemo)((()=>N||q||null!=fe||""===G.trim()||Q.every((e=>0===e.entries.length))||ye||he||"add_to_lists"===de&&Object(s.isEmpty)(me)||"select_rules_to_add_to"===de&&Object(s.isEmpty)(pe)&&U===u.b.RULE_DEFAULT),[N,q,fe,G,Q,ye,de,me,he,pe,U]),Be=Object(n.useCallback)((()=>{_e(null)}),[_e]),ze=Object(n.useCallback)((()=>{M(!1)}),[M]),$e=Object(n.useMemo)((()=>U===u.b.ENDPOINT?g:m),[U]);return i.a.createElement(l.EuiFlyout,{size:"l",onClose:ze,"data-test-subj":"addExceptionFlyout"},i.a.createElement(re,null,i.a.createElement(l.EuiTitle,null,i.a.createElement("h2",{"data-test-subj":"exceptionFlyoutTitle"},$e)),i.a.createElement(l.EuiSpacer,{size:"m"})),i.a.createElement(ie,{className:"builder-section"},i.a.createElement(l.EuiSkeletonText,{"data-test-subj":"loadingAddExceptionFlyout",lines:4,isLoading:D},null!=fe&&i.a.createElement(i.a.Fragment,null,i.a.createElement(l.EuiCallOut,{title:y,color:"danger",iconType:"warning"},i.a.createElement(l.EuiText,null,b),i.a.createElement(l.EuiSpacer,{size:"s"}),i.a.createElement(l.EuiButton,{color:"danger",onClick:Be},f)),i.a.createElement(l.EuiSpacer,{size:"s"})),i.a.createElement(S.a,{exceptionItemName:G,onChange:Oe}),i.a.createElement(l.EuiHorizontalRule,null),i.a.createElement(w.a,{exceptionItemName:G,allowLargeValueLists:B,exceptionListItems:W,exceptionListType:U,indexPatterns:A,rules:e,selectedOs:H,showOsTypeOptions:U===u.b.ENDPOINT&&!ve,isEdit:!1,onOsChange:Te,onExceptionItemAdd:ke,onSetErrorExists:Ie,getExtendedFields:_}),U!==u.b.ENDPOINT&&!(null!=C&&C.length)&&i.a.createElement(i.a.Fragment,null,i.a.createElement(l.EuiHorizontalRule,null),i.a.createElement(Y,{rules:e,isBulkAction:t,selectedRadioOption:de,onListSelectionChange:je,onRuleSelectionChange:we,onRadioChange:Se})),i.a.createElement(l.EuiHorizontalRule,null),i.a.createElement(v.a,{accordionTitle:i.a.createElement(ne,{size:"xs"},i.a.createElement("h3",null,(Ve=ge?1:0,d.i18n.translate("xpack.securitySolution.ruleExceptions.addExceptionFlyout.commentsTitle",{values:{comments:Ve},defaultMessage:"Add comments ({comments})"})))),initialIsOpen:!!ge,newCommentValue:ge,newCommentOnChange:Ce}),U!==u.b.ENDPOINT&&i.a.createElement(i.a.Fragment,null,i.a.createElement(l.EuiHorizontalRule,null),i.a.createElement(ae.a,{expireTime:be,setExpireTime:Ne,setExpireError:Re})),o&&i.a.createElement(i.a.Fragment,null,i.a.createElement(l.EuiHorizontalRule,null),i.a.createElement(O.a,{exceptionListType:U,shouldCloseSingleAlert:ce,shouldBulkCloseAlert:le,disableBulkClose:se,exceptionListItems:Q,alertData:r,alertStatus:T,isAlertDataLoading:null!=I&&I,onDisableBulkClose:Ae,onUpdateBulkCloseIndex:Me,onBulkCloseCheckboxChange:De,onSingleAlertCloseCheckboxChange:Fe})))),i.a.createElement(l.EuiFlyoutFooter,null,i.a.createElement(oe,{justifyContent:"spaceBetween"},i.a.createElement(l.EuiButtonEmpty,{"data-test-subj":"cancelExceptionAddButton",onClick:ze},p),i.a.createElement(l.EuiButton,{"data-test-subj":"addExceptionConfirmButton",onClick:Pe,isDisabled:Le,fill:!0},$e))));var Ve}))},,function(e,t,a){"use strict";a.d(t,"a",(function(){return H}));var n=a(42),i=a(40),r=a(2),o=a.n(r),s=a(41),l=a.n(s),c=a(121),u=a(142);const d="destination.ip",p="destination.port",m="event.category",g="file.name",y="host.name",f="kibana.alert.rule.name",b="kibana.alert.severity",h="process.parent.name",E="process.name",v="source.ip",x="source.port",k="user.name",S=[d,p,g,E,h,v,x],w=l()(i.EuiFlexGroup).withConfig({displayName:"AlertFieldFlexGroup",componentId:"sc-1itxfus-0"})(["flex-grow:0;gap:","px;"],(({$scopeId:e})=>e===u.f.active?0:3)),j=({contextId:e,eventId:t,field:a,fieldType:n="keyword",isAggregatable:r=!0,isDraggable:s,showSeparator:l,scopeId:u,value:d})=>o.a.createElement(w,{alignItems:"center","data-test-subj":"alertFieldBadge",$scopeId:u,gutterSize:"none"},o.a.createElement(i.EuiFlexItem,{grow:!1},o.a.createElement(c.c,{contextId:`${e}-alert-field`,eventId:t,field:a,fieldType:n,isAggregatable:r,isDraggable:s,scopeId:u,value:d})),l&&o.a.createElement(i.EuiFlexItem,{grow:!1},o.a.createElement("span",{"data-test-subj":"separator"},", ")));j.displayName="AlertFieldBadgeComponent";const O=o.a.memo(j),I=({contextId:e,"data-test-subj":t="alertField",eventId:a,field:n,fieldType:r="keyword",isAggregatable:s=!0,isDraggable:l,prefix:c,suffix:u,scopeId:d,values:p})=>null!=p?o.a.createElement(w,{alignItems:"center","data-test-subj":t,$scopeId:d,gutterSize:"none"},null!=c&&o.a.createElement(i.EuiFlexItem,{"data-test-subj":"prefix",grow:!1},c),p.map(((t,c)=>o.a.createElement(i.EuiFlexItem,{key:`${t}-${c}`,grow:!1},o.a.createElement(O,{contextId:`${e}-alert-field`,eventId:a,field:n,fieldType:r,isAggregatable:s,isDraggable:l,showSeparator:c<p.length-1,scopeId:d,value:t})))),null!=u&&o.a.createElement(i.EuiFlexItem,{"data-test-subj":"suffix",grow:!1},u)):null;I.displayName="AlertFieldComponent";const T=o.a.memo(I);var C=a(106),M=a(127),F=a(275),D=a(5);const A=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.alertLabel",{defaultMessage:"alert"}),_=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.byLabel",{defaultMessage:"by"}),N=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.createdLabel",{defaultMessage:"created"}),R=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.destinationLabel",{defaultMessage:"destination"}),q=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.eventLabel",{defaultMessage:"event"}),P=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.fileLabel",{defaultMessage:"file"}),L=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.onLabel",{defaultMessage:"on"}),B=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.parentProcessLabel",{defaultMessage:"parent process"}),z=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.processLabel",{defaultMessage:"process"}),$=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.sourceLabel",{defaultMessage:"source"}),V=D.i18n.translate("xpack.securitySolution.renderers.alertRenderer.withLabel",{defaultMessage:"with"}),G=l()(i.EuiFlexGroup).withConfig({displayName:"AlertRendererFlexGroup",componentId:"sc-fjuibw-0"})(["gap:",";"],(({theme:e})=>e.eui.euiSizeXS)),U={id:C.d.alert,isInstance:e=>{return null!==(a=null==(t=Object(n.get)("event.kind",e))?void 0:t.some((e=>null!=e.toLocaleLowerCase&&"signal"===e.toLowerCase())))&&void 0!==a&&a;var t,a},renderRow:({contextId:e="alert-renderer",data:t,isDraggable:a,scopeId:r})=>{const s=Object(n.get)("_id",t),l=Object(n.get)(d,t),c=Object(n.get)(p,t),u=Object(n.get)(m,t),w=Object(n.get)(g,t),j=Object(n.get)(y,t),O=Object(n.get)(f,t),I=Object(n.get)(b,t),C=Object(n.get)(E,t),D=Object(n.get)(h,t),U=Object(n.get)(v,t),H=Object(n.get)(x,t),W=Object(n.get)(k,t);return o.a.createElement(F.a,null,o.a.createElement(M.b,{"data-test-subj":"alertRenderer"},o.a.createElement(G,{alignItems:"center",gutterSize:"none",justifyContent:"center",wrap:!0},o.a.createElement(T,{contextId:e,"data-test-subj":m,eventId:s,field:m,isDraggable:a,scopeId:r,values:u}),o.a.createElement(i.EuiFlexItem,{grow:!1},o.a.createElement("span",{"data-test-subj":"event"},` ${q} `)),(({data:e,fieldNames:t})=>t.some((t=>Object(n.has)(t,e))))({data:t,fieldNames:S})&&o.a.createElement(i.EuiFlexItem,{grow:!1},o.a.createElement("span",{"data-test-subj":"with"},` ${V} `)),o.a.createElement(T,{contextId:e,"data-test-subj":E,eventId:s,field:E,isDraggable:a,prefix:` ${z} `,suffix:", ",scopeId:r,values:C}),o.a.createElement(T,{contextId:e,"data-test-subj":h,eventId:s,field:h,isDraggable:a,prefix:` ${B} `,suffix:", ",scopeId:r,values:D}),o.a.createElement(T,{contextId:e,"data-test-subj":g,eventId:s,field:g,isDraggable:a,prefix:` ${P} `,suffix:", ",scopeId:r,values:w}),o.a.createElement(T,{contextId:e,"data-test-subj":v,eventId:s,field:v,isDraggable:a,prefix:` ${$} `,scopeId:r,values:U}),o.a.createElement(T,{contextId:e,"data-test-subj":x,eventId:s,field:x,isDraggable:a,prefix:":",suffix:", ",scopeId:r,values:H}),o.a.createElement(T,{contextId:e,"data-test-subj":d,eventId:s,field:d,isDraggable:a,prefix:` ${R} `,scopeId:r,values:l}),o.a.createElement(T,{contextId:e,"data-test-subj":p,eventId:s,field:p,isDraggable:a,prefix:":",suffix:", ",scopeId:r,values:c}),o.a.createElement(T,{contextId:e,"data-test-subj":k,eventId:s,field:k,isDraggable:a,prefix:` ${_} `,scopeId:r,values:W}),o.a.createElement(T,{contextId:e,"data-test-subj":y,eventId:s,field:y,isDraggable:a,prefix:` ${L} `,scopeId:r,values:j}),o.a.createElement(T,{contextId:e,"data-test-subj":b,eventId:s,field:b,isDraggable:a,prefix:` ${N} `,suffix:` ${A} `,scopeId:r,values:I}),o.a.createElement(T,{contextId:e,"data-test-subj":f,eventId:s,field:f,isDraggable:a,suffix:".",scopeId:r,values:O}))))}},H=({data:e,rowRenderers:t})=>{var a;const n=null!==(a=t.find((t=>t.isInstance(e))))&&void 0!==a?a:null;return U.isInstance(e)?null!=n?(({a:e,b:t,id:a})=>({id:a,isInstance:a=>e.isInstance(a)||t.isInstance(a),renderRow:({contextId:a,data:n,isDraggable:i,scopeId:r})=>o.a.createElement(o.a.Fragment,null,e.isInstance(n)&&e.renderRow({contextId:a,data:n,isDraggable:i,scopeId:r}),t.isInstance(n)&&t.renderRow({contextId:a,data:n,isDraggable:i,scopeId:r}))}))({a:U,b:n,id:n.id}):U:n}},,function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"c",(function(){return o})),a.d(t,"a",(function(){return H}));var n=a(48);const i=parseInt(n.euiThemeVars.euiSizeXL,10)-parseInt(n.euiThemeVars.euiSizeXS,10),r=e=>"signal"===e,o=e=>(e>0?e*i:i)+2*parseInt(n.euiThemeVars.euiDataGridCellPaddingM,10);var s=a(2),l=a.n(s),c=a(103),u=a(40),d=a(41),p=a.n(d),m=a(119),g=a(346),y=a(115),f=a(683),b=a(111),h=a(142),E=a(412),v=a(106),x=a(126),k=a(564),S=a(803);const w=({ariaLabel:e,showNotes:t,timelineType:a,toggleShowNotes:n})=>{const{kibanaSecuritySolutionsPrivileges:i}=Object(x.a)();return l.a.createElement(S.a,null,l.a.createElement(E.d,{ariaLabel:e,"data-test-subj":"add-note",isDisabled:!1===i.crud,showNotes:t,timelineType:a,toggleShowNotes:n,toolTip:a===v.l.template?k.g:k.h}))};w.displayName="AddEventNoteActionComponent";const j=l.a.memo(w);var O=a(170),I=a(804);const T=({ariaLabel:e,isAlert:t,noteIds:a,onPinClicked:n,eventIsPinned:r,timelineType:o})=>{const{kibanaSecuritySolutionsPrivileges:c}=Object(x.a)(),d=Object(s.useMemo)((()=>Object(g.g)({isPinned:r,isAlert:t,eventHasNotes:Object(g.b)(a),timelineType:o})),[r,t,a,o]);return l.a.createElement("div",{key:"timeline-action-pin-tool-tip"},l.a.createElement(O.l,{textAlign:"center",width:i},l.a.createElement(u.EuiToolTip,{"data-test-subj":"timeline-action-pin-tool-tip",content:d},l.a.createElement(I.a,{ariaLabel:e,allowUnpinning:!Object(g.b)(a),"data-test-subj":"pin-event",isDisabled:!1===c.crud,isAlert:t,onClick:n,pinned:r,timelineType:o}))))};T.displayName="PinEventActionComponent";const C=l.a.memo(T);var M=a(105),F=a(133),D=a(159),A=a(17),_=a(178),N=a(196),R=a(12),q=a(124),P=a(875),L=a(928),B=a(363),z=a(199),$=a(272),V=a(291);const G=p.a.div.withConfig({displayName:"ActionsContainer",componentId:"sc-3eeodk-0"})(["align-items:center;display:flex;"]),U=({ariaRowindex:e,checked:t,columnValues:a,ecsData:n,eventId:o,eventIdToNoteIds:d,isEventPinned:p=!1,isEventViewer:E=!1,loadingEventIds:v,onEventDetailsPanelOpened:x,onRowSelected:S,onRuleChange:w,showCheckboxes:I,showNotes:T,timelineId:U,toggleShowNotes:H,refetch:W,setEventsLoading:Q})=>{const Y=Object(c.useDispatch)(),K=Object(q.a)("tGridEnabled"),Z=Object(s.useMemo)((()=>b.b.getTimelineByIdSelector()),[]),J=Object(M.b)((e=>(Object(y.isTimelineScope)(U)?Z(e,U):F.b).timelineType)),{startTransaction:X}=Object(D.b)(),ee=Object(A.b)().isEnterprise(),te=Object(s.useCallback)((e=>Y(b.a.pinEvent({id:U,eventId:e}))),[Y,U]),ae=Object(s.useCallback)((e=>Y(b.a.unPinEvent({id:U,eventId:e}))),[Y,U]),ne=Object(s.useCallback)((e=>S({eventIds:[o],isSelected:e.currentTarget.checked})),[o,S]),ie=Object(s.useCallback)((()=>Object(g.f)({allowUnpinning:!d||!Object(g.b)(d[o]),eventId:o,onPinEvent:te,onUnPinEvent:ae,isEventPinned:p})),[d,o,p,te,ae]),re=Object(g.e)(n),oe=Object(s.useMemo)((()=>{var e,t,a,i;return"signal"!==re&&!(null!==(e=n.event)&&void 0!==e&&null!==(t=e.kind)&&void 0!==t&&t.includes("event")&&null!==(a=n.agent)&&void 0!==a&&null!==(i=a.type)&&void 0!==i&&i.includes("endpoint"))}),[n,re]),se=Object(s.useMemo)((()=>!Object(f.a)(n)),[n]),{setGlobalFullScreen:le}=Object(_.a)(),{setTimelineFullScreen:ce}=Object(_.c)(),ue=Object(y.getScopedActions)(U),de=Object(s.useCallback)((()=>{X({name:N.a.OPEN_ANALYZER});const e=document.querySelector(".euiDataGrid--fullScreen");ue&&Y(ue.updateGraphEventId({id:U,graphEventId:n._id})),U===h.f.active?(e&&ce(!0),Y(Object(R.setActiveTabTimeline)({id:U,activeTab:m.f.graph}))):e&&le(!0)}),[X,ue,U,Y,n._id,ce,le]),pe=Object(s.useMemo)((()=>{var e,t,a,i,r,o,s,l,c,u;const{process:d,_id:p,_index:m,timestamp:g,kibana:y}=n,f=null==d||null===(e=d.entry_leader)||void 0===e||null===(t=e.entity_id)||void 0===t?void 0:t[0],b=null==d||null===(a=d.entry_leader)||void 0===a||null===(i=a.start)||void 0===i?void 0:i[0],h=(null==y||null===(r=y.alert)||void 0===r||null===(o=r.ancestors)||void 0===o||null===(s=o.index)||void 0===s?void 0:s[0])||m;if(void 0===h||void 0===f||void 0===b)return null;const E=null==d||null===(l=d.entity_id)||void 0===l?void 0:l[0],v="signal"===re||"eql"===re?p:void 0;return{index:h,sessionEntityId:f,sessionStartTime:b,jumpToEntityId:E,jumpToCursor:v&&(null===(c=n.kibana)||void 0===c||null===(u=c.alert.original_time)||void 0===u?void 0:u[0])||g,investigatedAlertId:v}}),[n,re]),me=Object(s.useCallback)((()=>{const e=document.querySelector(".euiDataGrid--fullScreen");X({name:N.a.OPEN_SESSION_VIEW}),U===h.f.active?(e&&ce(!0),null!==pe&&Y(Object(R.setActiveTabTimeline)({id:U,activeTab:m.f.session}))):e&&le(!0),null!==pe&&ue&&Y(ue.updateSessionViewConfig({id:U,sessionViewConfig:pe}))}),[X,U,pe,ce,Y,le,ue]),{activeStep:ge,isTourShown:ye,incrementStep:fe}=Object(B.b)(),be=Object(s.useMemo)((()=>ye(z.b.alertsCases)&&"signal"===re&&Object($.c)(U)&&1===e),[ye,e,re,U]),he=Object(s.useCallback)((()=>{be&&ge===z.a.expandEvent&&ye(z.b.alertsCases)&&fe(z.b.alertsCases),x()}),[ge,fe,be,ye,x]);return l.a.createElement(G,null,I&&!K&&l.a.createElement("div",{key:"select-event-container","data-test-subj":"select-event-container"},l.a.createElement(O.l,{textAlign:"center",width:i},v.includes(o)?l.a.createElement(u.EuiLoadingSpinner,{size:"m","data-test-subj":"event-loader"}):l.a.createElement(u.EuiCheckbox,{"aria-label":k.d({ariaRowindex:e,columnValues:a,checked:t}),"data-test-subj":"select-event",id:o,checked:t,onChange:ne}))),l.a.createElement(V.a,{isTourAnchor:be,onClick:he,step:z.a.expandEvent,tourId:z.b.alertsCases},l.a.createElement("div",{key:"expand-event"},l.a.createElement(O.l,{textAlign:"center",width:i},l.a.createElement(u.EuiToolTip,{"data-test-subj":"expand-event-tool-tip",content:k.m},l.a.createElement(u.EuiButtonIcon,{"aria-label":k.n({ariaRowindex:e,columnValues:a}),"data-test-subj":"expand-event",iconType:"expand",onClick:he,size:"s"}))))),l.a.createElement(l.a.Fragment,null,U!==h.f.active&&l.a.createElement(L.a,{ariaLabel:k.k({ariaRowindex:e,columnValues:a}),key:"investigate-in-timeline",ecsRowData:n}),!E&&H&&l.a.createElement(l.a.Fragment,null,l.a.createElement(j,{ariaLabel:k.c({ariaRowindex:e,columnValues:a}),key:"add-event-note",showNotes:null!=T&&T,toggleShowNotes:H,timelineType:J}),l.a.createElement(C,{ariaLabel:k.j({ariaRowindex:e,columnValues:a,isEventPinned:p}),isAlert:r(re),key:"pin-event",onPinClicked:ie,noteIds:d&&d[o]||[],eventIsPinned:p,timelineType:J})),l.a.createElement(P.b,{ariaLabel:k.f({ariaRowindex:e,columnValues:a}),ariaRowindex:e,columnValues:a,key:"alert-context-menu",ecsRowData:n,scopeId:U,disabled:oe,onRuleChange:w,refetch:W}),!1===se?l.a.createElement("div",null,l.a.createElement(O.l,{textAlign:"center",width:i},l.a.createElement(u.EuiToolTip,{"data-test-subj":"view-in-analyzer-tool-tip",content:k.a},l.a.createElement(u.EuiButtonIcon,{"aria-label":k.b({ariaRowindex:e,columnValues:a}),"data-test-subj":"view-in-analyzer",iconType:"analyzeEvent",onClick:de,size:"s"})))):null,null===pe||!ee&&U!==m.e.kubernetesPageSessions?null:l.a.createElement("div",null,l.a.createElement(O.l,{textAlign:"center",width:i},l.a.createElement(u.EuiToolTip,{"data-test-subj":"expand-event-tool-tip",content:k.i},l.a.createElement(u.EuiButtonIcon,{"aria-label":k.n({ariaRowindex:e,columnValues:a}),"data-test-subj":"session-view-button",iconType:"sessionViewer",onClick:me,size:"s"}))))))};U.displayName="ActionsComponent";const H=l.a.memo(U);a(652)},function(e,t,a){"use strict";a.d(t,"a",(function(){return T}));var n=a(388),i=a(42),r=a(2),o=a.n(r),s=a(103),l=a(3),c=a(130),u=a.n(c),d=a(138),p=a(378),m=a(139),g=a(187);const y=e=>e.query,f=e=>e.savedQuery;var b=a(111),h=a(102),E=a(475),v=a(400),x=a(280),k=a(122),S=a(160),w=a(221),j=a(124);const O=Object(r.memo)((({end:e,filterQuery:t,fromStr:a,hideFilterBar:c=!1,hideQueryInput:m=!1,id:g,indexPattern:y,isLoading:f=!1,pollForSignalIndex:b,queries:O,savedQuery:I,setSavedQuery:T,setSearchBarFilter:C,start:M,toStr:F,updateSearch:D,dataTestSubj:A})=>{const{data:{query:{timefilter:{timefilter:_},filterManager:N}},unifiedSearch:{ui:{SearchBar:R}}}=Object(h.j)().services,q=Object(s.useDispatch)(),P=Object(r.useCallback)((()=>{q(E.b.setUsersTablesActivePageToZero()),q(v.a.setHostTablesActivePageToZero()),q(x.b.setNetworkTablesActivePageToZero())}),[q]);(()=>{const e=Object(S.d)(w.a.savedQuery),t=Object(S.d)(w.a.appQuery),a=Object(S.d)(w.a.filters),n=Object(r.useMemo)((()=>k.d.globalQuerySelector()),[]),o=Object(r.useMemo)((()=>k.d.globalFiltersQuerySelector()),[]),l=Object(r.useMemo)((()=>k.d.globalSavedQuerySelector()),[]),c=Object(s.useSelector)(n),u=Object(s.useSelector)(o),d=Object(s.useSelector)(l);Object(r.useEffect)((()=>{var n;null!=d&&""!==d.id?(e(null!==(n=null==d?void 0:d.id)&&void 0!==n?n:null),t(null),a(null)):(e(null),t(Object(i.isEmpty)(c.query)?null:c),a(Object(i.isEmpty)(u)?null:u))}),[d,c,u,e,t,a])})(),(()=>{const e=Object(S.d)(w.a.timerange),t=Object(r.useMemo)((()=>d.d.inputsSelector()),[]),a=Object(s.useSelector)(t),n=Object(j.a)("socTrendsEnabled"),{linkTo:i,timerange:o}=a.global,{linkTo:l,timerange:c}=a.timeline,u=Object(r.useMemo)((()=>{if(n&&a.socTrends){const{linkTo:e,timerange:t}=a.socTrends;return{socTrends:{[w.a.timerange]:t,linkTo:e}}}return{}}),[a.socTrends,n]);Object(r.useEffect)((()=>{e({global:{[w.a.timerange]:o,linkTo:i},timeline:{[w.a.timerange]:c,linkTo:l},...u})}),[e,i,o,l,c,u])})(),Object(r.useEffect)((()=>{null!=a&&null!=F?_.setTime({from:a,to:F}):null!=M&&null!=e&&(P(),_.setTime({from:new Date(M).toISOString(),to:new Date(e).toISOString()}))}),[e,a,M,_,F,P]);const L=Object(r.useCallback)((i=>{null!=b&&b();const r=i.dateRange.from.includes("now")||i.dateRange.to.includes("now");let o={id:g,end:null!=F?F:new Date(e).toISOString(),start:null!=a?a:new Date(M).toISOString(),isInvalid:!1,isQuickSelection:r,updateTime:!1,filterManager:N,setTablesActivePageToZero:P},s=!1;(!r||a===i.dateRange.from&&F===i.dateRange.to)&&(r||M===Object(p.c)(i.dateRange.from)&&e===Object(p.c)(i.dateRange.to))||(s=!0,o.updateTime=!0,o.end=i.dateRange.to,o.start=i.dateRange.from),null==i.query||u()(i.query,t)||(s=!0,o=Object(n.set)("query",i.query,o)),s||(r&&i.dateRange.to!==i.dateRange.from?(o.updateTime=!0,o.end=i.dateRange.to,o.start=i.dateRange.from):O.forEach((e=>e.refetch&&e.refetch()))),window.setTimeout((()=>D(o)),0)}),[g,b,F,e,a,M,N,t,O,D,P]),B=Object(r.useCallback)((e=>{e.dateRange.from.includes("now")||e.dateRange.to.includes("now")?D({id:g,end:e.dateRange.to,start:e.dateRange.from,isInvalid:!1,isQuickSelection:!0,updateTime:!0,filterManager:N,setTablesActivePageToZero:P}):O.forEach((e=>e.refetch&&e.refetch()))}),[D,g,N,O,P]),z=Object(r.useCallback)((e=>{T({id:g,savedQuery:e})}),[g,T]),$=Object(r.useCallback)((t=>{const i=!!t.attributes.timefilter&&(t.attributes.timefilter.from.includes("now")||t.attributes.timefilter.to.includes("now"));let r={id:g,filters:t.attributes.filters||[],end:null!=F?F:new Date(e).toISOString(),start:null!=a?a:new Date(M).toISOString(),isInvalid:!1,isQuickSelection:i,updateTime:!1,filterManager:N,setTablesActivePageToZero:P};t.attributes.timefilter&&(r.end=t.attributes.timefilter?t.attributes.timefilter.to:r.end,r.start=t.attributes.timefilter?t.attributes.timefilter.from:r.start,r.updateTime=!0),r=Object(n.set)("query",t.attributes.query,r),r=Object(n.set)("savedQuery",t,r),D(r)}),[g,F,e,a,M,N,D,P]),V=Object(r.useCallback)((()=>{null!=I&&D({id:g,filters:[],end:null!=F?F:new Date(e).toISOString(),start:null!=a?a:new Date(M).toISOString(),isInvalid:!1,isQuickSelection:!1,updateTime:!1,query:{query:"",language:I.attributes.query.language},resetSavedQuery:!0,savedQuery:void 0,filterManager:N,setTablesActivePageToZero:P})}),[I,D,g,F,e,a,M,N,P]);Object(r.useEffect)((()=>{let e=!0;const t=new l.Subscription;return t.add(N.getUpdates$().subscribe({next:()=>{if(e){const e=N.getFilters();C({id:g,filters:e}),P()}}})),()=>{e=!1,t.unsubscribe()}}),[]);const G=Object(r.useMemo)((()=>[y]),[y]),U=Object(r.useCallback)((({query:e,dateRange:t})=>{const a=t.from.includes("now")||t.to.includes("now");D({end:t.to,filterManager:N,id:g,isInvalid:!1,isQuickSelection:a,query:e,setTablesActivePageToZero:P,start:t.from,updateTime:!0})}),[N,g,P,D]);return o.a.createElement("div",{"data-test-subj":`${g}DatePicker`},o.a.createElement(R,{appName:"siem",isLoading:f,indexPatterns:G,query:t,onClearSavedQuery:V,onQuerySubmit:L,onRefresh:B,onSaved:z,onTimeRangeChange:U,onSavedQueryUpdated:$,savedQuery:I,showFilterBar:!c,showDatePicker:!0,showQueryInput:!m,showSaveQuery:!0,dataTestSubj:A}))}),((e,t)=>e.end===t.end&&e.filterQuery===t.filterQuery&&e.fromStr===t.fromStr&&e.id===t.id&&e.isLoading===t.isLoading&&e.savedQuery===t.savedQuery&&e.setSavedQuery===t.setSavedQuery&&e.setSearchBarFilter===t.setSearchBarFilter&&e.start===t.start&&e.toStr===t.toStr&&e.updateSearch===t.updateSearch&&e.dataTestSubj===t.dataTestSubj&&u()(e.indexPattern,t.indexPattern)&&u()(e.queries,t.queries)));O.displayName="SiemSearchBar";const I=e=>({end:t,filters:a,id:n,isQuickSelection:i,query:r,resetSavedQuery:o,savedQuery:s,start:l,timelineId:c,updateTime:u=!1,filterManager:m,setTablesActivePageToZero:g})=>{if(u){const a=Object(p.c)(l);let r=Object(p.c)(t,{roundUp:!0});i?e(t===l?d.b.setAbsoluteRangeDatePicker({id:n,fromStr:l,toStr:t,from:a,to:r}):d.b.setRelativeRangeDatePicker({id:n,fromStr:l,toStr:t,from:a,to:r})):(r=Object(p.c)(t),e(d.b.setAbsoluteRangeDatePicker({id:n,from:Object(p.c)(l),to:Object(p.c)(t)}))),null!=c&&e(b.a.updateRange({id:c,start:a,end:r}))}null!=r&&e(d.b.setFilterQuery({id:n,...r})),null!=a&&m.setFilters(a),(null!=s||o)&&e(d.b.setSavedQuery({id:n,savedQuery:s})),g()},T=Object(s.connect)((()=>{const e=Object(g.b)(),t=Object(g.c)(),a=Object(g.d)(),n=Object(g.h)(),r=Object(g.i)(),o=Object(g.j)(),s=Object(m.createSelector)(y,(e=>e)),l=Object(m.createSelector)(f,(e=>e));return(c,{id:u})=>{const d=Object(i.getOr)({},`inputs.${u}`,c);return{end:e(d),fromStr:t(d),filterQuery:s(d),isLoading:a(d),queries:n(c,u),savedQuery:l(d),start:r(d),toStr:o(d)}}}),(e=>({updateSearch:I(e),setSavedQuery:({id:t,savedQuery:a})=>e(d.b.setSavedQuery({id:t,savedQuery:a})),setSearchBarFilter:({id:t,filters:a})=>e(d.b.setSearchBarFilter({id:t,filters:a}))})))(O)},,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"d",(function(){return r})),a.d(t,"a",(function(){return o})),a.d(t,"g",(function(){return s})),a.d(t,"f",(function(){return l})),a.d(t,"h",(function(){return c})),a.d(t,"e",(function(){return u})),a.d(t,"c",(function(){return d}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.exceptions.commentEventLabel",{defaultMessage:"added a comment"}),r=n.i18n.translate("xpack.securitySolution.exceptions.operatingSystemFullLabel",{defaultMessage:"Operating System"}),o=(n.i18n.translate("xpack.securitySolution.exceptions.viewer.addToEndpointListLabel",{defaultMessage:"Add endpoint exception"}),n.i18n.translate("xpack.securitySolution.exceptions.viewer.addToDetectionsListLabel",{defaultMessage:"Add rule exception"}),n.i18n.translate("xpack.securitySolution.exceptions.viewer.addCommentPlaceholder",{defaultMessage:"Add a new comment..."}),n.i18n.translate("xpack.securitySolution.exceptions.viewer.addToClipboard",{defaultMessage:"Comment"})),s=(n.i18n.translate("xpack.securitySolution.exceptions.clearExceptionsLabel",{defaultMessage:"Remove Exception List"}),n.i18n.translate("xpack.securitySolution.exceptions.fetchError",{defaultMessage:"Error fetching exception list"}),n.i18n.translate("xpack.securitySolution.exceptions.errorLabel",{defaultMessage:"Error"}),n.i18n.translate("xpack.securitySolution.exceptions.cancelLabel",{defaultMessage:"Cancel"}),n.i18n.translate("xpack.securitySolution.exceptions.modalErrorAccordionText",{defaultMessage:"Show rule reference information:"}),n.i18n.translate("xpack.securitySolution.exceptions.disassociateExceptionListError",{defaultMessage:"Failed to remove exception list"}),n.i18n.translate("xpack.securitySolution.exceptions.operatingSystemWindows",{defaultMessage:"Windows"})),l=n.i18n.translate("xpack.securitySolution.exceptions.operatingSystemMac",{defaultMessage:"macOS"}),c=n.i18n.translate("xpack.securitySolution.exceptions.operatingSystemWindowsAndMac",{defaultMessage:"Windows and macOS"}),u=n.i18n.translate("xpack.securitySolution.exceptions.operatingSystemLinux",{defaultMessage:"Linux"}),d=n.i18n.translate("xpack.securitySolution.exceptions.fetchingReferencesErrorToastTitle",{defaultMessage:"Error fetching exception references"})},function(e,t,a){"use strict";a.d(t,"a",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"c",(function(){return o})),a.d(t,"d",(function(){return s})),a.d(t,"e",(function(){return l})),a.d(t,"g",(function(){return c})),a.d(t,"h",(function(){return u})),a.d(t,"i",(function(){return d})),a.d(t,"f",(function(){return p}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.timeline.categoryTooltip",{defaultMessage:"Category"}),r=n.i18n.translate("xpack.securitySolution.timeline.descriptionTooltip",{defaultMessage:"Description"}),o=n.i18n.translate("xpack.securitySolution.timeline.fieldTooltip",{defaultMessage:"Field"}),s=n.i18n.translate("xpack.securitySolution.timeline.fullScreenButton",{defaultMessage:"Full screen"}),l=n.i18n.translate("xpack.securitySolution.timeline.hideColumnLabel",{defaultMessage:"Hide column"}),c=n.i18n.translate("xpack.securitySolution.timeline.sortAZLabel",{defaultMessage:"Sort A-Z"}),u=n.i18n.translate("xpack.securitySolution.timeline.sortZALabel",{defaultMessage:"Sort Z-A"}),d=n.i18n.translate("xpack.securitySolution.timeline.typeTooltip",{defaultMessage:"Type"}),p=n.i18n.translate("xpack.securitySolution.timeline.flyout.pane.removeColumnButtonLabel",{defaultMessage:"Remove column"})},function(e,t,a){"use strict";a.d(t,"a",(function(){return n})),a.d(t,"b",(function(){return i})),a.d(t,"c",(function(){return r})),a.d(t,"d",(function(){return o})),a.d(t,"e",(function(){return s})),a.d(t,"f",(function(){return l}));const n="network.bytes",i="network.community_id",r="network.direction",o="network.packets",s="network.protocol",l="network.transport"},function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"d",(function(){return r})),a.d(t,"a",(function(){return o})),a.d(t,"c",(function(){return s}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.isolateHost",{defaultMessage:"Isolate host"}),r=n.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.unisolateHost",{defaultMessage:"Release host"}),o=e=>n.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.isolateHost.casesAssociatedWithAlert",{defaultMessage:"{caseCount} {caseCount, plural, one {case} other {cases}} associated with this host",values:{caseCount:e}}),s=n.i18n.translate("xpack.securitySolution.endpoint.hostIsolation.returnToAlertDetails",{defaultMessage:"Return to alert details"})},function(e,t,a){const n=a(192);e.exports=(e,t,a)=>n(e,t,a)>0},function(e,t,a){const n=Symbol("SemVer ANY");class Comparator{static get ANY(){return n}constructor(e,t){if(t=i(t),e instanceof Comparator){if(e.loose===!!t.loose)return e;e=e.value}e=e.trim().split(/\s+/).join(" "),l("comparator",e,t),this.options=t,this.loose=!!t.loose,this.parse(e),this.semver===n?this.value="":this.value=this.operator+this.semver.version,l("comp",this)}parse(e){const t=this.options.loose?r[o.COMPARATORLOOSE]:r[o.COMPARATOR],a=e.match(t);if(!a)throw new TypeError(`Invalid comparator: ${e}`);this.operator=void 0!==a[1]?a[1]:"","="===this.operator&&(this.operator=""),a[2]?this.semver=new c(a[2],this.options.loose):this.semver=n}toString(){return this.value}test(e){if(l("Comparator.test",e,this.options.loose),this.semver===n||e===n)return!0;if("string"==typeof e)try{e=new c(e,this.options)}catch(e){return!1}return s(e,this.operator,this.semver,this.options)}intersects(e,t){if(!(e instanceof Comparator))throw new TypeError("a Comparator is required");return""===this.operator?""===this.value||new u(e.value,t).test(this.value):""===e.operator?""===e.value||new u(this.value,t).test(e.semver):!((t=i(t)).includePrerelease&&("<0.0.0-0"===this.value||"<0.0.0-0"===e.value)||!t.includePrerelease&&(this.value.startsWith("<0.0.0")||e.value.startsWith("<0.0.0"))||(!this.operator.startsWith(">")||!e.operator.startsWith(">"))&&(!this.operator.startsWith("<")||!e.operator.startsWith("<"))&&(this.semver.version!==e.semver.version||!this.operator.includes("=")||!e.operator.includes("="))&&!(s(this.semver,"<",e.semver,t)&&this.operator.startsWith(">")&&e.operator.startsWith("<"))&&!(s(this.semver,">",e.semver,t)&&this.operator.startsWith("<")&&e.operator.startsWith(">")))}}e.exports=Comparator;const i=a(451),{safeRe:r,t:o}=a(310),s=a(838),l=a(325),c=a(157),u=a(205)},function(e,t,a){const n=a(205);e.exports=(e,t,a)=>{try{t=new n(t,a)}catch(e){return!1}return t.test(e)}},function(e,t,a){"use strict";var n=String.fromCharCode;e.exports=n},function(e,t,a){"use strict";var n=a(147),i=a(154),r={tokenize:function(e,t,a){return i(e,(function(e){return null===e||n(e)?t(e):a(e)}),"linePrefix")},partial:!0};e.exports=r},function(e,t,a){"use strict";var n=a(841);e.exports=function(e,t){var a=e[e.length-1];return a&&a[1].type===t?n(a[2].sliceStream(a[1])):0}},function(e,t,a){"use strict";var n=a(253)(/[\dA-Za-z]/);e.exports=n},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a.n(n),r=a(41);const o=a.n(r).a.div.withConfig({displayName:"StyledDiv",componentId:"sc-1qyhc9r-0"})(["padding-left:",";"],(({addPadding:e})=>e&&"53px"));o.defaultProps={addPadding:!1};const s=i.a.memo(o);s.displayName="StepContentWrapper"},function(e,t,a){"use strict";a.d(t,"a",(function(){return c})),a.d(t,"b",(function(){return u}));var n=a(27),i=a(46),r=a(2),o=a(143),s=a(354);const l=["GET",n.INTERNAL_ALERTING_API_FIND_RULES_PATH],c=(e,t)=>Object(i.useQuery)([...l,...e],(({signal:t})=>Object(o.k)({ids:e,signal:t})),{...s.a,...t}),u=()=>{const e=Object(i.useQueryClient)();return Object(r.useCallback)((()=>e.invalidateQueries(l,{refetchType:"active"})),[e])}},function(e,t,a){"use strict";a.d(t,"d",(function(){return i})),a.d(t,"f",(function(){return r})),a.d(t,"j",(function(){return o})),a.d(t,"i",(function(){return s})),a.d(t,"m",(function(){return l})),a.d(t,"h",(function(){return c})),a.d(t,"k",(function(){return u})),a.d(t,"l",(function(){return d})),a.d(t,"e",(function(){return p})),a.d(t,"n",(function(){return m})),a.d(t,"s",(function(){return g})),a.d(t,"t",(function(){return y})),a.d(t,"q",(function(){return f})),a.d(t,"r",(function(){return b})),a.d(t,"p",(function(){return h})),a.d(t,"o",(function(){return E})),a.d(t,"b",(function(){return v})),a.d(t,"c",(function(){return x})),a.d(t,"a",(function(){return k})),a.d(t,"g",(function(){return S}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customQueryFieldRequiredError",{defaultMessage:"A custom query is required."}),r=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError",{defaultMessage:"An EQL query is required."}),o=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customQueryFieldInvalidError",{defaultMessage:"The KQL is invalid"}),s=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.indicesHelperDescription",{defaultMessage:"Enter the pattern of Elasticsearch indices where you would like this rule to run. By default, these will include index patterns defined in Security Solution advanced settings."}),l=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.resetDefaultIndicesButton",{defaultMessage:"Reset to default index patterns"}),c=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.importTimelineQueryButton",{defaultMessage:"Import query from saved timeline"}),u=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.mlJobSelectPlaceholderText",{defaultMessage:"Select a job"}),d=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldQuerBarLabel",{defaultMessage:"Custom query"}),p=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel",{defaultMessage:"EQL query"}),m=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.SavedQueryFormRowLabel",{defaultMessage:"Saved query"}),g=e=>n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldShouldLoadQueryDynamicallyLabel",{defaultMessage:'Load saved query "{savedQueryName}" dynamically on each rule execution',values:{savedQueryName:e}}),y=()=>n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldShouldLoadQueryDynamicallyLabelWithoutName",{defaultMessage:"Load saved query dynamically on each rule execution"}),f=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchingIcesHelperDescription",{defaultMessage:"Select threat indices"}),b=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError",{defaultMessage:"At least one indicator match is required."}),h=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError",{defaultMessage:"All matches require both a field and threat index field."}),E=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.source",{defaultMessage:"Source"}),v=(n.i18n.translate("xpack.securitySolution.detections.dataSource.popover.title",{defaultMessage:"Select a data source"}),n.i18n.translate("xpack.securitySolution.detections.dataSource.popover.subTitle",{defaultMessage:"Data sources"}),n.i18n.translate("xpack.securitySolution.detections.dataSource.popover.content",{defaultMessage:"Rules can now query index patterns or data views."}),n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.rulePreviewTitle",{defaultMessage:"Rule Preview"}),n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.alertSuppressionMissingFieldsLabel",{defaultMessage:"If a suppression field is missing"})),x=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.alertSuppressionMissingFieldsSuppressLabel",{defaultMessage:"Suppress and group alerts for events with missing fields"}),k=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.alertSuppressionMissingFieldsDoNotSuppressLabel",{defaultMessage:"Do not suppress alerts for events with missing fields"}),S=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupBy.licenseWarning",{defaultMessage:"Alert suppression is enabled with Platinum license or above"})},,function(e,t,a){"use strict";a.d(t,"a",(function(){return M}));var n=a(2),i=a.n(n),r=a(40),o=a(117),s=a(42),l=a(41),c=a.n(l),u=a(1078),d=a(798),p=a(132),m=a(799);const g=(e=[])=>e.filter((e=>!Object(s.isEmpty)(e))).map((e=>{const t=(e=>{const[t,a]=Object(m.a)(e);return null!=t&&null!=a?`${t}: "${a}"`:""})(e);return i.a.createElement(r.EuiFlexItem,{key:t,grow:!1},t)}));var y=a(5);const f=y.i18n.translate("xpack.securitySolution.ml.score.influencedByTitle",{defaultMessage:"Influenced By"}),b=y.i18n.translate("xpack.securitySolution.ml.score.maxAnomalyScoreTitle",{defaultMessage:"Max Anomaly Score"}),h=y.i18n.translate("xpack.securitySolution.ml.score.anomalyJobTitle",{defaultMessage:"Job"}),E=y.i18n.translate("xpack.securitySolution.ml.score.viewInMachineLearningLink",{defaultMessage:"View in Machine Learning"}),v=y.i18n.translate("xpack.securitySolution.ml.score.detectedTitle",{defaultMessage:"Detected"}),x=y.i18n.translate("xpack.securitySolution.ml.score.narrowToThisDateRangeLink",{defaultMessage:"Narrow to this date range"}),k=y.i18n.translate("xpack.securitySolution.ml.score.anomalousEntityTitle",{defaultMessage:"Anomalous Entity"});var S=a(1079);const w=c()(r.EuiText).withConfig({displayName:"LargeScore",componentId:"sc-vz3ecp-0"})(["font-size:45px;font-weight:lighter;"]);w.displayName="LargeScore";const j=(e,t,a,n,o,s)=>[{title:b,description:i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiSpacer,{size:"m"}),i.a.createElement(w,null,Object(d.a)(e.severity)))},{title:i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiSpacer,{size:"m"}),h),description:i.a.createElement(r.EuiFlexGroup,{direction:"column",gutterSize:"none",responsive:!1},i.a.createElement(r.EuiFlexItem,{grow:!1},s),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(S.a,{score:e,startDate:t,endDate:a,linkName:E})))},{title:v,description:i.a.createElement(r.EuiFlexGroup,{direction:"column",gutterSize:"none",responsive:!1},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(p.c,{value:new Date(e.time)})),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiLink,{"data-test-subj":"anomaly-description-narrow-range-link",onClick:()=>{o(e,n)},target:"_blank"},x)))},{title:k,description:i.a.createElement(r.EuiFlexGroup,{direction:"column",gutterSize:"none",responsive:!1},i.a.createElement(r.EuiFlexItem,{grow:!1},`${e.entityName}: "${e.entityValue}"`))},{title:f,description:i.a.createElement(r.EuiFlexGroup,{direction:"column",gutterSize:"none",responsive:!1},g(e.influencers))}],O=c()(r.EuiIcon).withConfig({displayName:"Icon",componentId:"sc-1ms1asc-0"})(["vertical-align:text-bottom;cursor:pointer;"]);O.displayName="Icon";const I=({startDate:e,endDate:t,index:a=0,score:o,interval:s,narrowDateRange:l,jobName:c})=>{const[d,p]=Object(n.useState)(!1);return i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiFlexItem,{grow:!1,"data-test-subj":"anomaly-score"},i.a.createElement(u.a,{index:a,score:o})),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiPopover,{"data-test-subj":"anomaly-score-popover",id:"anomaly-score-popover",isOpen:d,onClick:()=>p(!d),closePopover:()=>p(!d),button:i.a.createElement(O,{type:"iInCircle"}),repositionOnScroll:!0},i.a.createElement(r.EuiDescriptionList,{"data-test-subj":"anomaly-description-list",listItems:j(o,e,t,s,l,c)}))))};I.displayName="AnomalyScoreComponent";const T=i.a.memo(I);T.displayName="AnomalyScore";const C=({anomalies:e,startDate:t,endDate:a,isLoading:n,narrowDateRange:l,limit:c,jobNameById:u})=>n?i.a.createElement(r.EuiLoadingSpinner,{"data-test-subj":"anomaly-score-spinner",size:"m"}):null==e||0===e.anomalies.length?Object(o.d)():i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiFlexGroup,{gutterSize:"none",responsive:!1,"data-test-subj":"anomaly-scores"},((e,t)=>{const a=e.reduce(((e,t)=>{const a=t.jobId,n=t.severity;return(null==e[a]||e[a].severity<n)&&(e[a]=t),e}),{}),n=Object(s.toArray)(a).sort(((e,t)=>t.severity-e.severity));return null==t?n:n.slice(0,t)})(e.anomalies,c).map(((n,r)=>{var o;const s=(e=>`${e.jobId}-${e.severity}-${e.entityName}-${e.entityValue}`)(n);return i.a.createElement(T,{key:s,startDate:t,endDate:a,index:r,score:n,jobName:null!==(o=u[n.jobId])&&void 0!==o?o:n.jobId,interval:e.interval,narrowDateRange:l})}))));C.displayName="AnomalyScoresComponent";const M=i.a.memo(C);M.displayName="AnomalyScores"},,function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"c",(function(){return r})),a.d(t,"e",(function(){return n})),a.d(t,"a",(function(){return k})),a.d(t,"d",(function(){return S}));var n={};a.r(n),a.d(n,"allUsersSelector",(function(){return c})),a.d(n,"userRiskScoreSelector",(function(){return u})),a.d(n,"userRiskScoreSeverityFilterSelector",(function(){return d})),a.d(n,"authenticationsSelector",(function(){return p})),a.d(n,"usersAnomaliesJobIdFilterSelector",(function(){return m})),a.d(n,"usersAnomaliesIntervalSelector",(function(){return g}));var i=a(524),r=a(184),o=a(139);const s=e=>e.users.page,l=(e,t)=>e.users[t],c=()=>Object(o.createSelector)(s,(e=>e.queries[r.UsersTableType.allUsers])),u=()=>Object(o.createSelector)(s,(e=>e.queries[r.UsersTableType.risk])),d=()=>Object(o.createSelector)(s,(e=>e.queries[r.UsersTableType.risk].severitySelection)),p=()=>Object(o.createSelector)(s,(e=>e.queries[r.UsersTableType.authentications])),m=()=>Object(o.createSelector)(l,(e=>e.queries[r.UsersTableType.anomalies].jobIdSelection)),g=()=>Object(o.createSelector)(l,(e=>e.queries[r.UsersTableType.anomalies].intervalSelection));var y=a(208),f=a(388),b=a(314);const h=e=>({...e.page.queries,[r.UsersTableType.allUsers]:{...e.page.queries[r.UsersTableType.allUsers],activePage:b.a}});var E=a(536),v=a(113),x=a(425);const k={page:{queries:{[r.UsersTableType.allUsers]:{activePage:b.a,limit:b.b,sort:{field:x.b.lastSeen,direction:E.a.desc}},[r.UsersTableType.authentications]:{activePage:b.a,limit:b.b},[r.UsersTableType.risk]:{activePage:b.a,limit:b.b,sort:{field:v.x.userRiskScore,direction:E.a.desc},severitySelection:[]},[r.UsersTableType.anomalies]:{jobIdSelection:[],intervalSelection:"auto"},[r.UsersTableType.events]:{activePage:b.a,limit:b.b}}},details:{queries:{[r.UsersTableType.anomalies]:{jobIdSelection:[],intervalSelection:"auto"},[r.UsersTableType.events]:{activePage:b.a,limit:b.b}}}},S=Object(y.reducerWithInitialState)(k).case(i.setUsersTablesActivePageToZero,(e=>({...e,page:{...e.page,queries:h(e)}}))).case(i.updateTableActivePage,((e,{activePage:t,tableType:a})=>({...e,page:{...e.page,queries:{...e.page.queries,[a]:{...e.page.queries[a],activePage:t}}}}))).case(i.updateTableLimit,((e,{limit:t,tableType:a})=>({...e,page:{...e.page,queries:{...e.page.queries,[a]:{...e.page.queries[a],limit:t}}}}))).case(i.updateTableSorting,((e,{sort:t,tableType:a})=>({...e,page:{...e.page,queries:{...e.page.queries,[a]:{...e.page.queries[a],sort:t,activePage:b.a}}}}))).case(i.updateUserRiskScoreSeverityFilter,((e,{severitySelection:t})=>({...e,page:{...e.page,queries:{...e.page.queries,[r.UsersTableType.risk]:{...e.page.queries[r.UsersTableType.risk],severitySelection:t,activePage:b.a}}}}))).case(i.updateUsersAnomaliesJobIdFilter,((e,{jobIds:t,usersType:a})=>"page"===a?Object(f.set)("page.queries.anomalies.jobIdSelection",t,e):Object(f.set)("details.queries.anomalies.jobIdSelection",t,e))).case(i.updateUsersAnomaliesInterval,((e,{interval:t,usersType:a})=>"page"===a?Object(f.set)("page.queries.anomalies.intervalSelection",t,e):Object(f.set)("details.queries.anomalies.intervalSelection",t,e))).build()},,,,,,,,,,,,function(e,t,a){"use strict";var n=a(368);a.d(t,"e",(function(){return n.d})),a.d(t,"d",(function(){return n.c})),a.d(t,"c",(function(){return n.b}));var i=a(226);a.d(t,"a",(function(){return i.b})),a.d(t,"b",(function(){return i.d}))},,function(e,t,a){const n=a(192);e.exports=(e,t,a)=>n(e,t,a)>=0},,,function(e,t,a){"use strict";a.d(t,"a",(function(){return y}));var n=a(2),i=a.n(n),r=a(113),o=a(41),s=a.n(o),l=(a(21),a(40)),c=a(19);const u=({text:e,className:t})=>{const{euiTheme:a}=Object(l.useEuiTheme)();return i.a.createElement(d,{label:null!=e?e:c.a,size:"s",className:t,$_css:a.size.s,$_css2:a.colors.text,$_css3:a.size.xxs})};var d=s()(l.EuiBetaBadge).withConfig({displayName:"_StyledEuiBetaBadge",componentId:"sc-ftlp1b-0"})(["margin-left:",";color:",";vertical-align:middle;margin-bottom:",";"],(e=>e.$_css),(e=>e.$_css2),(e=>e.$_css3)),p=a(800),m=a(1040);const g=({riskScoreEntity:e,title:t,showTechnicalPreviewBadge:a=!1})=>i.a.createElement(i.a.Fragment,null,null!=t?t:e===r.w.user?p.f:p.b,a&&i.a.createElement(u,{text:m.d,className:"eui-alignMiddle"})),y=i.a.memo(g);y.displayName="RiskScoreHeaderTitle"},,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(2),i=a(45),r=a(105),o=a(187),s=a(110),l=a(116),c=a(122);function u(e){const t=Object(n.useMemo)((()=>Object(o.i)()),[]),a=Object(n.useMemo)((()=>Object(o.b)()),[]),u=Object(n.useMemo)((()=>Object(o.d)()),[]),d=Object(r.a)((t=>u(e?t.inputs.timeline:t.inputs.global))),p=Object(r.a)((a=>t(e?a.inputs.timeline:a.inputs.global))),m=Object(r.a)((t=>a(e?t.inputs.timeline:t.inputs.global))),g=Object(n.useMemo)((()=>c.e.defaultDataViewSelector()),[]),y=Object(r.a)(g),{pathname:f}=Object(i.useLocation)(),{selectedPatterns:b}=Object(l.d)(Object(l.a)(f)),{selectedPatterns:h}=Object(l.d)(s.SourcererScopeName.timeline);return{selectedPatterns:Object(n.useMemo)((()=>e?[...new Set([...h,...y.patternList])]:[...new Set([...b,...y.patternList])]),[e,h,b,y.patternList]),from:p,to:m,shouldUpdate:d}}},function(e,t,a){"use strict";a.d(t,"b",(function(){return n})),a.d(t,"a",(function(){return i})),a.d(t,"c",(function(){return r}));const n={critical:"#E7664C",high:"#DA8B45",medium:"#D6BF57",low:"#54B399"},i=4,r=(e=0)=>Math.ceil(Math.min(e||0,100)/i)},function(e,t,a){"use strict";a.d(t,"a",(function(){return S}));var n=a(2),i=a(103),r=a(5),o=a(129),s=a(120),l=a(214),c=a(133),u=a(102),d=a(118),p=a(106),m=a(111),g=a(1045),y=a(164),f=a(242),b=a(135),h=a(105),E=a(115),v=a(108),x=a(159),k=a(196);const S=({ecsRowData:e,onInvestigateInTimelineAlertClick:t})=>{const{addError:a}=Object(v.a)(),{data:{search:S,query:w}}=Object(u.j)().services,j=Object(i.useDispatch)(),{startTransaction:O}=Object(x.b)(),{services:I}=Object(u.j)(),{getExceptionFilterFromIds:T}=Object(l.c)(I.http),C=Object(n.useCallback)((async e=>{const t=(e=>{var t;let a=null!==(t=Object(E.getField)(e,o.y))&&void 0!==t?t:[],n=[];try{if(Array.isArray(a)&&0===a.length){var i;const t=null!==(i=Object(E.getField)(e,o.G))&&void 0!==i?i:{};if(t.length>0){var r;const e=JSON.parse(t[0]);a=null!==(r=null==e?void 0:e.exceptions_list)&&void 0!==r?r:[]}}else if(a&&a.list_id)return a.list_id.map(((e,t)=>{const n=a.type[t];return{exception_list_id:e,namespace_type:a.namespace_type[t],type:n}})).filter((e=>e.type===s.b.DETECTION))}catch(e){}return n=a.reduce(((e,t)=>{try{const a="string"==typeof t?JSON.parse(t):t;if(a.type===s.b.DETECTION){const t={exception_list_id:a.list_id,namespace_type:a.namespace_type};e.push(t)}}catch{}return e}),[]),n})(e);let n;return t.length>0&&await T({exceptionListIds:t,excludeExceptions:!0,chunkSize:20,alias:"Exceptions",onSuccess:e=>{n=e},onError:e=>{a(e,{title:r.i18n.translate("xpack.securitySolution.detectionEngine.alerts.fetchExceptionFilterFailure",{defaultMessage:"Error fetching exception filter."})})}}),n}),[a,T]),M=Object(n.useMemo)((()=>w.filterManager),[w.filterManager]),F=Object(n.useMemo)((()=>m.b.getTimelineByIdSelector()),[]),{filterManager:D}=Object(h.a)((e=>{var t,a;return null!==(t=F(e,null!==(a=d.c.active)&&void 0!==a?a:""))&&void 0!==t?t:c.b})),A=Object(n.useMemo)((()=>null!=D?D:M),[D,M]),_=Object(n.useCallback)((e=>j(m.a.updateIsLoading(e))),[j]),N=Object(f.a)({timelineId:d.c.active,timelineType:p.l.default}),R=Object(n.useCallback)((({from:e,timeline:t,to:a,ruleNote:n})=>{var i;N(),_({id:d.c.active,isLoading:!1}),Object(y.b)(j)({duplicate:!0,from:e,id:d.c.active,notes:[],timeline:{...t,filterManager:A,indexNames:null!==(i=t.indexNames)&&void 0!==i?i:[],show:!0},to:a,ruleNote:n})()}),[j,A,_,N]),q=Object(n.useCallback)((async()=>{O({name:k.a.INVESTIGATE_IN_TIMELINE}),t&&t(),null!=e&&await Object(g.a)({createTimeline:R,ecsData:e,searchStrategyClient:S,updateTimelineIsLoading:_,getExceptionFilter:C})}),[O,R,e,t,S,_,C]);return{investigateInTimelineActionItems:Object(n.useMemo)((()=>[{key:"investigate-in-timeline-action-item","data-test-subj":"investigate-in-timeline-action-item",disabled:null==e,onClick:q,name:b.h}]),[e,q]),investigateInTimelineAlertClick:q}}},function(e,t,a){"use strict";a.d(t,"d",(function(){return u})),a.d(t,"c",(function(){return d})),a.d(t,"b",(function(){return m})),a.d(t,"a",(function(){return g}));var n=a(42),i=a(49),r=a(106),o=a(150);const s=["host.name","host.hostname","host.domain","host.id","host.ip","client.ip","destination.ip","server.ip","source.ip","network.community_id","user.name","process.name"],l=(e,t,a=console)=>{var n,i;const r=null!==(n=null===(i=t.find((t=>t.field===e)))||void 0===i?void 0:i.values)&&void 0!==n?n:null;return null==r?[]:"string"==typeof r?[r]:Array.isArray(r)&&r.every((e=>"string"==typeof e))?r:(a.trace("Data type that is not a string or string array detected:",r,"when trying to access field:",e,"from data object of:",t),[])},c=(e,t=[])=>{let a=t;return"is"===e.function&&s.includes(e.arguments[0].value)&&(a=[...a,{field:e.arguments[0].value,valueToChange:e.arguments[1].value}]),e.arguments.reduce(((e,t)=>"is"===t.function&&s.includes(t.arguments[0].value)?[...e,{field:t.arguments[0].value,valueToChange:t.arguments[1].value}]:t.arguments?c(t,e):e),a)},u=(e,t,a=r.l.default)=>a===r.l.default?""!==e.trim()?c(Object(i.fromKueryExpression)(e)).reduce(((e,a)=>{const n=l(a.field,t);return n.length?e.replace(a.valueToChange,n[0]):e}),e):"":e.trim(),d=(e,t)=>e.map((e=>{if("phrase"===e.meta.type&&null!=e.meta.key&&s.includes(e.meta.key)){const a=l(e.meta.key,t);a.length&&(e.meta.params={query:a[0]},e.query={match_phrase:{[e.meta.key]:a[0]}})}return e})),p=(e,t,a=r.l.default)=>{if(a!==r.l.template){if(s.includes(e.queryMatch.field)){const a=l(e.queryMatch.field,t);a.length&&(e.id=e.id.replace(e.name,a[0]),e.name=a[0],e.queryMatch.value=a[0],e.queryMatch.displayField=void 0,e.queryMatch.displayValue=void 0)}return e.type=o.a.default,e}if(a===r.l.template){var n;if(e.type===o.a.template&&":"===e.queryMatch.operator){const a=l(e.queryMatch.field,t);return a.length||(e.enabled=!1),e.id=e.id.replace(e.name,a[0]),e.name=a[0],e.queryMatch.value=a[0],e.queryMatch.displayField=void 0,e.queryMatch.displayValue=void 0,e.type=o.a.default,e}return e.type=null!==(n=e.type)&&void 0!==n?n:o.a.default,e}return e},m=(e,t,a=r.l.default)=>e.map((e=>{const i=p(e,t,a);return null==i.and||Object(n.isEmpty)(i.and)||(i.and=i.and.map((e=>p(e,t,a)))),i})),g=(e,t)=>[{range:{"@timestamp":{gte:e,lt:t,format:"strict_date_optional_time"}},meta:{type:"range",disabled:!1,negate:!1,alias:null,key:"@timestamp",params:{gte:e,lt:t,format:"strict_date_optional_time"}},$state:{store:i.FilterStateStore.APP_STATE}}]},function(e,t,a){"use strict";a.d(t,"a",(function(){return y}));var n=a(104),i=a.n(n),r=a(2),o=a.n(r),s=a(40),l=a(41),c=a.n(l),u=a(488),d=a(107);const p=c()(s.EuiContextMenuItem).withConfig({displayName:"StyledEuiContextMenuItem",componentId:"sc-t3r55d-0"})([".additional-info{display:none;max-width:50%;}&:hover{.additional-info{display:block !important;}}"]),m=c()("div").withConfig({displayName:"StyledEuiFlexItem",componentId:"sc-t3r55d-1"})(["max-width:50%;padding-right:",";"],(e=>e.theme.eui.euiSizeS)),g=c()(s.EuiText).withConfig({displayName:"StyledEuiText",componentId:"sc-t3r55d-2"})(["padding:",";line-height:",";"],(e=>e.theme.eui.euiSizeM),(e=>e.theme.eui.euiFontSizeM)),y=Object(r.memo)((({navigateAppId:e,navigateOptions:t,onClick:a,textTruncate:n,hoverInfo:l,children:c,isNavigationDisabled:y=!1,...f})=>{const b=Object(u.a)(null!=e?e:"",{...t,onClick:a}),h=Object(d.a)(f["data-test-subj"]),E=Object(r.useMemo)((()=>{const e="additional-info "+("object"!=typeof l?"eui-textTruncate":"");return l?o.a.createElement(m,{className:e},l):null}),[l]),v=n?o.a.createElement(o.a.Fragment,null,o.a.createElement("div",i()({className:"eui-textTruncate","data-test-subj":h("truncateWrapper")},"string"==typeof c?{title:c}:{}),c),E):o.a.createElement(o.a.Fragment,null,o.a.createElement(s.EuiFlexItem,null,c),E);return y?o.a.createElement(g,{size:"s",className:"eui-textTruncate","data-test-subj":f["data-test-subj"]},v):o.a.createElement(p,i()({},f,{onClick:e?b:a}),o.a.createElement(s.EuiFlexGroup,{alignItems:"center",gutterSize:"none"},v))}));y.displayName="EuiContextMenuItemNavByRouter"},function(e,t,a){"use strict";a.d(t,"b",(function(){return l})),a.d(t,"a",(function(){return c}));var n=a(46),i=a(102),r=a(173),o=a(504),s=a(934);function l({onError:e,page:t,perPage:a}={page:1,perPage:r.c}){const o=Object(i.i)();return Object(n.useQuery)(["endpointSpecificPolicies",t,a],(()=>Object(s.a)(o,{query:{page:t,perPage:a,withAgentCount:!0}})),e?{onError:e}:void 0)}function c({customQueryOptions:e}){const t=Object(i.i)();return Object(n.useQuery)(["endpointPackageVersion",e],(()=>Object(o.c)(t)),e)}},function(e,t,a){"use strict";a.d(t,"a",(function(){return r})),a.d(t,"e",(function(){return s})),a.d(t,"b",(function(){return l})),a.d(t,"f",(function(){return c})),a.d(t,"d",(function(){return u})),a.d(t,"c",(function(){return d}));var n=a(65);const i="/api/fleet",r=`${i}/package_policies`,o=`${i}/agent_status`,s=(e,t,a)=>e.get(`${r}/${t}`,a),l=(e,t,a)=>e.post(`${r}/_bulk_get`,{...a,body:JSON.stringify({ids:t,ignoreMissing:!0})}),c=(e,t,a,n={})=>e.put(`${r}/${t}`,{...n,body:JSON.stringify(a)}),u=(e,t,a={})=>e.get(o,{...a,query:{policyId:t}}),d=async e=>{const t=n.epmRouteService.getInfoPath("endpoint"),a=(await e.get(t)).item;if(!a)throw new Error("Endpoint package was not found.");return a}},,,,,function(e,t,a){"use strict";a.d(t,"b",(function(){return l})),a.d(t,"a",(function(){return x})),a.d(t,"c",(function(){return w}));var n=a(141),i=a(60),r=a(51),o=a(408);const s=Object(n.d)((e=>(({data:e,defaultIndex:t,eventFields:a,filterQuery:n,timerange:i,signal:r})=>e.search.search({defaultIndex:t,eventFields:a,factoryQueryType:o.a.eventEnrichment,filterQuery:n,timerange:i},{strategy:"securitySolutionSearchStrategy",abortSignal:r}))(e).pipe(Object(i.filter)((e=>Object(r.isErrorResponse)(e)||Object(r.isCompleteResponse)(e)))))),l=()=>Object(n.c)(s);var c=a(2),u=a(103),d=a(8),p=a(246),m=a.n(p),g=a(114),y=a(167),f=a(108),b=a(102),h=a(182);const E=a(5).i18n.translate("xpack.securitySolution.investigationEnrichment.requestError",{defaultMessage:"An error occurred while requesting threat intelligence"});var v=a(4);const x="investigation_time_enrichment",k=()=>{},S={enrichments:[]},w=e=>{const{addError:t}=Object(f.a)(),{data:a,uiSettings:n}=Object(b.j)().services,i=n.get(v.T),r=Object(u.useDispatch)(),[o,s]=Object(c.useState)({from:y.a,to:y.b}),{error:p,loading:w,result:j,start:O}=l(),I=Object(c.useCallback)((()=>{r(h.c.deleteOneQuery({inputId:g.a.global,id:x}))}),[r]);Object(c.useEffect)((()=>(!w&&j&&r(h.c.setQuery({inputId:g.a.global,id:x,inspect:{dsl:j.inspect.dsl,response:[JSON.stringify(j.rawResponse,null,2)]},loading:w,refetch:k})),I)),[I,r,w,j]),Object(c.useEffect)((()=>{p&&t(p,{title:E})}),[t,p]);const T=m()(e),C=m()(o);return Object(c.useEffect)((()=>{Object(d.isEmpty)(e)||Object(d.isEqual)(e,T)&&Object(d.isEqual)(o,C)||O({data:a,timerange:{...o,interval:""},defaultIndex:i,eventFields:e,filterQuery:""})}),[O,a,e,T,o,C,i]),{result:Object(d.isEmpty)(e)?S:j,range:o,setRange:s,loading:w}}},,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"f",(function(){return r})),a.d(t,"c",(function(){return o})),a.d(t,"d",(function(){return s})),a.d(t,"a",(function(){return l})),a.d(t,"e",(function(){return c}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.threatMatch.fieldDescription",{defaultMessage:"Field"}),r=n.i18n.translate("xpack.securitySolution.threatMatch.threatFieldDescription",{defaultMessage:"Indicator index field"}),o=n.i18n.translate("xpack.securitySolution.threatMatch.fieldPlaceholderDescription",{defaultMessage:"Search"}),s=n.i18n.translate("xpack.securitySolution.threatMatch.matchesLabel",{defaultMessage:"MATCHES"}),l=n.i18n.translate("xpack.securitySolution.threatMatch.andDescription",{defaultMessage:"AND"}),c=n.i18n.translate("xpack.securitySolution.threatMatch.orDescription",{defaultMessage:"OR"})},function(e,t,a){"use strict";a.r(t),a.d(t,"updateNetworkTable",(function(){return r})),a.d(t,"setNetworkDetailsTablesActivePageToZero",(function(){return o})),a.d(t,"setNetworkTablesActivePageToZero",(function(){return s})),a.d(t,"updateNetworkAnomaliesJobIdFilter",(function(){return l})),a.d(t,"updateNetworkAnomaliesInterval",(function(){return c}));var n=a(22);const i=a.n(n)()("x-pack/security_solution/local/network"),r=i("UPDATE_NETWORK_TABLE"),o=i("SET_IP_DETAILS_TABLES_ACTIVE_PAGE_TO_ZERO"),s=i("SET_NETWORK_TABLES_ACTIVE_PAGE_TO_ZERO"),l=i("UPDATE_NETWORK_ANOMALIES_JOB_ID_FILTER"),c=i("UPDATE_NETWORK_ANOMALIES_INTERVAL")},function(e,t,a){"use strict";a.r(t),a.d(t,"setUsersTablesActivePageToZero",(function(){return r})),a.d(t,"setUsersDetailsTablesActivePageToZero",(function(){return o})),a.d(t,"updateTableLimit",(function(){return s})),a.d(t,"updateTableActivePage",(function(){return l})),a.d(t,"updateTableSorting",(function(){return c})),a.d(t,"updateUserRiskScoreSeverityFilter",(function(){return u})),a.d(t,"updateUsersAnomaliesJobIdFilter",(function(){return d})),a.d(t,"updateUsersAnomaliesInterval",(function(){return p}));var n=a(22);const i=a.n(n)()("x-pack/security_solution/local/users"),r=i("SET_USERS_TABLES_ACTIVE_PAGE_TO_ZERO"),o=i("SET_USERS_DETAILS_TABLES_ACTIVE_PAGE_TO_ZERO"),s=i("UPDATE_USERS_TABLE_LIMIT"),l=i("UPDATE_USERS_ACTIVE_PAGE"),c=i("UPDATE_USERS_SORTING"),u=i("UPDATE_USERS_RISK_SEVERITY_FILTER"),d=i("UPDATE_USERS_ANOMALIES_JOB_ID_FILTER"),p=i("UPDATE_USERS_ANOMALIES_INTERVAL")},function(e,t,a){"use strict";a.r(t),a.d(t,"updateTableActivePage",(function(){return r})),a.d(t,"setHostTablesActivePageToZero",(function(){return o})),a.d(t,"setHostDetailsTablesActivePageToZero",(function(){return s})),a.d(t,"updateTableLimit",(function(){return l})),a.d(t,"updateHostsSort",(function(){return c})),a.d(t,"updateHostRiskScoreSort",(function(){return u})),a.d(t,"updateHostRiskScoreSeverityFilter",(function(){return d})),a.d(t,"updateHostsAnomaliesJobIdFilter",(function(){return p})),a.d(t,"updateHostsAnomaliesInterval",(function(){return m}));var n=a(22);const i=a.n(n)()("x-pack/security_solution/local/hosts"),r=i("UPDATE_HOST_TABLE_ACTIVE_PAGE"),o=i("SET_HOST_TABLES_ACTIVE_PAGE_TO_ZERO"),s=i("SET_HOST_DETAILS_TABLES_ACTIVE_PAGE_TO_ZERO"),l=i("UPDATE_HOST_TABLE_LIMIT"),c=i("UPDATE_HOSTS_SORT"),u=i("UPDATE_HOST_RISK_SCORE_SORT"),d=i("UPDATE_HOST_RISK_SCORE_SEVERITY"),p=i("UPDATE_HOSTS_ANOMALIES_JOB_ID_FILTER"),m=i("UPDATE_HOSTS_ANOMALIES_INTERVAL")},,,function(e,t,a){"use strict";a.d(t,"c",(function(){return Be})),a.d(t,"a",(function(){return Ge})),a.d(t,"b",(function(){return He}));var n=a(40),i=a(2),r=a.n(i),o=a(44),s=a(52),l=a(197),c=a(124),u=a(8),d=a(839),p=a.n(d),m=a(45),g=a(41),y=a.n(g);const f=r.a.memo((({onClick:e,queriesLength:t})=>{const[a,s]=Object(i.useState)(!1),l=Object(i.useCallback)((()=>{e(),s(!0)}),[e]);return a?null:r.a.createElement(b,{color:"primary",paddingSize:"xs"},r.a.createElement(h,{direction:"row",alignItems:"center"},r.a.createElement(n.EuiFlexItem,{grow:!0},r.a.createElement(n.EuiText,{size:"s"},r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActionsList.investigationGuideSuggestion",defaultMessage:"You have {queriesLength, plural, one {a query} other {queries}} in the investigation guide. Add {queriesLength, plural, one {it as a response action} other {them as response actions}}?",values:{queriesLength:t}}))),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiButtonEmpty,{size:"m",color:"primary",onClick:l,"data-test-subj":"osqueryAddInvestigationGuideQueries"},r.a.createElement(n.EuiText,{size:"s"},r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActionsList.addButton",defaultMessage:"Add"}))))))}));f.displayName="OsqueryInvestigationGuidePanel";var b=y()(n.EuiPanel).withConfig({displayName:"_StyledEuiPanel",componentId:"sc-10xybv0-0"})(["",""],{marginBottom:"16px"}),h=y()(n.EuiFlexGroup).withConfig({displayName:"_StyledEuiFlexGroup",componentId:"sc-10xybv0-1"})(["",""],{padding:"0 24px"}),E=a(600),v=a(5),x=a(938),k=a(702),S=a(126),w=a(67);const j={label:v.i18n.translate("xpack.securitySolution.responseActions.endpoint.commentLabel",{defaultMessage:"Comment (optional)"}),helpText:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActions.endpoint.commentDescription",defaultMessage:"Leave a note that explains or describes the action. You can see your comment in the response actions history log."})},O=({basePath:e,disabled:t,readDefaultValueOnForm:a})=>r.a.createElement(s.UseField,{path:`${e}.comment`,readDefaultValueOnForm:a,config:j,isDisabled:t,component:w.TextField}),I=r.a.memo(O);var T=a(75),C=a(102);v.i18n.translate("xpack.securitySolution.endpoint.action.permissionDenied",{defaultMessage:"Permission denied"});const M=v.i18n.translate("xpack.securitySolution.endpoint.action.chooseFromTheList",{defaultMessage:"Choose action from the list"}),F=v.i18n.translate("xpack.securitySolution.responseActions.endpoint.commentLearnMore",{defaultMessage:"Learn more"}),D=({name:e,isDisabled:t})=>{const{title:a,description:i,tooltip:o}=A(e),s=r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiTitle,{size:"xs"},r.a.createElement(n.EuiText,null,a)),r.a.createElement(n.EuiSpacer,{size:"xs"}),r.a.createElement(n.EuiText,null,i));return t?r.a.createElement(n.EuiToolTip,{position:"top",content:o},s):s},A=e=>"isolate"===e?{title:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActions.endpoint.isolate",defaultMessage:"Isolate"}),description:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActions.endpoint.isolateDescription",defaultMessage:"Quarantine a host from the network to prevent further spread of threats and limit potential damage"}),tooltip:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActions.endpoint.isolateTooltip",defaultMessage:"Insufficient privileges to isolate hosts. Contact your Kibana administrator if you think you should have this permission."})}:{title:"",description:"",tooltip:""},_=r.a.memo(D);var N=a(493);const R=({basePath:e,disabled:t,readDefaultValueOnForm:a})=>{const{endpointPrivileges:l}=Object(S.a)(),[c]=Object(s.useFormData)(),{docLinks:{links:{securitySolution:{responseActions:d}}}}=Object(C.j)().services,p=Object(i.useMemo)((()=>N.a.map((e=>{const t=!Object(x.b)({commandName:Object(k.d)(e),privileges:l}),a=Object(u.map)(c.responseActions,"params.command").includes(e)||t;return{value:e,inputDisplay:e,dropdownDisplay:r.a.createElement(_,{name:e,isDisabled:t}),disabled:a,"data-test-subj":`command-type-${e}`}}))),[c.responseActions,l]);return r.a.createElement(s.UseField,{path:`${e}.command`,readDefaultValueOnForm:a,config:{label:v.i18n.translate("xpack.securitySolution.responseActions.endpoint.commandLabel",{defaultMessage:"Response action"}),helpText:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActions.endpoint.commandDescription",defaultMessage:"Select an endpoint response action. The response action only runs on hosts with Elastic Defend installed. {docs}",values:{docs:r.a.createElement(n.EuiLink,{href:d,target:"_blank"},F)}}),validations:[{validator:T.fieldValidators.emptyField(v.i18n.translate("xpack.securitySolution.responseActions.endpoint.validations.commandIsRequiredErrorMessage",{defaultMessage:"Action is a required field."}))}]},component:w.SuperSelectField,isDisabled:t,componentProps:{euiFieldProps:{options:p,placeholder:M,"data-test-subj":"commandTypeField"}}})},q=r.a.memo(R),P=({basePath:e,editDisabled:t})=>{const[a]=Object(s.useFormData)(),i=Object(u.get)(a,`${e}.command`);return t?r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSpacer,{size:"s"}),r.a.createElement(n.EuiCallOut,{color:"warning",iconType:"warning",title:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActionsList.endpoint.privileges",defaultMessage:"Insufficient privileges"})},r.a.createElement(n.EuiText,{size:"xs"},r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActions.endpoint.isolateTooltip",defaultMessage:"Insufficient privileges to isolate hosts. Contact your Kibana administrator if you think you should have this permission."}))),r.a.createElement(n.EuiSpacer,{size:"s"})):"isolate"===i?r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSpacer,{size:"s"}),r.a.createElement(n.EuiCallOut,{color:"warning",iconType:"warning",title:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActionsList.endpoint.cautionTitle",defaultMessage:"Proceed with caution"})},r.a.createElement(n.EuiText,{size:"xs"},r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.responseActionsList.endpoint.cautionDescription",defaultMessage:"Only select this option if you’re certain that you want to automatically block communication with other hosts on your network until you release this host."}))),r.a.createElement(n.EuiSpacer,{size:"s"})):r.a.createElement(r.a.Fragment,null)},L=r.a.memo(P),B=r.a.memo((e=>{const t=`${e.item.path}.params`;return r.a.createElement(r.a.Fragment,null,r.a.createElement(q,{basePath:t,disabled:e.editDisabled,readDefaultValueOnForm:!e.item.isNew}),r.a.createElement(L,{basePath:t,editDisabled:e.editDisabled}),r.a.createElement(I,{basePath:t,disabled:e.editDisabled,readDefaultValueOnForm:!e.item.isNew}))}));B.displayName="EndpointResponseAction";var z=a(238),$=a(141),V=a(453),G=a(36);const U=r.a.memo((({field:e})=>{const{setErrors:t,clearErrors:a,value:n,setValue:o}=e,{osquery:s}=Object(C.j)().services,l=Object(i.useMemo)((()=>null==s?void 0:s.OsqueryResponseActionTypeForm),[null==s?void 0:s.OsqueryResponseActionTypeForm]),c=Object(i.useCallback)((e=>{Object(u.isEmpty)(e)?a():t(Object(u.map)(e,(e=>({message:e.message}))))}),[t,a]);return r.a.createElement(l,{defaultValues:n,onError:c,onChange:o})}));U.displayName="ResponseActionFormField";var H=a(809),W=a(125);const Q=()=>r.a.createElement(r.a.Fragment,null),Y=r.a.memo((e=>{const{osquery:t,application:a}=Object(C.j)().services,s=Object(i.useMemo)((()=>null==t?void 0:t.OsqueryResponseActionTypeForm),[null==t?void 0:t.OsqueryResponseActionTypeForm]),l=Object($.b)(),c=Object(V.a)(G.AppFeatureKey.osqueryAutomatedResponseActions);if(t){var u,d,p,m,g,y,f,b;const{disabled:i,permissionDenied:h}=t.fetchInstallationStatus(),E=!(null!=a&&null!==(u=a.capabilities)&&void 0!==u&&null!==(d=u.osquery)&&void 0!==d&&d.writeLiveQueries||null!=a&&null!==(p=a.capabilities)&&void 0!==p&&null!==(m=p.osquery)&&void 0!==m&&m.runSavedQueries&&(null!=a&&null!==(g=a.capabilities)&&void 0!==g&&null!==(y=g.osquery)&&void 0!==y&&y.readSavedQueries||null!=a&&null!==(f=a.capabilities)&&void 0!==f&&null!==(b=f.osquery)&&void 0!==b&&b.readPacks));if(c)return r.a.createElement(c,null);if(h||E)return r.a.createElement(r.a.Fragment,null,r.a.createElement(W.e,{path:`${e.item.path}.params`,component:Q}),r.a.createElement(n.EuiEmptyPrompt,{title:r.a.createElement("h2",null,H.b),titleSize:"xs",iconType:"logoOsquery",body:r.a.createElement("p",null,r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.osquery.action.missingPrivileges",defaultMessage:"To access this page, ask your administrator for {osquery} Kibana privileges.",values:{osquery:r.a.createElement(n.EuiCode,null,"osquery")}}))}));if(i)return r.a.createElement(r.a.Fragment,null,r.a.createElement(W.e,{path:`${e.item.path}.params`,component:Q}),r.a.createElement(n.EuiEmptyPrompt,{iconType:"logoOsquery",title:r.a.createElement("h2",null,H.c),titleSize:"xs",body:r.a.createElement("p",null,H.a)}));if(l()&&s)return r.a.createElement(W.e,{path:`${e.item.path}.params`,component:U,readDefaultValueOnForm:!e.item.isNew})}return null}));Y.displayName="OsqueryResponseAction";const K=e=>{switch(e){case z.a.OSQUERY:return{logo:"logoOsquery",name:"Osquery"};case z.a.ENDPOINT:return{logo:"logoSecurity",name:"Endpoint Security"};default:return{logo:"logoOsquery",name:"Osquery"}}},Z=y()(n.EuiAccordion).withConfig({displayName:"StyledEuiAccordion",componentId:"sc-16pdpi-0"})(["background:",";.euiAccordion__buttonContent{padding:",";}"],(({theme:e})=>e.eui.euiColorLightestShade),(({theme:e})=>e.eui.euiSizeM)),J=({item:e,onDeleteAction:t})=>{var a;const[o,s]=Object(i.useState)(!0),[l]=Object(W.m)(),c=Object(u.get)(l,e.path),d=null!==(a=(e=>{var t;const a=Object(S.a)().endpointPrivileges;if(".endpoint"===(null==e?void 0:e.actionTypeId)&&null!=e&&null!==(t=e.params)&&void 0!==t&&t.command)return!Object(x.b)({commandName:Object(k.d)(e.params.command),privileges:a})})(c))&&void 0!==a&&a,p=Object(i.useMemo)((()=>(null==c?void 0:c.actionTypeId)===z.a.OSQUERY?r.a.createElement(Y,{item:e}):(null==c?void 0:c.actionTypeId)===z.a.ENDPOINT?r.a.createElement(B,{item:e,editDisabled:d}):null),[null==c?void 0:c.actionTypeId,d,e]),m=Object(i.useCallback)((()=>{t(e.id)}),[e,t]),g=Object(i.useMemo)((()=>{const{logo:e,name:t}=K(null==c?void 0:c.actionTypeId);return r.a.createElement(n.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiIcon,{type:e,size:"m"})),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiText,null,t)))}),[null==c?void 0:c.actionTypeId]),y=Object(i.useMemo)((()=>r.a.createElement(n.EuiButtonIcon,{"data-test-subj":"remove-response-action",iconType:"minusInCircle",color:"danger",className:"actAccordionActionForm__extraAction","aria-label":v.i18n.translate("xpack.securitySolution.actionTypeForm.accordion.deleteIconAriaLabel",{defaultMessage:"Delete"}),disabled:d,onClick:m})),[d,m]);return r.a.createElement(Z,{initialIsOpen:!0,key:e.id,id:e.id.toString(),onToggle:s,paddingSize:"l","data-test-subj":"alertActionAccordion",buttonContent:g,extraAction:y},p)};J.displayName="ResponseActionTypeForm";const X=r.a.memo(J);var ee=a(496),te=a.n(ee),ae=a(1370),ne=a.n(ae),ie=a(480);const re=()=>r.a.createElement(r.a.Fragment,null),oe=r.a.memo((({items:e,removeItem:t})=>{const{detailName:a}=Object(m.useParams)(),{data:o}=Object(E.f)(a),s=Object(i.useMemo)((()=>null!=o&&o.note?(e=>{const t=te()().use([[ne.a,{}],ie.a]).parse(e);return Object(u.filter)(null==t?void 0:t.children,["type","osquery"])})(o.note):[]),[null==o?void 0:o.note]),l=Object(W.l)(),[c]=Object(W.m)(),d=Object(i.useCallback)((()=>{const e=((e,t=[])=>Object(u.reduce)(e,((e,{configuration:t})=>(e.responseActions.push({actionTypeId:z.a.OSQUERY,params:{savedQueryId:void 0,packId:void 0,queries:void 0,query:t.query,ecsMapping:t.ecs_mapping}}),e)),{responseActions:t}))(s,c.responseActions);l.updateFieldValues(e)}),[l,null==c?void 0:c.responseActions,s]);return r.a.createElement("div",{"data-test-subj":"response-actions-list"},e.map(((e,a)=>r.a.createElement("div",{key:e.id,"data-test-subj":`response-actions-list-item-${a}`},r.a.createElement(n.EuiSpacer,{size:"m"}),r.a.createElement(X,{item:e,onDeleteAction:t}),r.a.createElement(W.e,{path:`${e.path}.actionTypeId`,component:re})))),r.a.createElement(n.EuiSpacer,{size:"m"}),s.length?r.a.createElement(f,{onClick:d,queriesLength:s.length}):null)}));oe.displayName="ResponseActionsList";var se=a(17);const le=v.i18n.translate("xpack.securitySolution.actionForm.platinumOnly",{defaultMessage:"This functionality is available only in Platinum and above."}),ce=({supportedResponseActionTypes:e,addActionType:t,updateActionTypeId:a})=>{const[s]=Object(W.m)(),[l,c]=Object(i.useState)(s.responseActions&&s.responseActions.length>0),u=Object(se.b)().isPlatinumPlus(),d=Object(i.useCallback)((e=>{c(!1),t(),a(e.id)}),[t,a]),p=Object(i.useMemo)((()=>r.a.createElement(n.EuiFlexGroup,{direction:"row"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiSpacer,{size:"m"}),r.a.createElement(n.EuiButton,{size:"s","data-test-subj":"addAlertActionButton",onClick:()=>c(!1)},r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.sections.actionForm.addResponseActionButtonLabel",defaultMessage:"Add response action"}))))),[]),m=Object(i.useMemo)((()=>(null==e?void 0:e.length)&&e.map((function(e,t){const a=r.a.createElement(n.EuiKeyPadMenuItem,{key:t,isDisabled:!u||e.disabled,"data-test-subj":`${e.name}-response-action-type-selection-option`,label:e.name,betaBadgeTooltipContent:"should be visible",onClick:()=>d(e)},r.a.createElement(n.EuiIcon,{size:"xl",type:e.iconClass}));return u?r.a.createElement(n.EuiFlexItem,{grow:!1,key:`keypad-${e.id}`},a):r.a.createElement(n.EuiToolTip,{position:"top",content:le},r.a.createElement(n.EuiFlexItem,{grow:!1,key:`keypad-${e.id}`},a))}))),[d,u,e]);return null!=e&&e.length?r.a.createElement(r.a.Fragment,null,l?p:r.a.createElement(n.EuiFlexGroup,{direction:"row"},m)):r.a.createElement(r.a.Fragment,null)},ue=r.a.memo((({items:e,removeItem:t,supportedResponseActionTypes:a,addItem:n})=>{const o=Object(i.useRef)(null),s=Object(i.useCallback)((e=>{o.current=e}),[]),l=Object(W.l)(),c=Object(i.useMemo)((()=>r.a.createElement(ce,{supportedResponseActionTypes:a,addActionType:n,updateActionTypeId:s})),[n,s,a]);return Object(i.useEffect)((()=>{if(o.current){const t=`responseActions[${e.length-1}].actionTypeId`;l.setFieldValue(t,o.current),o.current=null}}),[l,e.length]),r.a.createElement("div",{"data-test-subj":"response-actions-wrapper"},r.a.createElement(oe,{items:e,removeItem:t}),c)}));ue.displayName="ResponseActionsWrapper";var de=a(852);const pe=()=>r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiFlexItem,{grow:!1,"data-test-subj":"response-actions-header"},r.a.createElement(n.EuiTitle,{size:"s"},r.a.createElement("h4",null,r.a.createElement(o.FormattedMessage,{defaultMessage:"Response Actions",id:"xpack.securitySolution.actionForm.responseActionSectionsDescription"})))),r.a.createElement(n.EuiSpacer,{size:"m"}),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(o.FormattedMessage,{defaultMessage:"Response actions are run on each rule execution.",id:"xpack.securitySolution.actionForm.responseActionSectionsTitle"})),r.a.createElement(n.EuiSpacer,{size:"m"})),me=[{id:z.a.OSQUERY,name:"Osquery",iconClass:"logoOsquery"},{id:z.a.ENDPOINT,name:"Endpoint Security",iconClass:"logoSecurity"}],ge=({items:e,addItem:t,removeItem:a,form:o})=>{const s=(()=>{const[e,t]=Object(i.useState)(),a=Object(c.a)("endpointResponseActionsEnabled"),{canIsolateHost:n}=Object(S.a)().endpointPrivileges,r=Object(i.useMemo)((()=>({endpoint:a})),[a]),o=Object(i.useMemo)((()=>({endpoint:n})),[n]);return Object(i.useEffect)((()=>{const e=((e,t,a)=>e.reduce(((e,n)=>{const i=n.id===z.a.ENDPOINT;return!t.endpoint&&i?e:z.c.includes(n.id)?[...e,{...n,disabled:i?!a.endpoint:void 0}]:e}),[]))(me,r,o);t(e)}),[a,r,o]),e})(),[l,d]=Object(i.useState)(null),m=o.getFields(),g=o.getErrors(),y=Object(i.useMemo)((()=>null!=s&&s.length?r.a.createElement(ue,{items:e,removeItem:a,supportedResponseActionTypes:s,addItem:t}):null),[t,e,a,s]);return Object(i.useEffect)((()=>{d((()=>{const t=Object(u.reduce)(Object(u.map)(e,"path"),((e,t)=>{var a,n;return null!==(a=m[`${t}.params`])&&void 0!==a&&null!==(n=a.errors)&&void 0!==n&&n.length?(e.push({type:Object(u.upperFirst)(m[`${t}.actionTypeId`].value.substring(1)),errors:Object(u.map)(m[`${t}.params`].errors,"message")}),e):e}),[]);return Object(u.reduce)(t,((e,t)=>(e.push(`**${t.type}:**\n`),t.errors.forEach((t=>{e.push(`- ${t}\n`)})),e)),[]).join("\n")}))}),[m,g,e]),r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSpacer,{size:"xxl","data-test-subj":"response-actions-form"}),r.a.createElement(pe,null),null!=l&&l.length?r.a.createElement(r.a.Fragment,null,r.a.createElement("p",null,r.a.createElement(n.EuiCallOut,{"data-test-subj":"response-actions-error",title:de.b,color:"danger",iconType:"warning"},r.a.createElement(p.a,null,l))),r.a.createElement(n.EuiSpacer,null)):null,y)};var ye=a(469),fe=a(1105),be=a(46),he=a(69),Ee=a(108),ve=a(143);const xe=v.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.actions.connectorsFetchError",{defaultMessage:"Failed to fetch connectors"}),ke=v.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.actions.connectorTypesFetchError",{defaultMessage:"Failed to fetch connector types"}),Se=v.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.actions.actionsFetchErrorDescription",{defaultMessage:"Viewing actions is not available"}),we=v.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noReadActionsPrivileges",{defaultMessage:'Cannot create rule actions. You do not have "Read" permissions for the "Actions" plugin.'}),je=v.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepRuleActions.docsLinkText",{defaultMessage:"Learn more"});function Oe(){const{docLinks:{links:{securitySolution:{manageDetectionRules:e}}}}=Object(C.j)().services,t=`${e}#edit-rules-settings`;return r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.createRule.stepRuleActions.snoozeDescription",defaultMessage:"Choose when to perform actions or snooze them. Notifications are not created for snoozed actions. {docs}.",values:{docs:r.a.createElement(n.EuiLink,{href:t,target:"_blank"},je)}})}const Ie=r.a.createElement(Oe,null),Te=(v.i18n.translate("xpack.securitySolution.detectionEngine.actionsSectionLabel",{defaultMessage:"Actions"}),v.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.notificationActions",{defaultMessage:"Notification actions"})),Ce=v.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.responseActions",{defaultMessage:"Response actions"}),Me=v.i18n.translate("xpack.securitySolution.detectionEngine.actionNotifyWhen.forEachOption",{defaultMessage:"For each alert. Per rule run."}),Fe=v.i18n.translate("xpack.securitySolution.detectionEngine.actionNotifyWhen.summaryOption",{defaultMessage:"Summary of alerts. Per rule run."}),De=v.i18n.translate("xpack.securitySolution.detectionEngine.actionNotifyWhen.periodically",{defaultMessage:"Periodically"});var Ae=a(752);function _e({ruleId:e}){return r.a.createElement(n.EuiFlexGroup,{direction:"column",gutterSize:"s"},r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiText,{size:"s"},Ie)),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(Ae.a,{ruleId:e,showTooltipInline:!0})))}var Ne=a(417);const Re=({children:e})=>r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiText,{size:"xs",color:"subdued"},e)),qe=({frequency:e})=>{if(!e)return null;if(!e.summary)return r.a.createElement(Re,null,Me);if("onActiveAlert"===e.notifyWhen)return r.a.createElement(Re,null,Fe);if(!e.throttle)return null;const{unit:t,value:a}=Object(Ne.f)(e.throttle),n={s:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.ruleDetails.onceInEverySecondsLabel",defaultMessage:"Once {secondsCount, plural, one {a} other {in every}} {secondsCount, plural, one {second} other {# seconds}}",values:{secondsCount:a}}),m:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.ruleDetails.onceInEveryMinutesLabel",defaultMessage:"Once {minutesCount, plural, one {a} other {in every}} {minutesCount, plural, one {minute} other {# minutes}}",values:{minutesCount:a}}),h:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.ruleDetails.onceInEveryHoursLabel",defaultMessage:"Once {hoursCount, plural, one {an} other {in every}} {hoursCount, plural, one {hour} other {# hours}}",values:{hoursCount:a}}),d:r.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.ruleDetails.onceInEveryDaysLabel",defaultMessage:"Once {daysCount, plural, one {a} other {in every}} {daysCount, plural, one {day} other {# days}}",values:{daysCount:a}})};return r.a.createElement(Re,null,n[t]||De)};function Pe({action:e,connectorTypes:t,connectors:a,actionTypeRegistry:i}){var o,s,l,c;const u=t.find((({id:t})=>t===e.actionTypeId)),d=null!==(o=null==u?void 0:u.name)&&void 0!==o?o:"",p=a.find((({id:t})=>t===e.id)),m=null!==(s=null==p?void 0:p.name)&&void 0!==s?s:"",g=null!==(l=null===(c=i.get(e.actionTypeId))||void 0===c?void 0:c.iconClass)&&void 0!==l?l:"apps";return r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s",component:"span",responsive:!1},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiToolTip,{content:d,anchorClassName:"eui-textTruncate"},r.a.createElement(n.EuiIcon,{size:"m",type:g}))),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiText,{size:"s"},m),r.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"xs",component:"span",responsive:!1},r.a.createElement(n.EuiSpacer,{size:"xs"}),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiIcon,{size:"s",type:"bell",color:"subdued"})),r.a.createElement(qe,{frequency:e.frequency})))))}function Le({action:e}){const{name:t,logo:a}=K(e.actionTypeId);return r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s",component:"span",responsive:!1},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiToolTip,{content:t,anchorClassName:"eui-textTruncate"},r.a.createElement(n.EuiIcon,{size:"m",type:a}))),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiText,{size:"s"},t))))}const Be={enabled:!0,actions:[],responseActions:[],kibanaSiemAppUrl:""},ze=()=>r.a.createElement(r.a.Fragment,null),$e=()=>r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiTitle,{size:"s"},r.a.createElement("h4",null,r.a.createElement(o.FormattedMessage,{defaultMessage:"Actions",id:"xpack.securitySolution.detectionEngine.rule.editRule.actionSectionsTitle"}))),r.a.createElement(n.EuiSpacer,{size:"l"})),Ve=({ruleId:e,isUpdateView:t=!1,actionMessageParams:a,summaryActionMessageParams:o,ruleType:u,form:d})=>{const{services:{application:p}}=Object(C.j)(),m=Object(c.a)("responseActionsEnabled"),g=Object(i.useMemo)((()=>r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSpacer,null),r.a.createElement(W.e,{path:"actions",component:fe.a,componentProps:{messageVariables:a,summaryMessageVariables:o}}))),[a,o]),y=Object(i.useMemo)((()=>Object(l.e)(u)?r.a.createElement(s.UseArray,{path:"responseActions",initialNumberOfItems:0},ge):null),[u]),f=Object(i.useMemo)((()=>p.capabilities.actions.show?r.a.createElement(r.a.Fragment,null,r.a.createElement($e,null),e&&r.a.createElement(_e,{ruleId:e}),g,m&&y,r.a.createElement(W.e,{path:"kibanaSiemAppUrl",component:ze}),r.a.createElement(W.e,{path:"enabled",component:ze})):r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiText,null,we))),[e,p.capabilities.actions.show,g,y,m]);return r.a.createElement(r.a.Fragment,null,r.a.createElement(ye.a,{addPadding:!t},r.a.createElement(W.c,{form:d,"data-test-subj":"stepRuleActions"},r.a.createElement(n.EuiForm,null,f))))},Ge=Object(i.memo)(Ve),Ue=({addPadding:e,defaultValues:t})=>{const{services:{triggersActionsUi:a}}=Object(C.j)(),i=a.actionTypeRegistry,{data:o}=(()=>{const{addError:e}=Object(Ee.a)();return Object(be.useQuery)(["GET",he.BASE_ACTION_API_PATH,"connectors"],(({signal:e})=>Object(ve.f)(e)),{onError:t=>{e(t,{title:xe,toastMessage:Se})}})})(),{data:s}=(()=>{const{addError:e}=Object(Ee.a)();return Object(be.useQuery)(["GET",he.BASE_ACTION_API_PATH,"connector_types","siem"],(({signal:e})=>Object(ve.e)(e)),{onError:t=>{e(t,{title:ke,toastMessage:Se})}})})(),l=t.actions,c=t.responseActions||[];if(!(l.length>0||c.length>0)||!o||!s)return null;const u=l.length>0&&c.length>0;return r.a.createElement(ye.a,{addPadding:e},l.length>0&&r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiText,{size:"m"},Te),r.a.createElement(n.EuiSpacer,{size:"s"})),l.map(((e,t)=>{const a=t===l.length-1;return r.a.createElement(r.a.Fragment,null,r.a.createElement(Pe,{action:e,connectorTypes:s,connectors:o,actionTypeRegistry:i,key:e.id}),!a&&r.a.createElement(n.EuiSpacer,{size:"s"}))})),u&&r.a.createElement(n.EuiSpacer,{size:"l"}),c.length>0&&r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiText,{size:"m"},Ce),r.a.createElement(n.EuiSpacer,{size:"s"})),c.map(((e,t)=>{const a=t===c.length-1;return r.a.createElement(r.a.Fragment,null,r.a.createElement(Le,{action:e,key:`${e.actionTypeId}-${t}`}),!a&&r.a.createElement(n.EuiSpacer,{size:"s"}))})))},He=Object(i.memo)(Ue)},function(e,t,a){"use strict";a.d(t,"b",(function(){return ce})),a.d(t,"a",(function(){return de}));var n=a(104),i=a.n(n),r=a(2),o=a.n(r),s=a(70),l=a(103),c=a(12),u=a(321),d=a(287),p=a(41),m=a.n(p);const g=m.a.div.attrs((({width:e})=>{if(e)return{style:{width:`${e}px`}}})).withConfig({displayName:"Field",componentId:"sc-1xzawmf-0"})(["background-color:",";border:",";box-shadow:0 2px 2px -1px ",",0 1px 5px -2px ",";font-size:",";font-weight:",";line-height:",";padding:",";"],(({theme:e})=>e.eui.euiColorEmptyShade),(({theme:e})=>e.eui.euiBorderThin),(({theme:e})=>Object(d.rgba)(e.eui.euiColorMediumShade,.3)),(({theme:e})=>Object(d.rgba)(e.eui.euiColorMediumShade,.3)),(({theme:e})=>e.eui.euiFontSizeXS),(({theme:e})=>e.eui.euiFontWeightSemiBold),(({theme:e})=>e.eui.euiLineHeight),(({theme:e})=>e.eui.euiSizeXS));g.displayName="Field";const y=o.a.memo((({fieldId:e,fieldWidth:t})=>o.a.createElement(g,{"data-test-subj":"field",width:t},e)));y.displayName="DraggableFieldBadge";var f=a(153),b=a(170),h=a(40),E=a(1268),v=a(109),x=a(662),k=a(176),S=a(118),w=a(113),j=a(148),O=a(42),I=a(49),T=a(105),C=a(111),M=a(459);const F=o.a.memo((({columnId:e,onColumnRemoved:t})=>{const a=Object(r.useCallback)((a=>{a.preventDefault(),a.stopPropagation(),t(e)}),[e,t]);return o.a.createElement(h.EuiButtonIcon,{"aria-label":M.f,color:"text","data-test-subj":"remove-column",iconType:"cross",onClick:a})}));F.displayName="CloseButton";const D=o.a.memo((({header:e,onColumnRemoved:t,sort:a,isLoading:n})=>o.a.createElement(o.a.Fragment,null,a.some((t=>t.columnId===e.id))&&n?o.a.createElement(b.d,{className:"siemEventsHeading__extra--loading"},o.a.createElement(b.h,{"data-test-subj":"timeline-loading-spinner"})):o.a.createElement(b.d,{className:"siemEventsHeading__extra--close"},o.a.createElement(F,{columnId:e.id,onColumnRemoved:t})))));D.displayName="Actions";const A=m()(h.EuiFieldText).withConfig({displayName:"FieldText",componentId:"sc-14rl5n4-0"})(["min-width:",";"],(e=>e.minwidth));A.displayName="FieldText";const _=o.a.memo((({columnId:e,minWidth:t,filter:a="",onFilterChange:n=O.noop,placeholder:i="Filter"})=>o.a.createElement(A,{"data-test-subj":"textFilter",minwidth:`${t}px`,placeholder:i,value:a,onChange:t=>{n({columnId:e,filter:t.target.value})}})));_.displayName="TextFilter";const N=o.a.memo((({header:e,onFilterChange:t=O.noop})=>{var a;return"text-filter"===e.columnHeaderType?o.a.createElement(_,{columnId:e.id,minWidth:null!==(a=e.initialWidth)&&void 0!==a?a:k.a,onFilterChange:t,placeholder:e.placeholder}):null}));N.displayName="Filter";const R=({header:e,sort:t})=>t.reduce(((t,a)=>e.id===a.columnId?a.sortDirection:t),"none"),q=({header:e,sort:t})=>t.findIndex((t=>t.columnId===e.id));var P=a(339),L=a(389);const B=o.a.memo((({sortNumber:e})=>e>=0?o.a.createElement(h.EuiNotificationBadge,{color:"subdued","data-test-subj":"sortNumber"},e+1):o.a.createElement(h.EuiIcon,{"data-test-subj":"sortEmptyNumber",type:"empty"})));var z;B.displayName="SortNumber",function(e){e.SORT_UP="sortUp",e.SORT_DOWN="sortDown"}(z||(z={}));const $=o.a.memo((({sortDirection:e,sortNumber:t})=>{const a=(e=>{switch(e){case w.b.asc:return z.SORT_UP;case w.b.desc:return z.SORT_DOWN;case"none":return;default:throw new Error("Unhandled sort direction")}})(e);return null!=a?o.a.createElement(h.EuiToolTip,{content:a===z.SORT_UP?L.e:L.f,"data-test-subj":"sort-indicator-tooltip"},o.a.createElement(o.a.Fragment,null,o.a.createElement(h.EuiIcon,{"data-test-subj":"sortIndicator",type:a}),o.a.createElement(B,{sortNumber:t}))):o.a.createElement(h.EuiIcon,{"data-test-subj":"sortIndicator",type:"empty"})}));$.displayName="SortIndicator";var V=a(217);const G=m()(h.EuiIcon).withConfig({displayName:"IconType",componentId:"sc-1mjgpab-0"})(["margin-right:3px;position:relative;top:-2px;"]);G.displayName="IconType";const U=m.a.span.withConfig({displayName:"P",componentId:"sc-1mjgpab-1"})(["margin-bottom:5px;"]);U.displayName="P";const H=m.a.span.withConfig({displayName:"ToolTipTableMetadata",componentId:"sc-1mjgpab-2"})(["margin-right:5px;display:block;font-weight:bold;"]);H.displayName="ToolTipTableMetadata";const W=m.a.span.withConfig({displayName:"ToolTipTableValue",componentId:"sc-1mjgpab-3"})(["word-wrap:break-word;"]);W.displayName="ToolTipTableValue";const Q=o.a.memo((({header:e})=>{var t;return o.a.createElement(o.a.Fragment,null,!Object(O.isEmpty)(e.category)&&o.a.createElement(U,null,o.a.createElement(H,{"data-test-subj":"category"},M.a,":"),o.a.createElement(W,{"data-test-subj":"category-value"},e.category)),o.a.createElement(U,null,o.a.createElement(H,{"data-test-subj":"field"},M.c,":"),o.a.createElement(W,{"data-test-subj":"field-value"},e.id)),o.a.createElement(U,null,o.a.createElement(H,{"data-test-subj":"type"},M.i,":"),o.a.createElement(W,null,o.a.createElement(G,{"data-test-subj":"type-icon",type:Object(V.d)(e.type)}),null===(t=e.esTypes)||void 0===t?void 0:t.map((e=>o.a.createElement(h.EuiBadge,{"data-test-subj":`type-value-${e}`,key:e},e))))),!Object(O.isEmpty)(e.description)&&o.a.createElement(U,null,o.a.createElement(H,{"data-test-subj":"description"},M.b,":"),o.a.createElement(W,{"data-test-subj":"description-value"},e.description)))}));Q.displayName="HeaderToolTipContent";const Y=({children:e,header:t,isLoading:a,isResizing:n,onClick:i,showSortingCapability:r,sort:s})=>{var l,c;return o.a.createElement(b.c,{"data-test-subj":`header-${t.id}`,isLoading:a},t.aggregatable&&r?o.a.createElement(b.f,{"data-test-subj":"header-sort-button",onClick:n||a?O.noop:i},o.a.createElement(P.b,{"data-test-subj":`header-text-${t.id}`},o.a.createElement(h.EuiToolTip,{"data-test-subj":"header-tooltip",content:o.a.createElement(Q,{header:t})},o.a.createElement(o.a.Fragment,null,o.a.isValidElement(t.display)?t.display:null!==(l=t.displayAsText)&&void 0!==l?l:t.id))),o.a.createElement($,{"data-test-subj":"header-sort-indicator",sortDirection:R({header:t,sort:s}),sortNumber:q({header:t,sort:s})})):o.a.createElement(b.g,null,o.a.createElement(P.b,{"data-test-subj":`header-text-${t.id}`},o.a.createElement(h.EuiToolTip,{"data-test-subj":"header-tooltip",content:o.a.createElement(Q,{header:t})},o.a.createElement(o.a.Fragment,null,o.a.isValidElement(t.display)?t.display:null!==(c=t.displayAsText)&&void 0!==c?c:t.id)))),e)},K=o.a.memo(Y);var Z=a(139),J=a(376);const X=({header:e,onFilterChange:t=O.noop,sort:a,timelineId:n})=>{const i=Object(l.useDispatch)(),s=Object(r.useMemo)((()=>Object(Z.createSelector)(J.selectTimeline,(e=>(null==e?void 0:e.activeTab)===S.d.eql))),[]),c=Object(T.b)((e=>s(e,n))),u=Object(r.useCallback)((()=>{var t,r;const o=e.id,s=null!==(t=e.type)&&void 0!==t?t:"",l=null!==(r=e.esTypes)&&void 0!==r?r:[],c=(({clickedHeader:e,currentSort:t})=>t.reduce(((t,a)=>e.id===a.columnId?(e=>{switch(e.sortDirection){case w.b.desc:return w.b.asc;case w.b.asc:default:return w.b.desc}})(a):t),w.b.desc))({clickedHeader:e,currentSort:a}),u=a.findIndex((e=>e.columnId===o));let d=[];d=-1===u?[...a,{columnId:o,columnType:s,esTypes:l,sortDirection:c}]:[...a.slice(0,u),{columnId:o,columnType:s,esTypes:l,sortDirection:c},...a.slice(u+1)],i(C.a.updateSort({id:n,sort:d}))}),[i,e,a,n]),d=Object(r.useCallback)((e=>i(C.a.removeColumn({id:n,columnId:e}))),[i,n]),p=Object(r.useMemo)((()=>C.b.getTimelineByIdSelector()),[]),{isLoading:m}=Object(T.a)((e=>p(e,n)||{isLoading:!1})),g=!c&&!Object(I.isDataViewFieldSubtypeNested)(e);return o.a.createElement(o.a.Fragment,null,o.a.createElement(K,{header:e,isLoading:m,isResizing:!1,onClick:u,showSortingCapability:g,sort:a},o.a.createElement(D,{header:e,isLoading:m,onColumnRemoved:d,sort:a})),o.a.createElement(N,{header:e,onFilterChange:t}))},ee=o.a.memo(X),te=m()(h.EuiContextMenu).withConfig({displayName:"ContextMenu",componentId:"sc-wn02ez-0"})(["width:115px;& .euiContextMenuItem{font-size:12px;padding:4px 8px;width:115px;}"]),ae=m.a.div.withConfig({displayName:"PopoverContainer",componentId:"sc-wn02ez-1"})(["& .euiPopover__anchor{padding-right:8px;width:","px;}"],(({$width:e})=>e)),ne={right:!0},ie=({draggableIndex:e,header:t,timelineId:a,isDragging:n,onFilterChange:c,sort:u,tabType:d})=>{const p=Object(r.useRef)(null),[m,g]=Object(r.useState)(!1),y=Object(r.useCallback)((()=>{var e;return null===(e=p.current)||void 0===e?void 0:e.focus()}),[]),O=Object(l.useDispatch)(),I=Object(r.useMemo)((()=>{var e;return{width:null!==(e=t.initialWidth)&&void 0!==e?e:k.a,height:"auto"}}),[t.initialWidth]),T=Object(r.useMemo)((()=>({position:n?"absolute":"relative"})),[n]),F=Object(r.useMemo)((()=>({right:o.a.createElement(b.e,null)})),[]),D=Object(r.useCallback)(((e,n,i,r)=>{O(C.a.applyDeltaToColumnWidth({columnId:t.id,delta:r.width,id:a}))}),[O,t.id,a]),A=Object(r.useMemo)((()=>Object(f.k)({contextId:`timeline-column-headers-${d}-${a}`,fieldId:t.id})),[d,a,t.id]),_=Object(r.useCallback)((e=>{var n,i;const r=t.id,o=null!==(n=t.type)&&void 0!==n?n:"",s=null!==(i=t.esTypes)&&void 0!==i?i:[],l=u.findIndex((e=>e.columnId===r)),c=-1===l?[...u,{columnId:r,columnType:o,esTypes:s,sortDirection:e}]:[...u.slice(0,l),{columnId:r,columnType:o,esTypes:s,sortDirection:e},...u.slice(l+1)];O(C.a.updateSort({id:a,sort:c}))}),[O,t,u,a]),N=Object(r.useCallback)((()=>{g(!1),y()}),[y]),R=Object(r.useMemo)((()=>[{id:0,items:[{icon:o.a.createElement(h.EuiIcon,{type:"eyeClosed",size:"s"}),name:M.e,onClick:()=>{O(C.a.removeColumn({id:a,columnId:t.id})),N()}},...d!==S.d.eql?[{disabled:!t.aggregatable,icon:o.a.createElement(h.EuiIcon,{type:"sortUp",size:"s"}),name:M.g,onClick:()=>{_(w.b.asc),N()}},{disabled:!t.aggregatable,icon:o.a.createElement(h.EuiIcon,{type:"sortDown",size:"s"}),name:M.h,onClick:()=>{_(w.b.desc),N()}}]:[]]}]),[O,N,t.aggregatable,t.id,_,d,a]),q=Object(r.useMemo)((()=>o.a.createElement(ee,{timelineId:a,header:t,onFilterChange:c,sort:u})),[t,c,u,a]),P=Object(r.useCallback)((e=>{var a;return o.a.createElement(b.o,i()({"data-test-subj":"draggable-header"},e.draggableProps,e.dragHandleProps,{ref:e.innerRef}),o.a.createElement(b.p,null,o.a.createElement(ae,{$width:null!==(a=t.initialWidth)&&void 0!==a?a:k.a},o.a.createElement(h.EuiPopover,{anchorPosition:"downLeft",button:q,closePopover:N,isOpen:m,ownFocus:!0,panelPaddingSize:"none"},o.a.createElement(te,{initialPanelId:0,panels:R})))))}),[N,q,t.initialWidth,m,R]),L=Object(r.useCallback)((()=>{var e;null===(e=p.current)||void 0===e||e.focus()}),[]),B=Object(r.useCallback)((()=>{g(!0)}),[]),{onBlur:z,onKeyDown:$}=Object(x.a)({closePopover:N,draggableId:A,fieldName:t.id,keyboardHandlerRef:p,openPopover:B}),V=Object(r.useCallback)((e=>{m||$(e)}),[m,$]);return o.a.createElement(E.Resizable,{enable:ne,size:I,style:T,handleComponent:F,onResizeStop:D},o.a.createElement("div",{"aria-colindex":null!=e?e+j.c:void 0,className:v.a,"data-test-subj":"draggableWrapperKeyboardHandler",onClick:L,onBlur:z,onKeyDown:V,ref:p,role:"columnheader",tabIndex:0},o.a.createElement(s.Draggable,{"data-test-subj":"draggable",disableInteractiveElementBlocking:!0,draggableId:A,index:e,key:t.id},P)))},re=o.a.memo(ie);var oe=a(110),se=a(1060);const le=o.a.memo((({children:e,onMount:t,onUnmount:a})=>(Object(r.useEffect)((()=>(t(),()=>a())),[t,a]),o.a.createElement(o.a.Fragment,null,e))));le.displayName="DraggableContainer";const ce=({globalFullScreen:e,isActiveTimelines:t,timelineFullScreen:a})=>t&&a||!1===t&&e,ue=({actionsColumnWidth:e,browserFields:t,columnHeaders:a,isEventViewer:n=!1,isSelectAllChecked:d,onSelectAll:p,show:m,showEventsSelect:g,showSelectAllCheckbox:h,sort:E,tabType:v,timelineId:x,leadingControlColumns:k,trailingControlColumns:S})=>{const w=Object(l.useDispatch)(),[j,O]=Object(r.useState)(null),I=Object(r.useRef)(null);Object(r.useEffect)((()=>()=>{I.current&&I.current.closeEditor()}),[]),Object(r.useEffect)((()=>{!m&&I.current&&I.current.closeEditor()}),[m]);const T=Object(r.useCallback)(((e,t,n)=>{const r=n.source.index,s=a[r];return o.a.createElement(b.o,i()({"data-test-subj":"draggable-header"},e.draggableProps,e.dragHandleProps,{ref:e.innerRef}),o.a.createElement(le,{onMount:()=>O(r),onUnmount:()=>O(null)},o.a.createElement(u.a,null,o.a.createElement(y,{fieldId:s.id,fieldWidth:s.initialWidth}))))}),[a,O]),C=Object(r.useMemo)((()=>a.map(((e,t)=>o.a.createElement(re,{key:e.id,draggableIndex:t,timelineId:x,header:e,isDragging:j===t,sort:E,tabType:v})))),[a,x,j,E,v]),M=Object(r.useCallback)(((e,t)=>o.a.createElement(o.a.Fragment,null,o.a.createElement(b.r,i()({"data-test-subj":"headers-group",ref:e.innerRef,isDragging:t.isDraggingOver},e.droppableProps),C))),[C]),F=Object(r.useMemo)((()=>k?k.map((e=>e.headerCellRender)):[]),[k]),D=Object(r.useMemo)((()=>S?S.map((e=>e.headerCellRender)):[]),[S]),A=Object(se.a)({sourcererScope:oe.SourcererScopeName.timeline,editorActionsRef:I,upsertColumn:(e,t)=>w(Object(c.upsertColumn)({column:e,id:x,index:t})),removeColumn:e=>w(Object(c.removeColumn)({columnId:e,id:x}))}),_=Object(r.useMemo)((()=>F.map(((i,r)=>{const s=k[r]&&k[r].width||e;return o.a.createElement(b.q,{actionsColumnWidth:s,"data-test-subj":"actions-container",isEventViewer:n,key:r},i&&o.a.createElement(i,{width:s,browserFields:t,columnHeaders:a,isEventViewer:n,isSelectAllChecked:d,onSelectAll:p,showEventsSelect:g,showSelectAllCheckbox:h,sort:E,tabType:v,timelineId:x,fieldBrowserOptions:A}))}))),[F,k,e,t,a,A,n,d,p,g,h,E,v,x]),N=Object(r.useMemo)((()=>D.map(((i,r)=>{const s=S[r]&&S[r].width||e;return o.a.createElement(b.q,{actionsColumnWidth:s,"data-test-subj":"actions-container",isEventViewer:n,key:r},i&&o.a.createElement(i,{width:s,browserFields:t,columnHeaders:a,isEventViewer:n,isSelectAllChecked:d,onSelectAll:p,showEventsSelect:g,showSelectAllCheckbox:h,sort:E,tabType:v,timelineId:x,fieldBrowserOptions:A}))}))),[D,S,e,t,a,A,n,d,p,g,h,E,v,x]);return o.a.createElement(b.s,{"data-test-subj":"column-headers"},o.a.createElement(b.v,null,_,o.a.createElement(s.Droppable,{direction:"horizontal",droppableId:`${f.g}-${v}.${x}`,isDropDisabled:!1,type:f.a,renderClone:T},M),N))},de=o.a.memo(ue)},,,function(e,t,a){"use strict";a.d(t,"c",(function(){return h})),a.d(t,"d",(function(){return E})),a.d(t,"a",(function(){return v})),a.d(t,"b",(function(){return x})),a.d(t,"e",(function(){return I}));var n=a(40),i=a(55),r=a.n(i),o=a(2),s=a.n(o),l=a(41),c=a.n(l);const u=c.a.span.withConfig({displayName:"ArrowBody",componentId:"sc-11kjqat-0"})(["background-color:",";height:",";width:25px;"],(e=>e.theme.eui.euiColorLightShade),(({height:e})=>`${e}px`));u.displayName="ArrowBody";const d=s.a.memo((({direction:e})=>s.a.createElement(n.EuiIcon,{color:"subdued","data-test-subj":"arrow-icon",size:"s",type:e})));d.displayName="ArrowHead";var p=a(1275);const m=Object(p.scaleLinear)().domain([0,100]).range([1,4]).clamp(!0),g=e=>Array.isArray(e)&&1===e.length;var y=a(121),f=a(727),b=a(815);const h="source.bytes",E="source.packets",v="destination.bytes",x="destination.packets",k=c.a.span.withConfig({displayName:"Percent",componentId:"sc-19xyyc3-0"})(["margin-right:5px;"]);k.displayName="Percent";const S=c()(n.EuiFlexGroup).withConfig({displayName:"SourceDestinationArrowsContainer",componentId:"sc-19xyyc3-1"})(["margin:0 2px;.euiToolTipAnchor{white-space:nowrap;}"]);S.displayName="SourceDestinationArrowsContainer";const w=c()(n.EuiText).withConfig({displayName:"Data",componentId:"sc-19xyyc3-2"})(["margin:0 5px;"]);w.displayName="Data";const j=s.a.memo((({contextId:e,eventId:t,isDraggable:a,sourceBytes:i,sourceBytesPercent:o,sourcePackets:l})=>{const c=null!=o?m(o):1;return s.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"none",justifyContent:"center"},s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(u,{height:null!=c?c:0})),null==i||isNaN(Number(i))?null:s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(y.b,{field:h,id:`source-arrow-default-draggable-${e}-${t}-${h}-${i}`,isDraggable:a,value:i},s.a.createElement(w,{size:"xs"},null!=o?s.a.createElement(k,null,`(${r()(o).format("0.00")}%)`):null,s.a.createElement("span",null,s.a.createElement(f.a,{value:i}))))),s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(u,{height:null!=c?c:0})),null==l||isNaN(Number(l))?null:s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(y.b,{field:E,id:`source-arrow-default-draggable-${e}-${t}-${E}-${l}`,isDraggable:a,value:l},s.a.createElement(w,{size:"xs"},s.a.createElement("span",null,`${l} ${b.a}`)))),s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(u,{height:null!=c?c:0})),s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(d,{direction:"arrowRight"})))}));j.displayName="SourceArrow";const O=s.a.memo((({contextId:e,destinationBytes:t,destinationBytesPercent:a,destinationPackets:i,eventId:o,isDraggable:l})=>{const c=null!=a?m(a):1;return s.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"none",justifyContent:"center"},s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(d,{direction:"arrowLeft"})),s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(u,{height:null!=c?c:0})),null==t||isNaN(Number(t))?null:s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(y.b,{field:v,id:`destination-arrow-default-draggable-${e}-${o}-${v}-${t}`,isDraggable:l,value:t},s.a.createElement(w,{size:"xs"},null!=a?s.a.createElement(k,null,`(${r()(a).format("0.00")}%)`):null,s.a.createElement("span",null,s.a.createElement(f.a,{value:t}))))),s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(u,{height:null!=c?c:0})),null==i||isNaN(Number(i))?null:s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(y.b,{field:x,id:`destination-arrow-default-draggable-${e}-${o}-${x}-${i}`,isDraggable:l,value:i},s.a.createElement(w,{size:"xs"},s.a.createElement("span",null,`${r()(i).format("0,0")} ${b.a}`)))),s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(u,{height:null!=c?c:0})))}));O.displayName="DestinationArrow";const I=s.a.memo((({contextId:e,destinationBytes:t,destinationPackets:a,eventId:i,isDraggable:r,sourceBytes:o,sourcePackets:l})=>{const c=null!=o&&g(o)?o[0]:void 0,u=null!=l&&g(l)?l[0]:void 0,d=null!=t&&g(t)?t[0]:void 0,p=null!=a&&g(a)?a[0]:void 0,m=null!=c&&null!=d?(({numerator:e,denominator:t})=>{if(!(Math.abs(t)<Number.EPSILON)&&Number.isFinite(e)&&Number.isFinite(t))return e/t*100})({numerator:Number(c),denominator:Number(c)+Number(d)}):void 0,y=null!=m?100-m:void 0;return s.a.createElement(S,{alignItems:"center",justifyContent:"center",direction:"column",gutterSize:"none"},null!=c?s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(j,{contextId:e,eventId:i,isDraggable:r,sourceBytes:c,sourcePackets:u,sourceBytesPercent:m})):null,null!=d?s.a.createElement(n.EuiFlexItem,{grow:!1},s.a.createElement(O,{contextId:e,destinationBytes:d,destinationPackets:p,destinationBytesPercent:y,eventId:i,isDraggable:r})):null)}));I.displayName="SourceDestinationArrows"},function(e,t,a){"use strict";a.d(t,"b",(function(){return o})),a.d(t,"a",(function(){return l}));var n=a(2),i=a(303);const r=(e,t)=>{switch(t.type){case"FETCH_INIT":return{...e,parameters:t.payload,isLoading:!0};case"FETCH_SUCCESS":return{...e,data:t.payload,isLoading:!1,error:void 0};case"FETCH_FAILURE":return{...e,error:t.payload,isLoading:!1};case"FETCH_REPEAT":return{...e,isLoading:!0};default:return e}},o=(e,t,{disabled:a=!1,initialParameters:o}={})=>{const{startTracking:s}=Object(i.a)(),[{parameters:l,data:c,isLoading:u,error:d},p]=Object(n.useReducer)(r,{data:void 0,isLoading:!a&&void 0!==o,error:void 0,parameters:o}),m=Object(n.useCallback)((e=>p({type:"FETCH_INIT",payload:e})),[]),g=Object(n.useCallback)((()=>p({type:"FETCH_REPEAT"})),[]);return Object(n.useEffect)((()=>{if(!1===u||void 0===l||a)return;let n=!1;const i=new AbortController;return(async()=>{const{endTracking:a}=s({name:e});try{const e=await t(l,i.signal);a("success"),n||p({type:"FETCH_SUCCESS",payload:e})}catch(e){a(i.signal.aborted?"aborted":"error"),n||p({type:"FETCH_FAILURE",payload:e})}})(),()=>{n=!0,i.abort()}}),[u,l,a,t,s,e]),{fetch:m,refetch:g,data:c,isLoading:u,error:d}};var s=a(4);const l={SECURITY_DASHBOARDS:`${s.l} fetch security dashboards`,SECURITY_TAGS:`${s.l} fetch security tags`,SECURITY_CREATE_TAG:`${s.l} fetch security create tag`,CTI_TAGS:`${s.l} fetch cti tags`,ANOMALIES_TABLE:`${s.l} fetch anomalies table data`,GET_RISK_SCORE_DEPRECATED:`${s.l} fetch is risk score deprecated`,ENABLE_RISK_SCORE:`${s.l} fetch enable risk score`,REFRESH_RISK_SCORE:`${s.l} fetch refresh risk score`,UPGRADE_RISK_SCORE:`${s.l} fetch upgrade risk score`}},,,,,,,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(108),i=a(353),r=a(304);const o=(e,t=!0)=>{const{addError:a}=Object(n.a)();return Object(i.a)(e,t?{onError:e=>{a(e,{title:r.b})}}:void 0)}},,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(2),i=a(103),r=a(1075),o=a(115),s=a(285);const l=({alertStatus:e,closePopover:t,eventId:a,scopeId:l,refetch:c})=>{const u=Object(i.useDispatch)(),{hasIndexWrite:d}=Object(s.a)(),p=Object(n.useCallback)((()=>{t(),c&&c()}),[t,c]),m=Object(o.getScopedActions)(l),g=Object(n.useCallback)((({eventIds:e,isLoading:t})=>{m&&u(m.setEventsLoading({id:l,eventIds:e,isLoading:t}))}),[u,l,m]),y=Object(n.useCallback)((({eventIds:e,isDeleted:t})=>{m&&u(m.setEventsDeleted({id:l,eventIds:e,isDeleted:t}))}),[u,l,m]),f=Object(r.a)({eventIds:[a],currentStatus:e,setEventsLoading:g,setEventsDeleted:y,onUpdateSuccess:p,onUpdateFailure:p});return{actionItems:d?f:[]}}},,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return i})),a.d(t,"e",(function(){return r})),a.d(t,"h",(function(){return o})),a.d(t,"b",(function(){return s})),a.d(t,"c",(function(){return l})),a.d(t,"d",(function(){return c})),a.d(t,"g",(function(){return u})),a.d(t,"f",(function(){return d}));var n=a(129);n.o,n.o,n.o;const i=`${n.o}.group.id`,r=(n.o,`${n.o}.original_time`),o=`${n.o}.threshold_result`,s=`${n.o}.new_terms`,l=`${n.G}.new_terms_fields`,c=`${n.o}.original_event`,u=(n.E,n.E,n.E,n.E,n.E,n.E,n.E,n.E,n.E,n.E,`${n.E}.timeline_id`),d=(n.E,n.E,`${n.E}.indices`)},function(e,t,a){"use strict";a.d(t,"i",(function(){return i})),a.d(t,"g",(function(){return r})),a.d(t,"h",(function(){return o})),a.d(t,"l",(function(){return s})),a.d(t,"e",(function(){return l})),a.d(t,"m",(function(){return c})),a.d(t,"n",(function(){return u})),a.d(t,"a",(function(){return d})),a.d(t,"d",(function(){return p})),a.d(t,"b",(function(){return m})),a.d(t,"k",(function(){return g})),a.d(t,"c",(function(){return y})),a.d(t,"j",(function(){return f})),a.d(t,"f",(function(){return b}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.timeline.body.openSessionViewLabel",{defaultMessage:"Open Session View"}),r=n.i18n.translate("xpack.securitySolution.timeline.body.notes.disableEventTooltip",{defaultMessage:"Notes may not be added here while editing a template timeline"}),o=n.i18n.translate("xpack.securitySolution.timeline.body.notes.addNoteTooltip",{defaultMessage:"Add note"}),s=n.i18n.translate("xpack.securitySolution.timeline.sortFieldsButton",{defaultMessage:"Sort fields"}),l=n.i18n.translate("xpack.securitySolution.timeline.fullScreenButton",{defaultMessage:"Full screen"}),c=n.i18n.translate("xpack.securitySolution.hoverActions.viewDetailsAriaLabel",{defaultMessage:"View details"}),u=({ariaRowindex:e,columnValues:t})=>n.i18n.translate("xpack.securitySolution.hoverActions.viewDetailsForRowAriaLabel",{values:{ariaRowindex:e,columnValues:t},defaultMessage:"View details for the alert or event in row {ariaRowindex}, with columns {columnValues}"}),d=n.i18n.translate("xpack.securitySolution.hoverActions.investigateInResolverTooltip",{defaultMessage:"Analyze event"}),p=({ariaRowindex:e,columnValues:t,checked:a})=>n.i18n.translate("xpack.securitySolution.hoverActions.checkboxForRowAriaLabel",{values:{ariaRowindex:e,checked:a,columnValues:t},defaultMessage:"{checked, select, false {unchecked} true {checked}} checkbox for the alert or event in row {ariaRowindex}, with columns {columnValues}"}),m=({ariaRowindex:e,columnValues:t})=>n.i18n.translate("xpack.securitySolution.hoverActions.investigateInResolverForRowAriaLabel",{values:{ariaRowindex:e,columnValues:t},defaultMessage:"Analyze the alert or event in row {ariaRowindex}, with columns {columnValues}"}),g=({ariaRowindex:e,columnValues:t})=>n.i18n.translate("xpack.securitySolution.hoverActions.sendAlertToTimelineForRowAriaLabel",{values:{ariaRowindex:e,columnValues:t},defaultMessage:"Send the alert in row {ariaRowindex} to timeline, with columns {columnValues}"}),y=({ariaRowindex:e,columnValues:t})=>n.i18n.translate("xpack.securitySolution.hoverActions.addNotesForRowAriaLabel",{values:{ariaRowindex:e,columnValues:t},defaultMessage:"Add notes for the event in row {ariaRowindex} to timeline, with columns {columnValues}"}),f=({ariaRowindex:e,columnValues:t,isEventPinned:a})=>n.i18n.translate("xpack.securitySolution.hoverActions.pinEventForRowAriaLabel",{values:{ariaRowindex:e,columnValues:t,isEventPinned:a},defaultMessage:"{isEventPinned, select, false {Pin} true {Unpin}} the event in row {ariaRowindex} to timeline, with columns {columnValues}"}),b=({ariaRowindex:e,columnValues:t})=>n.i18n.translate("xpack.securitySolution.hoverActions.moreActionsForRowAriaLabel",{values:{ariaRowindex:e,columnValues:t},defaultMessage:"Select more actions for the alert or event in row {ariaRowindex}, with columns {columnValues}"})},function(e,t,a){"use strict";a.d(t,"e",(function(){return i})),a.d(t,"f",(function(){return r})),a.d(t,"b",(function(){return o})),a.d(t,"c",(function(){return s})),a.d(t,"a",(function(){return l})),a.d(t,"d",(function(){return c}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.viewListDetailActionLabel",{defaultMessage:"View list detail"}),r=n.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.viewRuleDetailActionLabel",{defaultMessage:"View rule detail"}),o=n.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToRulesTableSelection.link_column",{defaultMessage:"Link"}),s=n.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToRulesTableSelection.name_column",{defaultMessage:"Name"}),l=n.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToRulesTableSelection.action_column",{defaultMessage:"Action"}),c=n.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToRulesTableSelection.tags_column",{defaultMessage:"Tags"})},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(141),i=a(4);const r=Object(n.d)((async({name:e,description:t,http:a,signal:n})=>await a.post(i.uc,{body:JSON.stringify({name:e,description:t}),headers:{"Content-Type":"application/json"},method:"POST",signal:n}))),o=()=>Object(n.a)(r)},function(e,t,a){"use strict";a.d(t,"d",(function(){return i})),a.d(t,"c",(function(){return r})),a.d(t,"b",(function(){return o})),a.d(t,"a",(function(){return s})),a.d(t,"e",(function(){return l}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.exceptions.list.exception.item.card.edit.label",{defaultMessage:"Edit rule exception"}),r=n.i18n.translate("xpack.securitySolution.exceptions.list.exception.endpoint.item.card.edit.label",{defaultMessage:"Edit endpoint exception"}),o=n.i18n.translate("xpack.securitySolution.exceptions.list.exception.item.card.delete.label",{defaultMessage:"Delete rule exception"}),s=n.i18n.translate("xpack.securitySolution.exceptions.list.exception.endpoint.item.card.delete.label",{defaultMessage:"Delete endpoint exception"}),l=n.i18n.translate("xpack.securitySolution.exceptions.list.utility.title",{defaultMessage:"rule exceptions"})},function(e,t,a){"use strict";a.d(t,"b",(function(){return S})),a.d(t,"a",(function(){return w}));var n=a(220),i=a(42),r=a(40),o=a(2),s=a.n(o),l=a(41),c=a.n(l),u=a(309),d=a(124),p=a(169),m=a(123),g=a(596),y=a(821),f=a(155),b=a(132),h=a(4),E=a(952);const v=c()(r.EuiFlexGroup).withConfig({displayName:"StyledEuiFlexGroup",componentId:"sc-4qbs0b-0"})(["flex:0 1 auto;",""],(({theme:e})=>`margin-top: ${e.eui.euiSizeS};`)),x=c()(r.EuiFlexGroup).withConfig({displayName:"StyledFlexGroup",componentId:"sc-4qbs0b-1"})(["height:100%;"]),k=c()(r.EuiFlexItem).withConfig({displayName:"StyledEuiFlexItem",componentId:"sc-4qbs0b-2"})(["&.euiFlexItem{flex:1 0 0;overflow:hidden;}"]),S=s.a.memo((({eventId:e,eventIndex:t,isAlert:a,loading:o,handleOnEventClosed:l,promptContextId:c,ruleName:g,timestamp:x})=>{const{hasAssistantPrivilege:k}=Object(u.a)(),S=Object(d.a)("alertDetailsPageEnabled"),{onClick:w}=Object(m.o)()({deepLinkId:h.wc.alerts,path:e&&a?Object(p.a)(e):""}),j=Object(E.a)({_id:e,_index:t,timestamp:x});return s.a.createElement(v,{gutterSize:"none",justifyContent:"spaceBetween",wrap:!0},s.a.createElement(r.EuiFlexItem,{grow:!1},!o&&s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiTitle,{size:"s"},s.a.createElement("h4",null,a&&!Object(i.isEmpty)(g)?g:y.c)),x&&s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiSpacer,{size:"s"}),s.a.createElement(b.c,{value:new Date(x)})),a&&e&&S&&s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiSpacer,{size:"l"}),s.a.createElement(m.k,{"data-test-subj":"open-alert-details-page",deepLinkId:h.wc.alerts,onClick:w},y.e),s.a.createElement(r.EuiSpacer,{size:"m"})))),s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(r.EuiFlexGroup,{direction:"column",alignItems:"flexEnd"},l&&s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(r.EuiButtonIcon,{iconType:"cross","aria-label":y.b,onClick:l})),s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(r.EuiFlexGroup,{alignItems:"center",direction:"row",gutterSize:"none"},k&&null!=c&&s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(n.g,{conversationId:a?f.e:f.i,promptContextId:c})),a&&j&&s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(r.EuiCopy,{textToCopy:j},(e=>s.a.createElement(r.EuiButtonEmpty,{onClick:e,iconType:"share","data-test-subj":"copy-alert-flyout-link"},y.f)))))))))}));S.displayName="ExpandableEventTitle";const w=s.a.memo((({browserFields:e,event:t,scopeId:a,timelineTabType:n,isAlert:i,isDraggable:o,loading:l,detailsData:c,detailsEcsData:u,rawEventData:d,handleOnEventClosed:p,isReadOnly:m})=>t.eventId?l?s.a.createElement(r.EuiSkeletonText,{lines:10}):s.a.createElement(x,{direction:"column",gutterSize:"none"},s.a.createElement(k,{grow:!0},s.a.createElement(g.a,{browserFields:e,data:null!=c?c:[],detailsEcsData:u,id:t.eventId,isAlert:i,isDraggable:o,rawEventData:d,scopeId:a,timelineTabType:n,handleOnEventClosed:p,isReadOnly:m}))):s.a.createElement(r.EuiTextColor,{color:"subdued"},y.d)));w.displayName="ExpandableEvent"},function(e,t,a){"use strict";a.d(t,"a",(function(){return n}));const n="_id"},function(e,t,a){"use strict";a.d(t,"h",(function(){return d})),a.d(t,"j",(function(){return p})),a.d(t,"i",(function(){return m})),a.d(t,"k",(function(){return g})),a.d(t,"g",(function(){return y})),a.d(t,"b",(function(){return f})),a.d(t,"d",(function(){return b})),a.d(t,"c",(function(){return h})),a.d(t,"e",(function(){return E})),a.d(t,"a",(function(){return v})),a.d(t,"f",(function(){return w}));var n=a(40),i=a(42),r=a(2),o=a.n(r),s=a(41),l=a.n(s),c=a(121),u=a(1044);const d="source.geo.continent_name",p="source.geo.country_name",m="source.geo.country_iso_code",g="source.geo.region_name",y="source.geo.city_name",f="destination.geo.continent_name",b="destination.geo.country_name",h="destination.geo.country_iso_code",E="destination.geo.region_name",v="destination.geo.city_name",x=[{prop:"GeoContinentName",fieldName:"geo.continent_name"},{prop:"GeoCountryName",fieldName:"geo.country_name"},{prop:"GeoCountryIsoCode",fieldName:"geo.country_iso_code"},{prop:"GeoRegionName",fieldName:"geo.region_name"},{prop:"GeoCityName",fieldName:"geo.city_name"}],k=l()(n.EuiFlexItem).withConfig({displayName:"GeoFlexItem",componentId:"sc-19jrcd0-0"})(["margin-right:5px;"]);k.displayName="GeoFlexItem";const S=o.a.memo((({contextId:e,eventId:t,fieldName:a,isDraggable:r,values:s})=>null!=s?o.a.createElement(o.a.Fragment,null,Object(i.uniq)(s).map((i=>o.a.createElement(k,{grow:!1,key:`${e}-${t}-${a}-${i}`},o.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"none"},a===m||a===h?o.a.createElement(n.EuiFlexItem,{grow:!1},o.a.createElement(u.a,{countryCode:i})):null,o.a.createElement(n.EuiFlexItem,{grow:!1},o.a.createElement(c.b,{"data-test-subj":a,field:a,id:`geo-field-values-default-draggable-${e}-${t}-${a}-${i}`,isDraggable:r,tooltipContent:a,value:i}))))))):null));S.displayName="GeoFieldValues";const w=o.a.memo((e=>{const{contextId:t,eventId:a,isDraggable:r,type:s}=e,l=(e=>x.map((({prop:t,fieldName:a})=>({prop:`${e}${t}`,fieldName:`${e}.${a}`}))))(s);return o.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"none"},Object(i.uniq)(l).map((n=>o.a.createElement(S,{contextId:t,eventId:a,fieldName:n.fieldName,isDraggable:r,key:n.fieldName,values:Object(i.get)(n.prop,e)}))))}));w.displayName="GeoFields"},function(e,t,a){"use strict";a.d(t,"c",(function(){return m})),a.d(t,"b",(function(){return g})),a.d(t,"a",(function(){return f}));var n=a(40),i=a(42),r=a(2),o=a.n(r),s=a(41),l=a.n(s),c=a(121),u=a(485),d=a(132),p=a(1435);const m="event.start",g="event.end",y=l()(n.EuiIcon).withConfig({displayName:"TimeIcon",componentId:"sc-181wv62-0"})(["margin-right:3px;position:relative;top:-1px;"]);y.displayName="TimeIcon";const f=o.a.memo((({contextId:e,eventDuration:t,eventId:a,eventEnd:r,eventStart:s,isDraggable:l})=>o.a.createElement(n.EuiFlexGroup,{alignItems:"flexStart","data-test-subj":"duration-and-start-group",direction:"column",justifyContent:"center",gutterSize:"none"},null!=t?Object(i.uniq)(t).map((t=>o.a.createElement(n.EuiFlexItem,{grow:!1,key:t},o.a.createElement(c.b,{field:u.b,id:`duration-event-start-end-default-draggable-${e}-${a}-${u.b}-${t}`,isDraggable:l,name:name,tooltipContent:null,value:t},o.a.createElement(n.EuiText,{size:"xs"},o.a.createElement(y,{size:"m",type:"clock"}),o.a.createElement(p.a,{maybeDurationNanoseconds:t,tooltipTitle:u.b})))))):null,null!=s?Object(i.uniq)(s).map((t=>o.a.createElement(n.EuiFlexItem,{grow:!1,key:t},o.a.createElement(c.b,{field:m,id:`duration-event-start-end-default-draggable-${e}-${a}-${m}-${t}`,isDraggable:l,tooltipContent:null,value:t},o.a.createElement(n.EuiText,{size:"xs"},o.a.createElement(y,{size:"m",type:"clock"}),o.a.createElement(d.a,{fieldName:m,value:t})))))):null,null!=r?Object(i.uniq)(r).map((t=>o.a.createElement(n.EuiFlexItem,{grow:!1,key:t},o.a.createElement(c.b,{field:g,id:`duration-event-start-end-default-draggable-${e}-${a}-${g}-${t}`,isDraggable:l,tooltipContent:null,value:t},o.a.createElement(n.EuiText,{size:"xs"},o.a.createElement(y,{size:"m",type:"clock"}),o.a.createElement(d.a,{fieldName:g,value:t})))))):null)));f.displayName="DurationEventStartEnd"},function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(2),i=a.n(n),r=a(121),o=a(127);const s=({args:e,contextId:t,eventId:a,processTitle:n,isDraggable:s})=>Object(o.e)(e)&&Object(o.e)(n)?null:i.a.createElement(i.a.Fragment,null,null!=e&&e.map(((e,n)=>i.a.createElement(o.c,{key:`${t}-args-${n}-${e}`,grow:!1,component:"span"},i.a.createElement(r.c,{contextId:`${t}-args-${n}-${e}`,eventId:a,field:"process.args",isDraggable:s,value:e,fieldType:"keyword",isAggregatable:!0})))),!Object(o.e)(n)&&i.a.createElement(o.c,{grow:!1,component:"span"},i.a.createElement(r.c,{contextId:t,eventId:a,field:"process.title",isDraggable:s,value:n,fieldType:"keyword",isAggregatable:!0})));s.displayName="ArgsComponent";const l=i.a.memo(s);l.displayName="Args"},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a(1095);const r={isolateAction:"isolateHost",isHostIsolationPanelOpen:!1,isIsolateActionSuccessBannerVisible:!1};function o(e,t){switch(t.type){case"setIsolateAction":return{...e,isolateAction:t.isolateAction};case"setIsHostIsolationPanel":return{...e,isHostIsolationPanelOpen:t.isHostIsolationPanelOpen};case"setIsIsolateActionSuccessBannerVisible":return{...e,isIsolateActionSuccessBannerVisible:t.isIsolateActionSuccessBannerVisible};default:throw new Error}}const s=()=>{const[{isolateAction:e,isHostIsolationPanelOpen:t,isIsolateActionSuccessBannerVisible:a},s]=Object(n.useReducer)(o,r),l=Object(n.useCallback)((()=>{s({type:"setIsHostIsolationPanel",isHostIsolationPanelOpen:!1}),s({type:"setIsIsolateActionSuccessBannerVisible",isIsolateActionSuccessBannerVisible:!1})}),[]),c=Object(n.useCallback)((e=>{"isolateHost"!==e&&"unisolateHost"!==e||(s({type:"setIsHostIsolationPanel",isHostIsolationPanelOpen:!0}),s({type:"setIsolateAction",isolateAction:e}))}),[]),u=Object(i.b)(),d=Object(n.useCallback)((()=>{s({type:"setIsIsolateActionSuccessBannerVisible",isIsolateActionSuccessBannerVisible:!0}),u&&u.refreshCase()}),[u]);return Object(n.useMemo)((()=>({isolateAction:e,isHostIsolationPanelOpen:t,isIsolateActionSuccessBannerVisible:a,handleIsolationActionSuccess:d,showAlertDetails:l,showHostIsolationPanel:c})),[t,a,e,d,l,c])}},,,function(e,t,a){"use strict";a.d(t,"b",(function(){return o})),a.d(t,"a",(function(){return s}));var n=a(278),i=a(279);const r=window.localStorage,o={groupById:n.b},s=(e,t)=>{let a={};r&&(a=Object(i.c)(r));const o=((e,t,a)=>{switch(t.type){case n.a.updateActiveGroups:{const{id:i,activeGroups:r}=t.payload;return{...e,groupById:{...a,[i]:{...n.c,...a[i],activeGroups:r}}}}case n.a.updateGroupOptions:{const{id:i,newOptionList:r}=t.payload;return{...e,groupById:{...a,[i]:{...n.c,...a[i],options:r}}}}}throw Error("Unknown grouping action")})(e,t,{...e.groupById,...a});if(r){const e=t.payload.id;Object(i.b)(r,e,o.groupById[e])}return o}},function(e,t,a){const n=a(157);e.exports=(e,t,a)=>{const i=new n(e,a),r=new n(t,a);return i.compare(r)||i.compareBuild(r)}},function(e,t,a){const n=a(192);e.exports=(e,t,a)=>n(e,t,a)<0},function(e,t,a){const n=a(157),i=a(463),{ANY:r}=i,o=a(205),s=a(464),l=a(462),c=a(578),u=a(396),d=a(489);e.exports=(e,t,a,p)=>{let m,g,y,f,b;switch(e=new n(e,p),t=new o(t,p),a){case">":m=l,g=u,y=c,f=">",b=">=";break;case"<":m=c,g=d,y=l,f="<",b="<=";break;default:throw new TypeError('Must provide a hilo val of "<" or ">"')}if(s(e,t,p))return!1;for(let a=0;a<t.set.length;++a){const n=t.set[a];let o=null,s=null;if(n.forEach((e=>{e.semver===r&&(e=new i(">=0.0.0")),o=o||e,s=s||e,m(e.semver,o.semver,p)?o=e:y(e.semver,s.semver,p)&&(s=e)})),o.operator===f||o.operator===b)return!1;if((!s.operator||s.operator===f)&&g(e,s.semver))return!1;if(s.operator===b&&y(e,s.semver))return!1}return!0}},function(e,t,a){"use strict";e.exports=function(e){return e.replace(/[\t\n\r ]+/g," ").replace(/^ | $/g,"").toLowerCase().toUpperCase()}},function(e,t,a){"use strict";e.exports=function(e){return null==e?[]:"length"in e?e:[e]}},function(e,t,a){"use strict";var n=a(251);e.exports=function(e,t){return e.length?(n(e,e.length,0,t),e):t}},function(e,t,a){"use strict";e.exports=function(e,t,a){for(var n,i=[],r=-1;++r<e.length;)(n=e[r].resolveAll)&&i.indexOf(n)<0&&(t=n(t,a),i.push(n));return t}},function(e,t,a){"use strict";var n=a(253)(/[A-Za-z]/);e.exports=n},function(e,t,a){"use strict";var n=a(252),i=a(582),r=a(251),o=a(580),s=a(583),l=a(315),c=a(847),u=a(848),d=a(850),p=a(849),m={name:"labelEnd",tokenize:function(e,t,a){for(var n,i,r=this,s=r.events.length;s--;)if(("labelImage"===r.events[s][1].type||"labelLink"===r.events[s][1].type)&&!r.events[s][1]._balanced){n=r.events[s][1];break}return function(t){return n?n._inactive?c(t):(i=r.parser.defined.indexOf(o(r.sliceSerialize({start:n.end,end:r.now()})))>-1,e.enter("labelEnd"),e.enter("labelMarker"),e.consume(t),e.exit("labelMarker"),e.exit("labelEnd"),l):a(t)};function l(a){return 40===a?e.attempt(g,t,i?t:c)(a):91===a?e.attempt(y,t,i?e.attempt(f,t,c):c)(a):i?t(a):c(a)}function c(e){return n._balanced=!0,a(e)}},resolveTo:function(e,t){for(var a,n,o,c,u,d,p,m=e.length,g=0;m--;)if(c=e[m][1],u){if("link"===c.type||"labelLink"===c.type&&c._inactive)break;"enter"===e[m][0]&&"labelLink"===c.type&&(c._inactive=!0)}else if(d){if("enter"===e[m][0]&&("labelImage"===c.type||"labelLink"===c.type)&&!c._balanced&&(u=m,"labelLink"!==c.type)){g=2;break}}else"labelEnd"===c.type&&(d=m);return a={type:"labelLink"===e[u][1].type?"link":"image",start:l(e[u][1].start),end:l(e[e.length-1][1].end)},n={type:"label",start:l(e[u][1].start),end:l(e[d][1].end)},o={type:"labelText",start:l(e[u+g+2][1].end),end:l(e[d-2][1].start)},p=i(p=[["enter",a,t],["enter",n,t]],e.slice(u+1,u+g+3)),p=i(p,[["enter",o,t]]),p=i(p,s(t.parser.constructs.insideSpan.null,e.slice(u+g+4,d-3),t)),p=i(p,[["exit",o,t],e[d-2],e[d-1],["exit",n,t]]),p=i(p,e.slice(d+1)),p=i(p,[["exit",a,t]]),r(e,u,e.length,p),e},resolveAll:function(e){for(var t,a=-1;++a<e.length;)(t=e[a][1])._used||"labelImage"!==t.type&&"labelLink"!==t.type&&"labelEnd"!==t.type||(e.splice(a+1,"labelImage"===t.type?4:2),t.type="data",a++);return e}},g={tokenize:function(e,t,a){return function(t){return e.enter("resource"),e.enter("resourceMarker"),e.consume(t),e.exit("resourceMarker"),p(e,i)};function i(t){return 41===t?s(t):c(e,r,a,"resourceDestination","resourceDestinationLiteral","resourceDestinationLiteralMarker","resourceDestinationRaw","resourceDestinationString",3)(t)}function r(t){return n(t)?p(e,o)(t):s(t)}function o(t){return 34===t||39===t||40===t?d(e,p(e,s),a,"resourceTitle","resourceTitleMarker","resourceTitleString")(t):s(t)}function s(n){return 41===n?(e.enter("resourceMarker"),e.consume(n),e.exit("resourceMarker"),e.exit("resource"),t):a(n)}}},y={tokenize:function(e,t,a){var n=this;return function(t){return u.call(n,e,i,a,"reference","referenceMarker","referenceString")(t)};function i(e){return n.parser.defined.indexOf(o(n.sliceSerialize(n.events[n.events.length-1][1]).slice(1,-1)))<0?a(e):t(e)}}},f={tokenize:function(e,t,a){return function(t){return e.enter("reference"),e.enter("referenceMarker"),e.consume(t),e.exit("referenceMarker"),n};function n(n){return 93===n?(e.enter("referenceMarker"),e.consume(n),e.exit("referenceMarker"),e.exit("reference"),t):a(n)}}};e.exports=m},function(e,t,a){"use strict";a.d(t,"k",(function(){return i})),a.d(t,"a",(function(){return r})),a.d(t,"b",(function(){return o})),a.d(t,"j",(function(){return s})),a.d(t,"h",(function(){return l})),a.d(t,"i",(function(){return c})),a.d(t,"g",(function(){return u})),a.d(t,"f",(function(){return d})),a.d(t,"c",(function(){return p})),a.d(t,"m",(function(){return m})),a.d(t,"l",(function(){return g})),a.d(t,"d",(function(){return y})),a.d(t,"e",(function(){return f}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.detectionEngine.detectionsPageTitle",{defaultMessage:"Alerts"}),r=n.i18n.translate("xpack.securitySolution.detectionEngine.alertTitle",{defaultMessage:"Alerts"}),o=n.i18n.translate("xpack.securitySolution.detectionEngine.buttonManageRules",{defaultMessage:"Manage rules"}),s=n.i18n.translate("xpack.securitySolution.detectionEngine.noIndexTitle",{defaultMessage:"Let’s set up your detection engine"}),l=n.i18n.translate("xpack.securitySolution.detectionEngine.needsSignalsAndListsIndexesMessage",{defaultMessage:"You need permissions for the signals and lists indices."}),c=n.i18n.translate("xpack.securitySolution.detectionEngine.needsSignalsIndexMessage",{defaultMessage:"You need permissions for the signals index."}),u=n.i18n.translate("xpack.securitySolution.detectionEngine.needsListsIndexesMessage",{defaultMessage:"You need permissions for the lists indices."}),d=e=>n.i18n.translate("xpack.securitySolution.detectionEngine.needsIndexPermissionsMessage",{values:{additionalContext:e},defaultMessage:"To use the detection engine, a user with the required cluster and index privileges must first access this page. {additionalContext} For more help, contact your Elastic Stack administrator."}),p=n.i18n.translate("xpack.securitySolution.detectionEngine.goToDocumentationButton",{defaultMessage:"View documentation"}),m=n.i18n.translate("xpack.securitySolution.detectionEngine.userUnauthenticatedTitle",{defaultMessage:"Detection engine permissions required"}),g=n.i18n.translate("xpack.securitySolution.detectionEngine.userUnauthenticatedMsgBody",{defaultMessage:"You do not have the required permissions for viewing the detection engine. For more help, contact your administrator."}),y=n.i18n.translate("xpack.securitySolution.detectionEngine.mlRulesDisabledMessageTitle",{defaultMessage:"ML rules require Platinum License and ML Admin Permissions"}),f=e=>n.i18n.translate("xpack.securitySolution.detectionEngine.mlUnavailableTitle",{values:{totalRules:e},defaultMessage:"{totalRules} {totalRules, plural, =1 {rule requires} other {rules require}} Machine Learning to enable."})},function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(0),i=a.n(n);class InvariantError extends Error{constructor(...e){super(...e),i()(this,"name","InvariantError")}}function r(e,t){if(!e)throw new InvariantError(t)}},function(e,t,a){"use strict";a.d(t,"a",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"c",(function(){return o}));var n=a(4);const i=20,r=[5,10,20,50,n.nc],o="securitySolution.rulesTable"},function(e,t,a){"use strict";a.d(t,"d",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"a",(function(){return o})),a.d(t,"g",(function(){return s})),a.d(t,"e",(function(){return l})),a.d(t,"i",(function(){return c})),a.d(t,"j",(function(){return u})),a.d(t,"h",(function(){return d})),a.d(t,"f",(function(){return p})),a.d(t,"k",(function(){return m})),a.d(t,"c",(function(){return g}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.advancedSettingsButton",{defaultMessage:"Advanced settings"}),r=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.addReferenceDescription",{defaultMessage:"Add reference URL"}),o=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.addFalsePositiveDescription",{defaultMessage:"Add false positive example"}),s=(n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.addCustomHighlightedFieldDescription",{defaultMessage:"Add a custom highlighted field"}),n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.endpointExceptionListLabel",{defaultMessage:"Elastic Endpoint exceptions"})),l=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.buildingBlockLabel",{defaultMessage:"Building block"}),c=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.severityOptionLowDescription",{defaultMessage:"Low"}),u=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.severityOptionMediumDescription",{defaultMessage:"Medium"}),d=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.severityOptionHighDescription",{defaultMessage:"High"}),p=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.severityOptionCriticalDescription",{defaultMessage:"Critical"}),m=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.referencesUrlInvalidError",{defaultMessage:"URL is invalid format"}),g=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutrule.noteHelpText",{defaultMessage:"Add rule investigation guide..."})},function(e,t,a){"use strict";a.d(t,"a",(function(){return b}));var n=a(8),i=a(5),r=a(40),o=a(2),s=a.n(o),l=a(49),c=a(370),u=a(197),d=a(4),p=a(204),m=a(125),g=a(213),y=a(750),f=a(471);const b={index:{defaultValue:[],fieldsToValidateOnChange:["index","queryBar"],type:m.a.COMBO_BOX,label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fiedIndexPatternsLabel",{defaultMessage:"Index patterns"}),helpText:s.a.createElement(r.EuiText,{size:"xs"},f.i),validations:[{validator:(...e)=>{const[{formData:t}]=e;if(!Object(p.d)(t.ruleType)&&t.dataSourceType===g.a.IndexPatterns)return m.h.emptyField(i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.outputIndiceNameFieldRequiredError",{defaultMessage:"A minimum of one index pattern is required."}))(...e)}}]},dataViewId:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.dataViewSelector",{defaultMessage:"Data view"}),fieldsToValidateOnChange:["dataViewId"],validations:[{validator:(...e)=>{const[{path:t,formData:a}]=e,n=null!=a.dataViewId&&""!==a.dataViewId;if(!Object(p.d)(a.ruleType)&&!n&&a.dataSourceType===g.a.DataView)return{path:t,message:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired",{defaultMessage:"Please select an available Data View or Index Pattern."})}}}]},dataViewTitle:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.dataViewTitleSelector",{defaultMessage:"Data view index pattern"}),validations:[]},eqlOptions:{},queryBar:{validations:[{validator:(...e)=>{const[{value:t,path:a,formData:i}]=e,{query:r,filters:o,saved_id:s}=t;if(!Object(p.d)(i.ruleType)&&Object(n.isEmpty)(r.query)&&Object(n.isEmpty)(o)&&!s)return{code:"ERR_FIELD_MISSING",path:a,message:Object(u.b)(i.ruleType)?f.f:f.d}}},{validator:(...e)=>{const[{value:t,path:a,formData:i}]=e,{query:r}=t;if(!Object(p.d)(i.ruleType)&&!Object(n.isEmpty)(r.query)&&"kuery"===r.language)try{Object(l.fromKueryExpression)(r.query)}catch(e){return{code:"ERR_FIELD_FORMAT",path:a,message:f.j}}}},{validator:Object(y.a)(y.b,300)}]},ruleType:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldRuleTypeLabel",{defaultMessage:"Rule type"}),validations:[]},anomalyThreshold:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldAnomalyThresholdLabel",{defaultMessage:"Anomaly score threshold"}),validations:[]},machineLearningJobId:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldMachineLearningJobIdLabel",{defaultMessage:"Machine Learning job"}),validations:[{validator:(...e)=>{const[{formData:t}]=e;if(Object(p.d)(t.ruleType))return m.h.emptyField(i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.machineLearningJobIdRequired",{defaultMessage:"A Machine Learning job is required."}))(...e)}}]},relatedIntegrations:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldRelatedIntegrationsLabel",{defaultMessage:"Related integrations"}),helpText:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldRelatedIntegrationsHelpText",{defaultMessage:"Integration related to this Rule."})},requiredFields:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldRequiredFieldsLabel",{defaultMessage:"Required fields"}),helpText:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldRequiredFieldsHelpText",{defaultMessage:"Fields required for this Rule to function."})},timeline:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTimelineTemplateLabel",{defaultMessage:"Timeline template"}),helpText:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTimelineTemplateHelpText",{defaultMessage:"Select which timeline to use when investigating generated alerts."})},threshold:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdLabel",{defaultMessage:"Threshold"}),field:{type:m.a.COMBO_BOX,label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdFieldLabel",{defaultMessage:"Group by"}),helpText:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdFieldHelpText",{defaultMessage:"Select fields to group by. Fields are joined together with 'AND'"}),validations:[{validator:(...e)=>{const[{formData:t}]=e;if(Object(u.g)(t.ruleType))return m.h.maxLengthField({length:3,message:i.i18n.translate("xpack.securitySolution.detectionEngine.validations.thresholdFieldFieldData.arrayLengthGreaterThanMaxErrorMessage",{defaultMessage:"Number of fields must be 3 or less."})})(...e)}}]},value:{type:m.a.NUMBER,label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdValueLabel",{defaultMessage:"Threshold"}),validations:[{validator:(...e)=>{const[{formData:t}]=e;if(Object(u.g)(t.ruleType))return m.h.numberGreaterThanField({than:1,message:i.i18n.translate("xpack.securitySolution.detectionEngine.validations.thresholdValueFieldData.numberGreaterThanOrEqualOneErrorMessage",{defaultMessage:"Value must be greater than or equal to one."}),allowEquality:!0})(...e)}}]},cardinality:{field:{defaultValue:[],fieldsToValidateOnChange:["threshold.cardinality.field","threshold.cardinality.value"],type:m.a.COMBO_BOX,label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdCardinalityFieldLabel",{defaultMessage:"Count"}),validations:[{validator:(...e)=>{const[{formData:t}]=e;if(Object(u.g)(t.ruleType))return Object(n.isEmpty)(t["threshold.cardinality.field"])&&!Object(n.isEmpty)(t["threshold.cardinality.value"])?m.h.emptyField(i.i18n.translate("xpack.securitySolution.detectionEngine.validations.thresholdCardinalityFieldFieldData.thresholdCardinalityFieldNotSuppliedMessage",{defaultMessage:"A Cardinality Field is required."}))(...e):void 0}}],helpText:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdFieldCardinalityFieldHelpText",{defaultMessage:"Select a field to check cardinality"})},value:{fieldsToValidateOnChange:["threshold.cardinality.field","threshold.cardinality.value"],type:m.a.NUMBER,label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdCardinalityValueFieldLabel",{defaultMessage:"Unique values"}),validations:[{validator:(...e)=>{const[{formData:t}]=e;if(Object(u.g)(t.ruleType))return Object(n.isEmpty)(t["threshold.cardinality.field"])?void 0:m.h.numberGreaterThanField({than:1,message:i.i18n.translate("xpack.securitySolution.detectionEngine.validations.thresholdCardinalityValueFieldData.numberGreaterThanOrEqualOneErrorMessage",{defaultMessage:"Value must be greater than or equal to one."}),allowEquality:!0})(...e)}}]}}},threatIndex:{type:m.a.COMBO_BOX,label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatIndexPatternsLabel",{defaultMessage:"Indicator index patterns"}),helpText:s.a.createElement(r.EuiText,{size:"xs"},f.q),validations:[{validator:(...e)=>{const[{formData:t}]=e;if(Object(u.f)(t.ruleType))return m.h.emptyField(i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchoutputIndiceNameFieldRequiredError",{defaultMessage:"A minimum of one index pattern is required."}))(...e)}},{validator:(...e)=>{const[{formData:t,value:a}]=e;if(Object(u.f)(t.ruleType))return c.b.forbiddenField(a,"*")}}]},threatMapping:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatMappingLabel",{defaultMessage:"Indicator mapping"}),validations:[{validator:(...e)=>{const[{path:t,formData:a}]=e;if(Object(u.f)(a.ruleType))return Object(c.j)(a.threatMapping)?{code:"ERR_FIELD_MISSING",path:t,message:f.r}:Object(c.a)(a.threatMapping)?{code:"ERR_FIELD_MISSING",path:t,message:f.p}:void 0}}]},threatQueryBar:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatQueryBarLabel",{defaultMessage:"Indicator index query"}),validations:[{validator:(...e)=>{const[{value:t,path:a,formData:i}]=e;if(!Object(u.f)(i.ruleType))return;const{query:r,filters:o}=t;return Object(n.isEmpty)(r.query)&&Object(n.isEmpty)(o)?{code:"ERR_FIELD_MISSING",path:a,message:f.d}:void 0}},{validator:(...e)=>{const[{value:t,path:a,formData:i}]=e;if(!Object(u.f)(i.ruleType))return;const{query:r}=t;if(!Object(n.isEmpty)(r.query)&&"kuery"===r.language)try{Object(l.fromKueryExpression)(r.query)}catch(e){return{code:"ERR_FIELD_FORMAT",path:a,message:f.j}}}}]},groupByFields:{type:m.a.COMBO_BOX,label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsLabel",{defaultMessage:"Suppress alerts by"}),labelAppend:s.a.createElement(r.EuiText,{color:"subdued",size:"xs"},i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsLabelAppend",{defaultMessage:"Optional (Technical Preview)"})),helpText:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldGroupByFieldHelpText",{defaultMessage:"Select field(s) to use for suppressing extra alerts"}),validations:[{validator:(...e)=>{const[{formData:t}]=e;if(Object(u.e)(t.ruleType))return m.h.maxLengthField({length:3,message:i.i18n.translate("xpack.securitySolution.detectionEngine.validations.stepDefineRule.groupByFieldsMax",{defaultMessage:"Number of grouping fields must be at most 3"})})(...e)}}]},groupByRadioSelection:{},groupByDuration:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByDurationValueLabel",{defaultMessage:"Suppress alerts for"}),helpText:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldGroupByDurationValueHelpText",{defaultMessage:"Suppress alerts for"}),value:{},unit:{}},suppressionMissingFields:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.suppressionMissingFieldsLabel",{defaultMessage:"If a suppression field is missing"})},newTermsFields:{type:m.a.COMBO_BOX,label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.newTermsFieldsLabel",{defaultMessage:"Fields"}),helpText:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldNewTermsFieldHelpText",{defaultMessage:"Select a field to check for new terms."}),validations:[{validator:(...e)=>{const[{formData:t}]=e;if(Object(u.d)(t.ruleType))return m.h.emptyField(i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.newTermsFieldsMin",{defaultMessage:"A minimum of one field is required."}))(...e)}},{validator:(...e)=>{const[{formData:t}]=e;if(Object(u.d)(t.ruleType))return m.h.maxLengthField({length:d.Kb,message:i.i18n.translate("xpack.securitySolution.detectionEngine.validations.stepDefineRule.newTermsFieldsMax",{defaultMessage:"Number of fields must be 3 or less."})})(...e)}}]},historyWindowSize:{label:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.historyWindowSizeLabel",{defaultMessage:"History Window Size"}),helpText:i.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.historyWindowSizeHelpText",{defaultMessage:"New terms rules only alert if terms don't appear in historical data."})},shouldLoadQueryDynamically:{type:m.a.CHECKBOX,defaultValue:!1}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(2),i=a(108),r=a(858);function o(){const e=Object(i.a)();return Object(n.useCallback)((({actionType:t,error:a})=>{e.addError(function(e){return e.stack=JSON.stringify(e.body,null,2),e}(a),{title:Object(r.d)(t),toastMessage:Object(r.b)(t,a)})}),[e])}},function(e,t,a){"use strict";a.d(t,"a",(function(){return m}));var n=a(2),i=a(120),r=a(244),o=a(40),s=a(123),l=a(4),c=a(593),u=a(198),d=a(900),p=a(743);const m=({exceptionsList:e,handleExport:t,handleDelete:a,handleDuplicate:m,handleManageRules:g})=>{const[y,f]=Object(n.useState)(r.i.LOADING),[b,h]=Object(n.useState)(),[E,v]=Object(n.useState)(!1),[x,k]=Object(n.useState)(!1),[S,w]=Object(n.useState)(null),{name:j,list_id:O,rules:I,type:T,created_by:C,created_at:M,description:F}=e,D=Object(n.useCallback)((()=>{f("")}),[f]),A=e=>{h(e),k(!0)},{lastUpdated:_,exceptionViewerStatus:N,exceptions:R,pagination:q,ruleReferences:P,fetchItems:L,onDeleteException:B,onPaginationChange:z}=Object(c.a)({list:e,deleteToastTitle:u.u,deleteToastBody:e=>u.t(e),errorToastBody:u.p,errorToastTitle:u.q,onEditListExceptionItem:A,onFinishFetchingExceptions:D});Object(n.useEffect)((()=>{L(null,r.i.LOADING)}),[L]);const[$,V]=Object(n.useState)(!1),G=Object(o.useGeneratedHtmlId)({prefix:"openAccordion"}),U=Object(d.a)(e),H=Object(n.useMemo)((()=>y===r.i.EMPTY?u.B:""),[y]),W=Object(n.useMemo)((()=>y===r.i.EMPTY?u.y(e.name):""),[e.name,y]),Q=Object(n.useMemo)((()=>e.type===i.b.ENDPOINT?u.A:u.z),[e.type]),Y=Object(n.useMemo)((()=>[{key:"Export",icon:"exportAction",label:u.O,onClick:a=>{T===i.b.ENDPOINT?t({id:e.id,listId:e.list_id,name:e.name,namespaceType:e.namespace_type,includeExpiredExceptions:!0})():w(p.a.EXPORT)}},{key:"Duplicate",icon:"copy",label:u.k,disabled:U,onClick:e=>{w(p.a.DUPLICATE)}},{key:"Delete",icon:"trash",disabled:U,label:u.j,onClick:t=>{a({id:e.id,listId:e.list_id,namespaceType:e.namespace_type})()}},{key:"LinkRules",icon:"gear",disabled:U,label:u.W,onClick:e=>{g()}}]),[U,T,t,e.id,e.list_id,e.name,e.namespace_type,a,g]),K=Object(n.useCallback)((()=>{v(!0)}),[v]),Z=Object(n.useCallback)((e=>{v(!1),k(!1),e&&L()}),[L,v,k]),J=Object(n.useCallback)((()=>{w(p.a.EXPORT)}),[w]),X=Object(n.useCallback)((a=>{S===p.a.EXPORT&&t({id:e.id,listId:e.list_id,name:e.name,namespaceType:e.namespace_type,includeExpiredExceptions:a})(),S===p.a.DUPLICATE&&m({listId:e.list_id,name:e.name,namespaceType:e.namespace_type,includeExpiredExceptions:a})()}),[S,t,e.id,e.list_id,e.name,e.namespace_type,m]),{onClick:ee}=Object(s.o)()({deepLinkId:l.wc.exceptions,path:`/details/${e.list_id}`});return{listId:O,listName:j,listDescription:F,createdAt:new Date(M).toDateString(),createdBy:C,listRulesCount:I.length.toString(),exceptionItemsCount:q.totalItemCount.toString(),listType:T,menuActionItems:Y,showAddExceptionFlyout:E,toggleAccordion:$,openAccordionId:G,viewerStatus:y,exceptionToEdit:b,showEditExceptionFlyout:x,lastUpdated:_,exceptions:R,ruleReferences:P,pagination:q,exceptionViewerStatus:N,onEditExceptionItem:A,onDeleteException:B,onPaginationChange:z,setToggleAccordion:V,onAddExceptionClick:K,handleConfirmExceptionFlyout:Z,handleCancelExceptionItemFlyout:()=>{v(!1),k(!1)},goToExceptionDetail:ee,emptyViewerTitle:H,emptyViewerBody:W,emptyViewerButtonText:Q,showIncludeExpiredExceptionsModal:S,onExportListClick:J,handleCancelExpiredExceptionsModal:()=>{w(null)},handleConfirmExpiredExceptionsModal:X}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a(244),r=a(102),o=a(605);const s=({list:e,deleteToastTitle:t,deleteToastBody:a,errorToastTitle:s,errorToastBody:l,onEditListExceptionItem:c,onFinishFetchingExceptions:u})=>{const{services:d}=Object(r.j)(),{http:p}=d,m=Object(r.n)(),[g,y]=Object(n.useState)([]),[f,b]=Object(n.useState)({}),[h,E]=Object(n.useState)({pageIndex:0,pageSize:0,totalItemCount:0}),[v,x]=Object(n.useState)(null),[k,S]=Object(n.useState)(""),w=Object(n.useCallback)(((e,t,a)=>{null==m||m.addError(e,{title:t||s,toastMessage:a||l}),S(i.i.ERROR)}),[l,s,m]),j=Object(n.useCallback)((async()=>{try{const t=await Object(o.c)([e]);b(t)}catch(e){w(e)}}),[w,e,b]),O=Object(n.useCallback)(((e,t,a)=>{E(e),x(Date.now()),setTimeout((()=>{if(a===i.i.EMPTY_SEARCH)return S(t?"":a);S(t?"":i.i.EMPTY)}),200)}),[]),I=Object(n.useCallback)((async(t,a)=>{try{S(i.i.LOADING);const{data:n,pagination:r}=await Object(o.b)({http:p,...Object(o.g)(null,e,t)});y(n),j(),O(r,n.length,a),"function"==typeof u&&u()}catch(e){w(e)}}),[p,e,j,O,u,w]),T=Object(n.useCallback)((async({id:e,name:n,namespaceType:r})=>{try{S(i.i.LOADING),await Object(o.a)({id:e,http:p,namespaceType:r}),null==m||m.addSuccess({title:t,text:"function"==typeof a?a(n):""}),I()}catch(e){w(e)}}),[p,m,t,a,I,w]),C=Object(n.useCallback)((async e=>{I(e)}),[I]);return{exceptions:g,lastUpdated:v,pagination:h,exceptionViewerStatus:k,ruleReferences:f,fetchItems:I,onDeleteException:T,onEditExceptionItem:e=>{"function"==typeof c&&c(e)},onPaginationChange:C}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(163),i=a(141);const r=Object(i.d)((async({file:e,http:t,signal:a,overwrite:i,overwriteExceptions:r,asNewList:o})=>{const s=new FormData;return s.append("file",e),await t.post(`${n.t}/_import`,{body:s,query:{overwrite:i,overwrite_exceptions:r,as_new_list:o},headers:{"Content-Type":void 0},method:"POST",signal:a})})),o=()=>Object(i.a)(r)},function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(2),i=a(120),r=a(244),o=a(198),s=a(757);const l=(e,t)=>{const[a,l]=Object(n.useState)(!1),[c,u]=Object(n.useState)(!1),[d,p]=Object(n.useState)(),[m,g]=Object(n.useState)(r.i.LOADING),y=Object(n.useCallback)((()=>{g("")}),[g]),f=e=>{p(e),u(!0)},{exceptionViewerStatus:b,exceptions:h,lastUpdated:E,pagination:v,ruleReferences:x,fetchItems:k,onDeleteException:S,onPaginationChange:w}=Object(s.b)({list:e,deleteToastTitle:o.u,deleteToastBody:e=>o.t(e),errorToastBody:o.p,errorToastTitle:o.q,onEditListExceptionItem:f,onFinishFetchingExceptions:y});Object(n.useEffect)((()=>{k(null,r.i.LOADING)}),[k,t]);const j=Object(n.useMemo)((()=>m===r.i.EMPTY?o.B:""),[m]),O=Object(n.useMemo)((()=>m===r.i.EMPTY?o.y(e.name):""),[e.name,m]),I=Object(n.useMemo)((()=>e.type===i.b.ENDPOINT?o.A:o.z),[e.type]),T=Object(n.useCallback)((async e=>{g(r.i.SEARCHING),k(e,r.i.EMPTY_SEARCH)}),[k,g]),C=Object(n.useCallback)((()=>{l(!0),k()}),[k,l]),M=Object(n.useCallback)((e=>{l(!1),u(!1),e&&k()}),[k,l,u]);return{exceptionViewerStatus:b,listName:e.name,exceptions:h,listType:e.type,lastUpdated:E,pagination:v,viewerStatus:m,emptyViewerTitle:j,emptyViewerBody:O,emptyViewerButtonText:I,ruleReferences:x,showAddExceptionFlyout:a,showEditExceptionFlyout:c,exceptionToEdit:d,onSearch:T,onAddExceptionClick:C,onDeleteException:S,onEditExceptionItem:f,onPaginationChange:w,handleCancelExceptionItemFlyout:()=>{l(!1),u(!1)},handleConfirmExceptionFlyout:M}}},function(e,t,a){"use strict";a.d(t,"b",(function(){return ht})),a.d(t,"a",(function(){return jt}));var n=a(104),i=a.n(n),r=a(40),o=a(2),s=a.n(o),l=a(41),c=a.n(l),u=a(8),d=a(186),p=a(282),m=a(944),g=a(124),y=a(929),f=a(291),b=a(272),h=a(199),E=a(948),v=a(930),x=a(236),k=a(44),S=a(212),w=a(113),j=a(117),O=a(813),I=a(492);const T=({risk:e,riskEntity:t,originalRisk:a})=>{var n,i,o,l,c,u,d,p;const m=t===w.w.host?null==e||null===(n=e.result)||void 0===n||null===(i=n[0])||void 0===i||null===(o=i.host)||void 0===o||null===(l=o.risk)||void 0===l?void 0:l.calculated_level:null==e||null===(c=e.result)||void 0===c||null===(u=c[0])||void 0===u||null===(d=u.user)||void 0===d||null===(p=d.risk)||void 0===p?void 0:p.calculated_level;return s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiPanel,{hasBorder:!0,paddingSize:"s",grow:!1},s.a.createElement(W,{title:s.a.createElement(I.a,{title:x.o(t),riskScoreEntity:t}),toolTipTitle:s.a.createElement(I.a,{title:x.o(t),riskScoreEntity:t,showTechnicalPreviewBadge:!0}),toolTipContent:s.a.createElement(k.FormattedMessage,{id:"xpack.securitySolution.alertDetails.overview.riskDataTooltipContent",defaultMessage:"Risk classification is displayed only when available for a {riskEntity}. Ensure {riskScoreDocumentationLink} is enabled within your environment.",values:{riskEntity:t,riskScoreDocumentationLink:s.a.createElement(O.a,{riskScoreEntity:t,title:x.p(t)})}})}),e.loading&&s.a.createElement(r.EuiLoadingSpinner,{"data-test-subj":"loading"}),!e.loading&&s.a.createElement(s.a.Fragment,null,s.a.createElement(H,{field:x.a(t),value:m?s.a.createElement(S.b,{severity:m,hideBackgroundColor:!0}):Object(j.e)()}),a&&m!==a&&s.a.createElement(s.a.Fragment,null,s.a.createElement(H,{field:x.m(t),value:s.a.createElement(S.b,{severity:a,hideBackgroundColor:!0})})))))},C=s.a.memo(T);var M=a(42),F=a(165),D=a(336),A=a(337),_=a(115);const N=c.a.span.withConfig({displayName:"EnrichmentFieldFeedName",componentId:"sc-1cy82j8-0"})(["white-space:nowrap;font-style:italic;"]),R=c()(r.EuiFlexGroup).withConfig({displayName:"StyledEuiFlexGroup",componentId:"sc-1cy82j8-1"})([".inlineActions{opacity:0;}.inlineActions-popoverOpen{opacity:1;}&:hover{.inlineActions{opacity:1;}}"]),q=({browserField:e,data:t,eventId:a,index:n,feedName:i,scopeId:l,value:c,isDraggable:u,isReadOnly:d})=>{const p=Object(o.useMemo)((()=>({scopeId:l})),[l]);if(!t||!c)return null;const m=`alert-details-value-formatted-field-value-${l}-${a}-${t.field}-${c}-${n}-${i}`;return s.a.createElement(R,{key:m,direction:"row",gutterSize:"xs",alignItems:"center"},s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement("div",null,s.a.createElement(A.a,{contextId:l,eventId:m,fieldFormat:t.format,fieldName:t.field,fieldType:t.type,isDraggable:u,isObjectArray:t.isObjectArray,value:c,truncate:!1}),i&&s.a.createElement(N,null," ",x.e," ",i))),s.a.createElement(r.EuiFlexItem,null,c&&!d&&s.a.createElement(F.c,{data:{field:t.field,value:c},triggerId:F.d.DETAILS_FLYOUT,mode:F.a.INLINE,sourcererScopeId:Object(_.getSourcererScopeId)(l),metadata:p,visibleCellActions:3})))},P=({browserFields:e,data:t,enrichments:a,scopeId:n,eventId:i,isDraggable:o,isReadOnly:l})=>{const c=a.map(((a,n)=>{var i,r,o,s;const{field:l,type:c,feedName:u,value:d}=Object(D.c)(a),p=t.find((e=>e.field===l)),m=null!==(i=null==p?void 0:p.category)&&void 0!==i?i:"",g=Object(M.get)([m,"fields",null!=l?l:""],e);return{fieldsData:{field:null!=l?l:"",format:null!==(r=null==g?void 0:g.format)&&void 0!==r?r:"",type:null!==(o=null==g?void 0:g.type)&&void 0!==o?o:"",isObjectArray:null!==(s=null==p?void 0:p.isObjectArray)&&void 0!==s&&s},type:c,feedName:u,index:n,field:l,browserField:g,value:d}})),[d,p]=Object(u.partition)(c,(({type:e})=>Object(D.e)(e)));return s.a.createElement(s.a.Fragment,null,p.length>0&&s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(r.EuiPanel,{hasBorder:!0,paddingSize:"s",grow:!1},s.a.createElement(W,{title:x.f,toolTipContent:x.g}),p.map((({fieldsData:e,index:t,field:a,feedName:r,browserField:c,value:u})=>s.a.createElement(H,{key:a,field:a,value:s.a.createElement(q,{eventId:i,index:t,feedName:r,scopeId:n,value:u,data:e,browserField:c,isDraggable:o,isReadOnly:l})}))))),d.length>0&&s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(r.EuiPanel,{hasBorder:!0,paddingSize:"s",grow:!1},s.a.createElement(W,{title:x.i,toolTipContent:x.k}),d.map((({fieldsData:e,index:t,field:a,feedName:r,browserField:c,value:u})=>s.a.createElement(H,{key:a,field:a,value:s.a.createElement(q,{eventId:i,index:t,feedName:r,scopeId:n,value:u,data:e,browserField:c,isDraggable:o,isReadOnly:l})}))))))},L=s.a.memo(P);var B=a(414);const z=c()(r.EuiTitle).withConfig({displayName:"UppercaseEuiTitle",componentId:"sc-1az7ye2-0"})(["text-transform:uppercase;"]),$=({children:e})=>s.a.createElement(z,{size:"xxxs"},s.a.createElement("h5",null,e)),V=c()(r.EuiTitle).withConfig({displayName:"StyledEnrichmentFieldTitle",componentId:"sc-1az7ye2-1"})(["width:220px;"]),G=({title:e})=>s.a.createElement(V,{size:"xxxs"},s.a.createElement("h6",null,e)),U=c()(r.EuiFlexGroup).withConfig({displayName:"StyledEuiFlexGroup",componentId:"sc-1az7ye2-2"})(["font-size:",";margin-top:",";"],(({theme:e})=>e.eui.euiFontSizeXS),(({theme:e})=>e.eui.euiSizeS)),H=({field:e,value:t})=>s.a.createElement(U,{direction:"row",gutterSize:"none",responsive:!0,alignItems:"center","data-test-subj":"EnrichedDataRow"},s.a.createElement(r.EuiFlexItem,{style:{flexShrink:0},grow:!1},s.a.createElement(G,{title:e})),s.a.createElement(r.EuiFlexItem,{className:"eui-textBreakWord"},t)),W=({title:e,toolTipContent:t,toolTipTitle:a})=>{const[n,i]=Object(o.useState)(!1),l=Object(o.useCallback)((()=>{i(!n)}),[n,i]),c=Object(o.useCallback)((()=>{i(!1)}),[i]);return s.a.createElement(r.EuiFlexGroup,{direction:"row",gutterSize:"none",alignItems:"center"},s.a.createElement(r.EuiFlexItem,null,s.a.createElement($,null,e)),s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(r.EuiPopover,{isOpen:n,closePopover:c,anchorPosition:"leftCenter",button:s.a.createElement(r.EuiButtonIcon,{color:"text",size:"xs",iconSize:"m",iconType:"iInCircle","aria-label":x.h,onClick:l})},s.a.createElement(r.EuiPopoverTitle,null,null!=a?a:e),s.a.createElement(r.EuiText,{size:"s",style:{width:"270px"}},t))))},Q=({browserFields:e,data:t,enrichments:a,eventId:n,scopeId:i,hostRisk:o,userRisk:l,isDraggable:c,isReadOnly:u})=>{var d,p,m,g;const y=null==t||null===(d=t.find((e=>"host.risk.calculated_level"===(null==e?void 0:e.field))))||void 0===d||null===(p=d.values)||void 0===p?void 0:p[0],f=null==t||null===(m=t.find((e=>"user.risk.calculated_level"===(null==e?void 0:e.field))))||void 0===m||null===(g=m.values)||void 0===g?void 0:g[0],b=Object(B.a)("entity-analytics");return b||0!==a.length?s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiHorizontalRule,null),s.a.createElement(r.EuiTitle,{size:"xxxs"},s.a.createElement("h5",null,x.b)),s.a.createElement(r.EuiSpacer,{size:"m"}),s.a.createElement(r.EuiFlexGroup,{direction:"column",gutterSize:"m",style:{flexGrow:0}},b&&s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(C,{riskEntity:w.w.host,risk:o,originalRisk:y})),s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(C,{riskEntity:w.w.user,risk:l,originalRisk:f}))),s.a.createElement(L,{browserFields:e,data:t,enrichments:a,scopeId:i,eventId:n,isDraggable:c,isReadOnly:u}))):null},Y=s.a.memo(Q);var K=a(943),Z=a(155),J=a(655);const X=c()(r.EuiInMemoryTable).withConfig({displayName:"SummaryTable",componentId:"sc-12oammb-0"})([".inlineActions{opacity:0;}.flyoutTableHoverActions{.inlineActions-popoverOpen{opacity:1;}&:hover{.inlineActions{opacity:1;}}}"]);var ee=a(812),te=a(217),ae=a(142);const ne={flexGrow:0},ie=({data:e,eventId:t,fieldFromBrowserField:a,isDraggable:n,linkValue:i,scopeId:r,values:o,isReadOnly:l})=>{const c=Object(te.e)(e.field);return s.a.createElement(s.a.Fragment,null,s.a.createElement(ee.a,{contextId:r,data:e,eventId:t,fieldFromBrowserField:a,linkValue:i,isDraggable:n,style:ne,values:o}),r!==ae.f.active&&!l&&c&&s.a.createElement(F.c,{data:{field:e.field,value:o},triggerId:F.d.DETAILS_FLYOUT,mode:F.a.INLINE,visibleCellActions:3,sourcererScopeId:Object(_.getSourcererScopeId)(r),metadata:{scopeId:r}}))};ie.displayName="SummaryValueCell";var re=a(271),oe=a(320),se=a(394);const le=({data:e,eventId:t,fieldFromBrowserField:a,linkValue:n,scopeId:i,values:o})=>{const{loading:l,count:c}=Object(se.a)({field:e.field,isActiveTimelines:i===ae.f.active,value:o,signalIndexName:null}),u=Object(oe.c)({contextId:i,eventId:t,field:e.field,fieldFormat:e.format,fieldFromBrowserField:a,fieldType:e.type,isObjectArray:e.isObjectArray,linkValue:n,values:o});return l?s.a.createElement(r.EuiLoadingSpinner,null):"number"==typeof c&&null!=u&&u.dataProviders&&null!=u&&u.dataProviders.length?s.a.createElement(re.a,{asEmptyButton:!0,dataProviders:u.dataProviders,filters:u.filters},s.a.createElement("span",{"data-test-subj":"alert-prevalence"},c)):Object(j.d)()};le.displayName="PrevalenceCell";const ce=[{field:"title",truncateText:!1,name:Z.o,textOnly:!0},{field:"description",truncateText:!1,render:ie,name:Z.p}],ue=[...ce,{field:"description",truncateText:!0,render:e=>s.a.createElement(le,e),name:s.a.createElement(s.a.Fragment,null,Z.m," ",s.a.createElement(r.EuiIconTip,{type:"iInCircle",color:"subdued",title:Z.m,content:s.a.createElement("span",null,Z.n)})),align:"right",width:"130px"}],de={className:"flyoutTableHoverActions"},pe=({goToTable:e,rows:t,title:a,isReadOnly:n})=>{const i=n?ce:ue;return s.a.createElement("div",null,s.a.createElement(r.EuiFlexGroup,null,s.a.createElement(r.EuiFlexItem,null,s.a.createElement(r.EuiTitle,{size:"xxxs"},s.a.createElement("h5",null,a))),s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(r.EuiLink,{onClick:e,"data-test-subj":"summary-view-go-to-table-link"},s.a.createElement(r.EuiText,{size:"xs"},Z.F)))),s.a.createElement(r.EuiSpacer,{size:"s"}),s.a.createElement(X,{"data-test-subj":"summary-view",items:t,columns:i,rowProps:de,compressed:!0}))},me=s.a.memo(pe),ge=({browserFields:e,data:t,eventId:a,isDraggable:n,scopeId:i,title:r,goToTable:l,isReadOnly:c,investigationFields:u})=>{const d=Object(o.useMemo)((()=>Object(J.c)({browserFields:e,data:t,eventId:a,isDraggable:n,scopeId:i,isReadOnly:c,investigationFields:u})),[e,t,a,n,i,c,u]);return s.a.createElement(me,{goToTable:l,isReadOnly:c,rows:d,title:r})},ye=s.a.memo(ge);var fe=a(509),be=a(927),he=a(402),Ee=a(61),ve=a(135),xe=a(188);const ke=Ee.euiStyled.div`
  margin-left: ${({theme:e})=>e.eui.euiSizeS};
`,Se=Object(Ee.euiStyled)(r.EuiPanel)`
  &&& {
    background-color: ${({theme:e})=>e.eui.euiColorLightestShade};
    padding: ${({theme:e})=>e.eui.euiSizeS};
    height: 78px;
  }

  &:hover {
    .inlineActions {
      opacity: 1;
      width: auto;
      transform: translate(0);
    }
  }

  .inlineActions {
    opacity: 0;
    width: 0;
    transform: translate(6px);
    transition: transform 50ms ease-in-out;

    &.inlineActions-popoverOpen {
      opacity: 1;
      width: auto;
      transform: translate(0);
    }
   }
`,we=({title:e,children:t})=>s.a.createElement(Se,{borderRadius:"none",hasShadow:!1,hasBorder:!1,paddingSize:"s"},s.a.createElement(r.EuiText,{size:"s"},e),s.a.createElement(r.EuiSpacer,{size:"s"}),t);we.displayName="OverviewCard";const je=Ee.euiStyled.div`
  /* Clamp text content to 2 lines */
  display: -webkit-box;
  -webkit-line-clamp: 2;
  -webkit-box-orient: vertical;
  overflow: hidden;
`;je.displayName="ClampedContent";const Oe=({title:e,children:t,contextId:a,dataTestSubj:n,enrichedFieldInfo:i})=>s.a.createElement(we,{title:e},s.a.createElement(r.EuiFlexGroup,{alignItems:"center",gutterSize:"none"},s.a.createElement(je,{"data-test-subj":n},t),s.a.createElement(ke,null,s.a.createElement(F.c,{data:{field:i.data.field,value:null==i?void 0:i.values},triggerId:F.d.DETAILS_FLYOUT,mode:F.a.INLINE,sourcererScopeId:Object(_.getSourcererScopeId)(a),metadata:{scopeId:a},visibleCellActions:3}))));Oe.displayName="OverviewCardWithActions";var Ie=a(906),Te=a(329),Ce=a(293),Me=a(711);const Fe=Object(Ee.euiStyled)(r.EuiFlexGroup)`
  flex-grow: 0;
`,De=s.a.memo((({browserFields:e,contextId:t,data:a,eventId:n,handleOnEventClosed:i,scopeId:l,isReadOnly:c})=>{const u=Object(o.useMemo)((()=>{const i=Object(M.find)({field:xe.o,category:"kibana"},a);return i&&Object(te.b)({eventId:n,contextId:t,scopeId:l,browserFields:e,item:i})}),[e,t,a,n,l]),d=Object(o.useMemo)((()=>{const i=Object(M.find)({field:"kibana.alert.severity",category:"kibana"},a);return i&&Object(te.b)({eventId:n,contextId:t,scopeId:l,browserFields:e,item:i})}),[e,t,a,n,l]),p=Object(o.useMemo)((()=>{const i=Object(M.find)({field:"kibana.alert.risk_score",category:"kibana"},a);return i&&Object(te.b)({eventId:n,contextId:t,scopeId:l,browserFields:e,item:i})}),[e,t,a,n,l]),m=Object(o.useMemo)((()=>{const i=Object(M.find)({field:xe.n,category:"kibana"},a),r=Object(M.find)({field:"kibana.alert.rule.uuid",category:"kibana"},a);return i&&Object(te.b)({eventId:n,contextId:t,scopeId:l,browserFields:e,item:i,linkValueField:r})}),[e,t,a,n,l]),g=Ae(u)&&!c?s.a.createElement(r.EuiFlexItem,{key:"status"},s.a.createElement(Oe,{title:ve.J,enrichedFieldInfo:u,contextId:t},s.a.createElement(Ie.a,{eventId:n,contextId:t,enrichedFieldInfo:u,scopeId:l,handleOnEventClosed:i}))):null,y=Ae(d)?s.a.createElement(r.EuiFlexItem,{key:"severity"},c?s.a.createElement(we,{title:ve.s},s.a.createElement(Te.a,{value:d.values[0]})):s.a.createElement(Oe,{title:ve.s,enrichedFieldInfo:d,contextId:t},s.a.createElement(Te.a,{value:d.values[0]}))):null,f=Ae(p)?s.a.createElement(r.EuiFlexItem,{key:"riskScore"},c?s.a.createElement(we,{title:ve.o},p.values[0]):s.a.createElement(Oe,{title:ve.o,enrichedFieldInfo:p,contextId:t,dataTestSubj:"riskScore"},p.values[0])):null,b=Ae(m)&&!c?s.a.createElement(r.EuiFlexItem,{key:"ruleName"},s.a.createElement(Oe,{title:ve.p,enrichedFieldInfo:m,contextId:t},s.a.createElement(A.a,{contextId:t,eventId:n,value:m.values[0],fieldName:m.data.field,linkValue:m.linkValue,fieldType:m.data.type,fieldFormat:m.data.format,isDraggable:!1,truncate:!1}))):null,{width:h,ref:E}=Object(Ce.b)(),v=0===h||h&&h>=675,x=[g,y,f,b].filter(Me.h),k=v?s.a.createElement(Fe,{gutterSize:"s"},x):s.a.createElement(s.a.Fragment,null,Object(M.chunk)(2,x).map(((e,t,{length:a})=>{const n=t<a-1;return s.a.createElement(o.Fragment,{key:t},s.a.createElement(Fe,{gutterSize:"s"},e),n&&s.a.createElement(r.EuiSpacer,{size:"s"}))})));return s.a.createElement("div",{ref:E},k)}));function Ae(e){return!!e&&Array.isArray(e.values)}De.displayName="Overview";var _e=a(129),Ne=a(243);function Re(e){return Boolean(e&&e.values&&e.values.length)}var qe=a(102),Pe=a(17),Le=a(684);const Be=Object(Ee.euiStyled)(r.EuiAccordion)`
  border: 1px solid ${({theme:e})=>e.eui.euiColorLightShade};
  padding: 10px 8px;
  border-radius: 6px;
`,ze=s.a.memo((({prefix:e,state:t,text:a,renderContent:n,onToggle:i=M.noop,extraAction:o,forceState:l})=>{const c=Object(r.useGeneratedHtmlId)({prefix:e});switch(t){case"loading":return s.a.createElement(Be,{id:c,buttonContent:a,onToggle:i,isLoading:!0});case"error":return s.a.createElement(Be,{id:c,buttonContent:s.a.createElement("span",null,s.a.createElement(r.EuiIcon,{type:"warning",color:"danger",style:{marginRight:"6px"}}),a),onToggle:i,extraAction:o});case"success":return s.a.createElement(Be,{"tour-step":`${e}-accordion`,"data-test-subj":`${e}-accordion`,id:c,buttonContent:a,onToggle:i,paddingSize:"l",extraAction:o,forceState:l},n());default:return null}}));ze.displayName="InsightAccordion";var $e=a(132),Ve=a(233),Ge=a(232);const Ue=(e,t)=>({fields:t,_source:!1,query:{ids:{values:e}}}),He=["@timestamp","kibana.alert.rule.name","kibana.alert.severity"],We=[{field:"kibana.alert.rule.name",name:"Rule"},{field:"@timestamp",name:"@timestamp",render:e=>s.a.createElement($e.c,{value:new Date(e)})},{field:"kibana.alert.severity",name:"Severity",render:e=>s.a.createElement(Te.a,{value:e})}],Qe=s.a.memo((({alertIds:e})=>{const t=Object(o.useMemo)((()=>e.slice(0,10)),[e]),{loading:a,error:n,data:i}=(({alertIds:e,fields:t=["*"]})=>{const[a]=Object(o.useState)((()=>Ue(e,t))),{loading:n,data:i,setQuery:r}=Object(Ve.a)({query:a,queryName:Ge.a.BY_ID});return Object(o.useEffect)((()=>{r(Ue(e,t))}),[r,e,t]),{loading:n,error:!n&&void 0===i,data:null==i?void 0:i.hits.hits}})({alertIds:t,fields:He}),l=Object(o.useMemo)((()=>{if(i)return i.map((e=>e.fields))}),[i]);if(a)return s.a.createElement(r.EuiSkeletonText,{lines:2});if(n)return s.a.createElement(s.a.Fragment,null,Ne.p);if(l){const t=e.length>10;return s.a.createElement(s.a.Fragment,null,t&&s.a.createElement("div",null,s.a.createElement("em",null,Ne.q),s.a.createElement(r.EuiSpacer,null)),s.a.createElement(r.EuiBasicTable,{compressed:!0,items:l,columns:We}))}return null}));Qe.displayName="SimpleAlertTable";const Ye=s.a.memo((({originalDocumentId:e,index:t,eventId:a,scopeId:n})=>{const[i,r]=Object(o.useState)(!1),[l,c]=Object(o.useState)({}),u=Object(o.useCallback)((e=>r(e)),[]),d=Object(o.useCallback)((()=>i?l.alertIds?s.a.createElement(Ze,{eventId:a,scopeId:n,alertIds:l.alertIds}):s.a.createElement(Ke,{index:t,originalDocumentId:e,eventId:a,isActiveTimelines:Object(_.isActiveTimeline)(null!=n?n:""),onCacheLoad:c}):null),[i,l.alertIds,t,e,a,n]);return s.a.createElement(ze,{prefix:"RelatedAlertsByProcessAncestry",state:"success",text:l.alertIds?Object(Ne.h)(l.alertIds.length):Ne.g,renderContent:d,onToggle:u})}));Ye.displayName="RelatedAlertsByProcessAncestry";const Ke=({originalDocumentId:e,index:t,isActiveTimelines:a,onCacheLoad:n,eventId:i})=>{const{values:l}=t,{values:c}=e,u=Array.isArray(c)?c[0]:"",{loading:d,error:p,alertIds:m}=Object(Le.a)({isActiveTimeline:a,documentId:u,indices:null!=l?l:[]});return Object(o.useEffect)((()=>{m&&0!==m.length&&n({alertIds:m})}),[m,n]),d?s.a.createElement(r.EuiLoadingSpinner,null):p?s.a.createElement(s.a.Fragment,null,Ne.j):m&&0!==m.length?null:s.a.createElement(s.a.Fragment,null,Ne.i)};Ke.displayName="FetchAndNotifyCachedAlertsByProcessAncestry";const Ze=({alertIds:e,eventId:t,scopeId:a})=>{const n=e&&e.length&&e.length>=5,i=Object(o.useMemo)((()=>e&&e.length?n?null:e.reduce(((e,n,i)=>{const r=`${a}-${t}-event.id-${i}-${n}`;return e.push(Object(oe.a)("_id",r,n)),e}),[]):null),[e,n,a,t]),l=Object(o.useMemo)((()=>n?[{meta:{alias:Ne.k,type:"phrases",key:"_id",params:[...e],negate:!1,disabled:!1,value:e.join()},query:{bool:{should:e.map((e=>({match_phrase:{_id:e}}))),minimum_should_match:1}}}]:null),[e,n]);return i||l?s.a.createElement(s.a.Fragment,null,s.a.createElement(Qe,{alertIds:e}),s.a.createElement(r.EuiSpacer,null),s.a.createElement(re.a,{asEmptyButton:!1,dataProviders:i,filters:l,"data-test-subj":"investigate-ancestry-in-timeline"},ve.h)):null};Ze.displayName="ActualRelatedAlertsByProcessAncestry";var Je=a(363),Xe=a(123),et=a(4);const tt=s.a.memo((({eventId:e})=>{const{services:{cases:t}}=Object(qe.j)(),a=Object(qe.n)(),[n,i]=Object(o.useState)(void 0),[r,l]=Object(o.useState)(!1),{activeStep:c,isTourShown:u}=Object(Je.b)(),d=Object(o.useMemo)((()=>c===h.a.viewCase&&u(h.b.alertsCases)),[c,u]),p=Object(o.useCallback)((()=>function(e=[]){const t=e.length;return s.a.createElement("span",null,s.a.createElement(k.FormattedMessage,{defaultMessage:"This alert was found in {caseCount}",id:"xpack.securitySolution.alertDetails.overview.insights_related_cases_found_content",values:{caseCount:s.a.createElement("strong",null,s.a.createElement(k.FormattedMessage,{id:"xpack.securitySolution.alertDetails.overview.insights_related_cases_found_content_count",defaultMessage:"{caseCount} {caseCount, plural, =0 {cases.} =1 {case:} other {cases:}}",values:{caseCount:t}}))}}),e.map((({id:t,title:a},n)=>t&&a?s.a.createElement("span",{key:t}," ",s.a.createElement(Xe.a,{detailName:t,title:a,index:n},a),e[n+1]?",":""):s.a.createElement(s.a.Fragment,null))))}(n)),[n]),[m,g]=Object(o.useState)(!1);Object(o.useEffect)((()=>{if(!m)return;let n=!1;return(async()=>{let r=[];try{var o;e&&(r=null!==(o=await t.api.getRelatedCases(e,{owner:et.i}))&&void 0!==o?o:[])}catch(e){n||l(!0),a.addWarning(Object(Ne.c)(e))}n||(i(r),g(!1))})(),()=>{n=!0}}),[t.api,e,m,a]),Object(o.useEffect)((()=>{g(!0)}),[e]);let y="loading";return r?y="error":n&&(y="success"),s.a.createElement(ze,{prefix:"RelatedCases",state:y,text:at(y,null==n?void 0:n.length),renderContent:p,forceState:d?"open":void 0})}));function at(e,t=0){switch(e){case"loading":return Ne.d;case"error":return Ne.b;case"success":return Object(Ne.a)(t);default:return""}}tt.displayName="RelatedCases";const nt=s.a.memo((({browserFields:e,data:t,eventId:a,scopeId:n})=>{const{field:i,values:l}=t,{error:c,count:u,alertIds:d}=Object(se.a)({field:i,value:l,isActiveTimelines:Object(_.isActiveTimeline)(n),signalIndexName:null,includeAlertIds:!0}),{fieldFromBrowserField:p}=Object(te.b)({browserFields:e,contextId:n,eventId:a,field:{id:t.field},scopeId:n,item:t}),m=Object(oe.c)({field:i,values:l,contextId:n,eventId:a,fieldFromBrowserField:p,fieldFormat:null==p?void 0:p.format,fieldType:null==p?void 0:p.type}),g=0===u;let y="loading";c?y="error":d&&(y="success");const f=Object(o.useCallback)((()=>d&&null!=m&&m.dataProviders?g&&"loading"!==y?Ne.s:s.a.createElement(s.a.Fragment,null,s.a.createElement(Qe,{alertIds:d}),s.a.createElement(r.EuiSpacer,null),s.a.createElement(re.a,{asEmptyButton:!1,dataProviders:null==m?void 0:m.dataProviders},ve.h)):null),[d,null==m?void 0:m.dataProviders,g,y]);return s.a.createElement(ze,{prefix:"RelatedAlertsBySourceEvent",state:y,text:it(y,u),renderContent:f})}));function it(e,t){switch(e){case"loading":return Ne.u;case"error":return Ne.t;case"success":return Object(Ne.r)(t);default:return""}}nt.displayName="RelatedAlertsBySourceEvent";const rt=s.a.memo((({browserFields:e,data:t,eventId:a,scopeId:n})=>{const{field:i,values:l}=t,{error:c,count:u,alertIds:d}=Object(se.a)({field:i,value:l,isActiveTimelines:Object(_.isActiveTimeline)(n),signalIndexName:null,includeAlertIds:!0,ignoreTimerange:!0}),{fieldFromBrowserField:p}=Object(te.b)({browserFields:e,contextId:n,eventId:a,field:{id:t.field},scopeId:n,item:t}),m=Object(oe.c)({field:i,values:l,contextId:n,eventId:a,fieldFromBrowserField:p,fieldFormat:null==p?void 0:p.format,fieldType:null==p?void 0:p.type}),g=0===u;let y="loading";c?y="error":(d||g)&&(y="success");const f=Object(o.useCallback)((()=>d&&null!=m&&m.dataProviders?g&&"loading"!==y?Ne.m:s.a.createElement(s.a.Fragment,null,s.a.createElement(Qe,{alertIds:d}),s.a.createElement(r.EuiSpacer,null),s.a.createElement(re.a,{asEmptyButton:!1,dataProviders:null==m?void 0:m.dataProviders},ve.h)):null),[d,null==m?void 0:m.dataProviders,g,y]);return s.a.createElement(ze,{prefix:"RelatedAlertsBySession",state:y,text:ot(y,u),renderContent:f})}));function ot(e,t){switch(e){case"loading":return Ne.o;case"error":return Ne.n;case"success":return Object(Ne.l)(t);default:return""}}rt.displayName="RelatedAlertsBySession";const st=Ee.euiStyled.div`
  border: 1px solid ${({theme:e})=>e.eui.euiColorLightShade};
  padding: 12px;
  border-radius: 6px;
`,lt=Object(Ee.euiStyled)(r.EuiIcon)`
  margin-right: 10px;
`,ct=s.a.memo((()=>{const{getAppUrl:e,navigateTo:t}=Object(qe.l)(),a=e({appId:"management",path:"stack/license_management"}),n=Object(o.useCallback)((()=>{t({url:a})}),[t,a]);return s.a.createElement(st,null,s.a.createElement(r.EuiFlexGroup,{alignItems:"center",gutterSize:"none"},s.a.createElement(r.EuiFlexItem,{grow:!1},s.a.createElement(lt,{size:"m",type:"lock"})),s.a.createElement(r.EuiFlexItem,null,s.a.createElement(r.EuiText,{size:"s"},s.a.createElement(r.EuiLink,{color:"subdued",onClick:n,target:"_blank"},Ne.f)))))}));ct.displayName="RelatedAlertsUpsell";const ut=Object(Ee.euiStyled)(r.EuiFlexItem)`
  border: 1px solid ${({theme:e})=>e.eui.euiColorLightShade};
  padding: 10px 8px;
  border-radius: 6px;
  display: inline-flex;
`,dt=s.a.memo((({browserFields:e,eventId:t,data:a,isReadOnly:n,scopeId:i})=>{const o=Object(g.a)("insightsRelatedAlertsByProcessAncestry"),l=Object(Pe.b)().isPlatinumPlus(),c=Object(M.find)({category:"kibana",field:"kibana.alert.ancestors.id"},a),u=Object(M.find)({category:"kibana",field:"kibana.alert.rule.parameters.index"},a),d=Object(M.find)({category:"agent",field:"agent.type"},a),p=Object(M.find)({category:"event",field:"event.module"},a),m=Re(Object(M.find)({category:"process",field:"process.entity_id"},a))&&function(e,t){return Re(e)&&("endpoint"===e.values[0]||"winlogbeat"===e.values[0]&&Re(t)&&"sysmon"===t.values[0])}(d,p),y=Object(M.find)({category:"process",field:"process.entry_leader.entity_id"},a),f=o&&Re(y),b=Object(M.find)({category:"kibana",field:"kibana.alert.original_event.id"},a),h=Re(b),E=Object(M.find)({category:"kibana",field:_e.Y},a),v=Re(E),x=Object(qe.h)().read,k=o&&m&&c&&u;return n||!(x||m||h||f)?null:s.a.createElement("div",null,s.a.createElement(r.EuiFlexGroup,{direction:"column",gutterSize:"m"},s.a.createElement(r.EuiFlexItem,null,s.a.createElement(r.EuiTitle,{size:"xxxs"},s.a.createElement("h5",null,Ne.e))),v&&s.a.createElement(ut,null,s.a.createElement("div",null,s.a.createElement(r.EuiIcon,{type:"layers",style:{marginLeft:"4px",marginRight:"8px"}}),Ne.v(parseInt(E.values[0],10)),s.a.createElement(r.EuiBetaBadge,{label:Ne.w,style:{verticalAlign:"middle",marginLeft:"8px"},size:"s"}))),x&&s.a.createElement(r.EuiFlexItem,null,s.a.createElement(tt,{eventId:t})),b&&b.values&&s.a.createElement(r.EuiFlexItem,null,s.a.createElement(nt,{browserFields:e,data:b,eventId:t,scopeId:i})),y&&y.values&&s.a.createElement(r.EuiFlexItem,{"data-test-subj":"related-alerts-by-session"},s.a.createElement(rt,{browserFields:e,data:y,eventId:t,scopeId:i})),k&&(l?s.a.createElement(r.EuiFlexItem,{"data-test-subj":"related-alerts-by-ancestry"},s.a.createElement(Ye,{originalDocumentId:c,index:u,eventId:t,scopeId:i})):s.a.createElement(r.EuiFlexItem,null,s.a.createElement(ct,null)))))}));dt.displayName="Insights";var pt=a(284);const mt={cursorStart:0,querySize:1};var gt=a(420),yt=a(127),ft=a(382),bt=a(931);let ht;!function(e){e.tableView="table-view",e.jsonView="json-view",e.summaryView="summary-view",e.threatIntelView="threat-intel-view",e.osqueryView="osquery-results-view",e.responseActionsView="response-actions-results-view"}(ht||(ht={}));const Et=c()(r.EuiTabbedContent).withConfig({displayName:"StyledEuiTabbedContent",componentId:"sc-xa1bmm-0"})(["display:flex;flex:1;flex-direction:column;overflow:hidden;> [role='tabpanel']{display:flex;flex:1;flex-direction:column;overflow:hidden;overflow-y:auto;::-webkit-scrollbar{-webkit-appearance:none;width:7px;}::-webkit-scrollbar-thumb{border-radius:4px;background-color:rgba(0,0,0,0.5);-webkit-box-shadow:0 0 1px rgba(255,255,255,0.5);}}"]),vt=c.a.div.withConfig({displayName:"TabContentWrapper",componentId:"sc-xa1bmm-1"})(["height:100%;position:relative;"]),xt=c.a.div.withConfig({displayName:"RendererContainer",componentId:"sc-xa1bmm-2"})(["overflow-x:auto;padding-right:",";& ."," .euiFlexGroup{justify-content:flex-start;}"],(e=>e.theme.eui.euiSizeXS),yt.a),kt=c()(r.EuiFlexGroup).withConfig({displayName:"ThreatTacticContainer",componentId:"sc-xa1bmm-3"})(["flex-grow:0;flex-wrap:nowrap;& .euiFlexGroup{flex-wrap:nowrap;}"]),St=c.a.div.withConfig({displayName:"ThreatTacticDescription",componentId:"sc-xa1bmm-4"})(["padding-left:",";"],(e=>e.theme.eui.euiSizeL)),wt=({browserFields:e,data:t,detailsEcsData:a,id:n,isAlert:l,isDraggable:c,rawEventData:x,scopeId:k,timelineTabType:S,handleOnEventClosed:j,isReadOnly:O})=>{const[I,T]=Object(o.useState)(ht.summaryView),C=Object(o.useCallback)((e=>T(e.id)),[]),M=Object(o.useCallback)((()=>T(ht.tableView)),[]),F=Object(o.useMemo)((()=>Object(D.b)(t)),[t]),A=Object(d.b)(t),{rule:_}=Object(p.a)(A.ruleId),N=Object(o.useMemo)((()=>l?Object(D.f)(t).map((e=>Object(D.g)(e))):[]),[t,l]),{result:R,loading:q,setRange:P,range:L}=Object(fe.c)(F),B=Object(o.useMemo)((()=>Object(y.a)(x)),[x]),z=Object(o.useMemo)((()=>q||null==R||!R.enrichments?N:Object(D.a)([...N,...R.enrichments])),[q,R,N]),$=z.length,{hostRisk:V,userRisk:G,isAuthorized:U}=(e=>{const{hostName:t,userName:a}=Object(d.b)(e),n=Object(o.useMemo)((()=>t?Object(w.D)([t]):void 0),[t]),{data:i,loading:r,isAuthorized:s,isModuleEnabled:l}=Object(pt.c)({filterQuery:n,pagination:mt,riskEntity:w.w.host,skip:!n}),c=Object(o.useMemo)((()=>({loading:r,isModuleEnabled:l,result:i})),[i,r,l]),u=Object(o.useMemo)((()=>a?Object(w.E)([a]):void 0),[a]),{data:p,loading:m,isAuthorized:g,isModuleEnabled:y}=Object(pt.c)({filterQuery:u,pagination:mt,riskEntity:w.w.user,skip:!u});return{userRisk:Object(o.useMemo)((()=>({loading:m,isModuleEnabled:y,result:p})),[m,y,p]),hostRisk:c,isAuthorized:s&&g}})(t),H=Object(o.useMemo)((()=>null!=a?Object(gt.a)({data:a,rowRenderers:ft.b}):null),[a]),W=Object(o.useMemo)((()=>Object(b.c)(k)),[k]),Q=Object(o.useMemo)((()=>$>0||U&&(V||G)),[$,V,U,G]),J=Object(g.a)("endpointResponseActionsEnabled"),X=Object(o.useMemo)((()=>{var i;return l?{id:ht.summaryView,name:Z.v,"data-test-subj":"overviewTab",content:s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiSpacer,{size:"m"}),s.a.createElement(De,{browserFields:e,contextId:k,data:t,eventId:n,scopeId:k,handleOnEventClosed:j,isReadOnly:O}),s.a.createElement(r.EuiSpacer,{size:"l"}),B&&B[0]&&s.a.createElement(kt,{alignItems:"flexStart",direction:"column",wrap:!1,gutterSize:"none"},s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiTitle,{size:"xxs"},s.a.createElement("h5",null,B[0].title)),s.a.createElement(St,null,B[0].description))),s.a.createElement(r.EuiSpacer,{size:"l"}),null!=H&&null!=a&&s.a.createElement("div",null,s.a.createElement(r.EuiTitle,{size:"xs"},s.a.createElement("h5",null,Z.c)),s.a.createElement(r.EuiSpacer,{size:"s"}),s.a.createElement(xt,{"data-test-subj":"renderer"},H.renderRow({contextId:"event-details",data:a,isDraggable:null!=c&&c,scopeId:k}))),s.a.createElement(r.EuiHorizontalRule,null),s.a.createElement(ye,{data:t,eventId:n,browserFields:e,isDraggable:c,scopeId:k,title:Z.l,isReadOnly:O,goToTable:M,investigationFields:null!==(i=null==_?void 0:_.investigation_fields)&&void 0!==i?i:[]}),s.a.createElement(r.EuiSpacer,{size:"xl"}),s.a.createElement(dt,{browserFields:e,eventId:n,data:t,scopeId:k,isReadOnly:O}),Q&&s.a.createElement(Y,{isDraggable:c,hostRisk:V,userRisk:G,browserFields:e,data:t,eventId:n,scopeId:k,enrichments:z,isReadOnly:O}),q&&s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiSkeletonText,{lines:2})),A.ruleId&&(null==_?void 0:_.note)&&s.a.createElement(he.b,{basicData:A,ruleNote:_.note}))}:void 0}),[l,e,k,t,n,j,O,B,H,a,c,M,null==_?void 0:_.investigation_fields,null==_?void 0:_.note,Q,V,G,z,q,A]),ee=Object(o.useMemo)((()=>l&&!O?{id:ht.threatIntelView,"data-test-subj":"threatIntelTab",name:Z.C,append:s.a.createElement(s.a.Fragment,null,q?s.a.createElement(r.EuiLoadingSpinner,null):s.a.createElement(r.EuiNotificationBadge,{"data-test-subj":"enrichment-count-notification"},$)),content:s.a.createElement(K.a,{before:s.a.createElement(r.EuiSpacer,{size:"m"}),loading:q,enrichments:z,showInvestigationTimeEnrichments:!Object(u.isEmpty)(F)},s.a.createElement(s.a.Fragment,null,s.a.createElement(be.a,{setRange:P,loading:q,range:L}),s.a.createElement(r.EuiSpacer,{size:"m"})))}:void 0),[z,P,L,$,l,F,q,O]),te=Object(o.useMemo)((()=>({id:ht.tableView,"data-test-subj":"tableTab",name:Z.B,content:s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiSpacer,{size:"l"}),s.a.createElement(E.a,{browserFields:e,data:t,eventId:n,isDraggable:c,scopeId:k,timelineTabType:S,isReadOnly:O}))})),[e,t,n,c,k,S,O]),ae=Object(o.useMemo)((()=>({id:ht.jsonView,"data-test-subj":"jsonViewTab",name:Z.r,content:s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiSpacer,{size:"m"}),s.a.createElement(vt,{"data-test-subj":"jsonViewWrapper"},s.a.createElement(v.a,{rawEventData:x})))})),[x]),ne=Object(m.a)({rawEventData:x,...null!==a?{ecsData:a}:{}}),ie=Object(bt.a)({rawEventData:x,...null!==a?{ecsData:a}:{}}),re=Object(o.useMemo)((()=>J?[ne]:[ie]),[J,ie,ne]),oe=Object(o.useMemo)((()=>[X,ee,te,ae,...re].filter((e=>!!e))),[X,ee,te,ae,re]),se=Object(o.useMemo)((()=>{var e;return null!==(e=oe.find((e=>e.id===I)))&&void 0!==e?e:oe[0]}),[oe,I]),le=Object(o.useMemo)((()=>W?{"tour-step":Object(h.c)(3,h.b.alertsCases)}:{}),[W]);return s.a.createElement(f.a,{isTourAnchor:W,step:h.a.reviewAlertDetailsFlyout,tourId:h.b.alertsCases},s.a.createElement(s.a.Fragment,null,s.a.createElement(r.EuiSpacer,{size:"s"}),s.a.createElement(Et,i()({},le,{"data-test-subj":"eventDetails",tabs:oe,selectedTab:se,onTabClick:C,key:"event-summary-tabs"}))))};wt.displayName="EventDetailsComponent";const jt=s.a.memo(wt)},function(e,t,a){"use strict";a.d(t,"a",(function(){return ue}));var n=a(40),i=a(42),r=a(2),o=a.n(r),s=a(41),l=a.n(s),c=a(180),u=a(49),d=a(13),p=a(1061),m=a(268),g=a(102),y=a(896),f=a(415),b=a(162),h=a(648),E=a(231),v=a(474),x=a(957),k=a(1415),S=a(5);const w=S.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.mlRunJobLabel",{defaultMessage:"Run job"}),j=S.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.mlStopJobLabel",{defaultMessage:"Stop job"}),O=(S.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.mlJobStoppedDescription",{defaultMessage:"Stopped"}),S.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.mlAdminPermissionsRequiredDescription",{defaultMessage:"ML Admin Permissions required to perform this action"}));var I,T=a(204),C=a(1104);!function(e){e.info="info",e.warning="warning",e.error="error"}(I||(I={}));const M=({message:e})=>{if(!e)return null;let t="primary",a="warning";return e.level===I.info?a="iInCircle":e.level===I.warning?t="warning":e.level===I.error&&(t="danger"),o.a.createElement(n.EuiToolTip,{content:e.text},o.a.createElement(n.EuiIcon,{"data-test-subj":"mlJobAuditIcon",type:a,color:t}))},F=Object(r.memo)(M),D=S.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.mlJobStartedDescription",{defaultMessage:"Started"}),A=S.i18n.translate("xpack.securitySolution.detectionEngine.ruleDescription.mlJobStoppedDescription",{defaultMessage:"Stopped"}),_=({job:e})=>{const t=Object(T.c)(e.jobState,e.datafeedState),a=t?"success":"danger",i=t?D:A;return o.a.createElement(n.EuiBadge,{"data-test-subj":"machineLearningJobStatus",color:a},i)},N=Object(r.memo)(_),R=l.a.div.withConfig({displayName:"Wrapper",componentId:"sc-ilmnak-0"})(["overflow:hidden;"]),q=({job:e,switchComponent:t,...a})=>{var i;const r=Object(T.c)(e.jobState,e.datafeedState);return o.a.createElement(R,a,o.a.createElement("div",null,o.a.createElement(C.a,{jobId:e.id,jobName:null===(i=e.customSettings)||void 0===i?void 0:i.security_app_display_name}),o.a.createElement(F,{message:e.auditMessage})),o.a.createElement(n.EuiFlexGroup,{justifyContent:"flexStart"},o.a.createElement(n.EuiFlexItem,{grow:!1,style:{marginRight:"0"}},o.a.createElement(N,{job:e})),o.a.createElement(n.EuiFlexItem,{grow:!1},t),o.a.createElement(n.EuiFlexItem,{grow:!1,style:{marginLeft:"0"},"data-test-subj":"mlJobActionLabel"},r?j:w)))},P=Object(r.memo)(q),L=({job:e,loading:t,refreshJob:a})=>{const{enableDatafeed:n,disableDatafeed:i,isLoading:s}=Object(x.a)(),l=Object(r.useCallback)((async(t,r,o)=>{o?await n(e,r):await i(e),a(e)}),[n,i,e,a]),c=Object(r.useMemo)((()=>o.a.createElement(k.a,{job:e,isSecurityJobsLoading:t||s,onJobStateChange:l})),[l,s,e,t]);return o.a.createElement(P,{job:e,switchComponent:c})},B=Object(r.memo)(L),z=({jobIds:e})=>{const{loading:t,jobs:a,refetch:n,isMlAdmin:i}=Object(v.a)();if(!i)return null;const r=a.filter((t=>e.includes(t.id)));return o.a.createElement(o.a.Fragment,null,r.map((e=>o.a.createElement(B,{key:e.id,job:e,loading:t,refreshJob:n}))))},$=Object(r.memo)(z);var V=a(385),G=a(667),U=a.n(G);const H=({job:e})=>{const t=Object(r.useMemo)((()=>o.a.createElement(n.EuiToolTip,{content:O},o.a.createElement(n.EuiSwitch,{disabled:!0,"data-test-subj":"mlUserJobSwitch",showLabel:!1,label:"",checked:Object(T.c)(e.jobState,e.datafeedState),onChange:U.a}))),[e]);return o.a.createElement(P,{job:e,switchComponent:t})},W=Object(r.memo)(H),Q=({jobIds:e})=>{const{isMlUser:t,jobs:a}=Object(V.b)();if(!t)return null;const n=a.filter((t=>e.includes(t.id)));return o.a.createElement(o.a.Fragment,null,n.map((e=>o.a.createElement(W,{key:e.id,job:e}))))},Y=Object(r.memo)(Q),K=({jobIds:e})=>{const t=Object(b.a)(),a=Object(E.a)(t);return Object(h.a)(t)?o.a.createElement($,{jobIds:e}):a?o.a.createElement(Y,{jobIds:e}):null},Z=Object(r.memo)(K),J=({actions:e})=>e.length?o.a.createElement("ul",null,e.map(((e,t)=>o.a.createElement("li",{key:t},X(e.actionTypeId))))):null,X=e=>{if(!e)return"";const t=e.split(".")[1];return t?Object(i.startCase)(t):""};a(104);var ee=a(4);a(125);const te=[{value:ee.Rb,text:"On each rule execution"},{value:"1h",text:"Hourly"},{value:"1d",text:"Daily"},{value:"7d",text:"Weekly"}],ae=[{value:ee.Qb,text:"Perform no actions"},...te],ne=ae[0],ie=(e=ne.value,t)=>{const a=Object(i.find)(["value",e],ae);return{title:t,description:a?a.text:e}};var re=a(417),oe=a(17);const se=l()(n.EuiDescriptionList).withConfig({displayName:"DescriptionListContainer",componentId:"sc-157un4q-0"})(["max-width:600px;&.euiDescriptionList--column .euiDescriptionList__title{width:30%;}&.euiDescriptionList--column .euiDescriptionList__description{width:70%;overflow-wrap:anywhere;}"]),le=c.css`
  dt {
    font-size: 90% !important;
  }
  text-overflow: ellipsis;
`,ce=({data:e,columns:t="multi",indexPatterns:a,schema:s,isInPanelView:l})=>{const c=Object(g.j)(),u=Object(oe.b)(),[p]=Object(r.useState)(new d.FilterManager(c.services.uiSettings)),m=Object.keys(s).reduce(((t,n)=>{return"machineLearningJobId"===n?[...t,(r=Object(i.get)(n,e),l=Object(i.get)(n,s).label,{title:l,description:o.a.createElement(Z,{jobIds:r})})]:"throttle"===n?[...t,ie(Object(i.get)(n,e),Object(i.get)([n,"label"],s))]:"actions"===n?[...t,(c=Object(i.get)(n,e),d=Object(i.get)([n,"label"],s),{title:c.length?d:"",description:o.a.createElement(J,{actions:c})})]:[...t,...de(e,Object(i.pick)(n,s),p,u,a)];var r,l,c,d}),[]);return"multi"===t?o.a.createElement(n.EuiFlexGroup,null,Object(i.chunk)(Math.ceil(m.length/2),m).map(((e,t)=>o.a.createElement(n.EuiFlexItem,{"data-test-subj":"listItemColumnStepRuleDescription",key:`description-step-rule-${t}`},o.a.createElement(n.EuiDescriptionList,{listItems:e}))))):l?o.a.createElement(n.EuiFlexGroup,null,o.a.createElement(n.EuiFlexItem,{"data-test-subj":"listItemColumnStepRuleDescriptionPanel"},o.a.createElement(n.EuiDescriptionList,{listItems:m,className:le}))):o.a.createElement(n.EuiFlexGroup,null,o.a.createElement(n.EuiFlexItem,{"data-test-subj":"listItemColumnStepRuleDescription"},"single"===t?o.a.createElement(n.EuiDescriptionList,{listItems:m}):o.a.createElement(se,{"data-test-subj":"singleSplitStepRuleDescriptionList",type:"column",listItems:m})))},ue=Object(r.memo)(ce),de=(e,t,a,n,r)=>Object.keys(t).reduce(((o,s)=>[...o,...me(s,Object(i.get)([s,"label"],t),e,a,n,r)]),[]),pe=e=>e.map((e=>null==e.$state?{$state:{store:u.FilterStateStore.APP_STATE},...e}:e)),me=(e,t,a,n,r,o)=>{if("queryBar"===e){var s;const t=pe(null!==(s=Object(i.get)("queryBar.filters",a))&&void 0!==s?s:[]),r=Object(i.get)("queryBar.query.query",a),l=Object(i.get)("queryBar.saved_id",a),c=Object(i.get)("queryBar.title",a);return Object(y.g)({field:e,filters:t,filterManager:n,query:r,savedId:l,savedQueryName:c,indexPatterns:o})}if("responseActions"===e)return[];if("groupByFields"===e){const n=Object(i.get)(e,a);return Object(y.a)(t,n,r)}if("groupByRadioSelection"===e)return[];if("groupByDuration"===e){if(Object(i.get)("groupByFields",a).length>0){const n=Object(i.get)(e,a);return Object(y.c)(t,n,r,Object(i.get)("groupByRadioSelection",a))}return[]}if("suppressionMissingFields"===e){if(Object(i.get)("groupByFields",a).length>0){const n=Object(i.get)(e,a);return Object(y.b)(t,n,r)}return[]}if("eqlOptions"===e){const t=Object(i.get)(e,a);return Object(y.d)(t)}if("threat"===e){const n=Object(i.get)(e,a);return Object(y.m)({label:t,threat:Object(re.a)(n)})}if("threshold"===e){const n=Object(i.get)(e,a);return Object(y.o)(t,n)}if("references"===e){const n=Object(i.get)(e,a);return Object(y.q)(t,n)}if("falsePositives"===e){const n=Object(i.get)(e,a);return Object(y.p)(t,e,n)}if("investigationFields"===e){const n=Object(i.get)(e,a);return Object(y.e)(t,n)}if("riskScore"===e){const t=Object(i.get)(e,a);return Object(y.i)(t)}if("severity"===e){const t=Object(i.get)(e,a);return Object(y.k)(t)}if("requiredFields"===e){const n=Object(i.get)(e,a);return Object(y.h)(t,n)}if("relatedIntegrations"===e){const n=Object(i.get)(e,a);return Object(p.c)(t,n)}var l;if("timeline"===e)return[{title:t,description:null!==(l=Object(i.get)(e,a).title)&&void 0!==l?l:m.b}];if("note"===e){const n=Object(i.get)(e,a);return Object(y.f)(t,n)}if("ruleType"===e){const n=Object(i.get)(e,a);return Object(y.j)(t,n)}if("kibanaSiemAppUrl"===e)return[];if("threatQueryBar"===e){var c;const t=pe(null!==(c=Object(i.get)("threatQueryBar.filters",a))&&void 0!==c?c:[]),r=Object(i.get)("threatQueryBar.query.query",a),s=Object(i.get)("threatQueryBar.saved_id",a);return Object(y.g)({field:e,filters:t,filterManager:n,query:r,savedId:s,indexPatterns:o,queryLabel:f.u})}if("threatMapping"===e){const n=Object(i.get)(e,a);return Object(y.n)(t,n)}if(Array.isArray(Object(i.get)(e,a))&&"threatMapping"!==e){const n=Object(i.get)(e,a);return Object(y.l)(t,e,n)}if("index"===e){if(Object(i.get)("dataViewId",a))return[]}else if("isBuildingBlock"===e)return Object(i.get)("isBuildingBlock",a)?[{title:f.g,description:f.f}]:[];const u=Object(i.get)(e,a);return Object(i.isNumber)(u)||!Object(i.isEmpty)(u)?[{title:t,description:u}]:[]}},function(e,t,a){"use strict";a.d(t,"a",(function(){return G}));var n=a(42),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(40),c=a(120),u=a(50),d=a.n(u),p=a(197),m=a(890),g=a(5);const y=g.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.linkedToListSection.title",{defaultMessage:"Linked to shared list"}),f=g.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.linkedToListSection.error",{defaultMessage:"Unable to fetch exception list."});var b=a(313);const h=s()(l.EuiTitle).withConfig({displayName:"SectionHeader",componentId:"sc-1rq9jba-0"})(["",""],(()=>Object(o.css)(["font-weight:",";"],(({theme:e})=>e.eui.euiFontWeightSemiBold)))),E=({isLoadingReferences:e,errorFetchingReferences:t,listAndReferences:a})=>{const[n,o]=Object(i.useState)(r.a.createElement(l.EuiSkeletonText,{lines:4,"data-test-subj":"exceptionItemListsTableLoading"})),[s,c]=Object(i.useState)(void 0);return Object(i.useEffect)((()=>{t?c(f):e||o(void 0)}),[t,e]),r.a.createElement(l.EuiPanel,{paddingSize:"none",hasShadow:!1,"data-test-subj":"exceptionItemLinkedToListSection"},r.a.createElement(h,{size:"xs"},r.a.createElement("h3",null,y)),r.a.createElement(l.EuiSpacer,{size:"s"}),r.a.createElement(l.EuiInMemoryTable,{tableCaption:"Table of exception lists",itemId:"id",message:n,loading:e,items:a,error:s,columns:Object(b.d)(),isSelectable:!1,sorting:!0,"data-test-subj":"exceptionItemSharedList"}))},v=r.a.memo(E);v.displayName="ExceptionsLinkedToLists";const x=g.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.linkedToRule.title",{defaultMessage:"Linked to rule"}),k=s()(l.EuiTitle).withConfig({displayName:"SectionHeader",componentId:"sc-6bqv6k-0"})(["",""],(()=>Object(o.css)(["font-weight:",";"],(({theme:e})=>e.eui.euiFontWeightSemiBold)))),S=({rule:e})=>r.a.createElement(r.a.Fragment,null,r.a.createElement(k,{size:"xs","data-test-subj":"exceptionItemLinkedToRuleSection"},r.a.createElement("h3",null,x)),r.a.createElement(l.EuiSpacer,{size:"s"}),r.a.createElement(l.EuiInMemoryTable,{tableCaption:"Rules table",itemId:"id",items:[e],columns:Object(b.c)(),sorting:!0,"data-test-subj":"addExceptionToRulesTable"})),w=r.a.memo(S);w.displayName="ExceptionsLinkedToRule";var j=a(882),O=a(891),I=a(806),T=a(883),C=a(807),M=a(611);const F=g.i18n.translate("xpack.securitySolution.ruleExceptions.editException.cancel",{defaultMessage:"Cancel"}),D=g.i18n.translate("xpack.securitySolution.ruleExceptions.editException.editExceptionTitle",{defaultMessage:"Edit rule exception"}),A=g.i18n.translate("xpack.securitySolution.ruleExceptions.editException.editEndpointExceptionTitle",{defaultMessage:"Edit endpoint exception"}),_=g.i18n.translate("xpack.securitySolution.ruleExceptions.editException.editRuleExceptionToastSuccessTitle",{defaultMessage:"Rule exception updated"}),N=g.i18n.translate("xpack.securitySolution.ruleExceptions.editException.editRuleExceptionToastErrorTitle",{defaultMessage:"Error updating exception"});var R=a(108),q=a(808),P=a(892);const L=s()(l.EuiFlyoutHeader).withConfig({displayName:"FlyoutHeader",componentId:"sc-1j5dcqi-0"})(["",""],(({theme:e})=>Object(o.css)(["border-bottom:1px solid ",";"],e.eui.euiColorLightShade))),B=s()(l.EuiFlyoutBody).withConfig({displayName:"FlyoutBodySection",componentId:"sc-1j5dcqi-1"})(["",""],(()=>Object(o.css)(["&.builder-section{overflow-y:scroll;}"]))),z=s()(l.EuiFlexGroup).withConfig({displayName:"FlyoutFooterGroup",componentId:"sc-1j5dcqi-2"})(["",""],(({theme:e})=>Object(o.css)(["padding:",";"],e.eui.euiSizeS))),$=s()(l.EuiTitle).withConfig({displayName:"SectionHeader",componentId:"sc-1j5dcqi-3"})(["",""],(()=>Object(o.css)(["font-weight:",";"],(({theme:e})=>e.eui.euiFontWeightSemiBold)))),V=({list:e,itemToEdit:t,rule:a,showAlertCloseOptions:o,openedFromListDetailPage:s,onCancel:u,onConfirm:y})=>{var f;const h=Object(i.useMemo)((()=>t.os_types),[t]),E=Object(i.useMemo)((()=>null!=a?[a]:null),[a]),x=Object(i.useMemo)((()=>e.type),[e]),{isLoading:k,indexPatterns:S,getExtendedFields:V}=Object(I.a)(E),[G,U]=(()=>{const{addSuccess:e,addError:t,addWarning:a}=Object(R.a)(),[n,r]=Object(q.a)(),[o,s]=Object(i.useState)(!1),l=Object(i.useRef)(null);return Object(i.useEffect)((()=>{let a=!0;const n=new AbortController;return l.current=async({itemsToUpdate:n})=>{var i,o;if(null!=r)try{s(!0),await r(n),e({title:_,text:(i=n.map((({name:e})=>e)).join(", "),o=n.length,g.i18n.translate("xpack.securitySolution.ruleExceptions.editException.editRuleExceptionToastSuccessText",{values:{exceptionItemName:i,numItems:o},defaultMessage:"{numItems, plural, =1 {Exception} other {Exceptions}} - {exceptionItemName} - {numItems, plural, =1 {has} other {have}} been updated."}))}),a&&s(!1)}catch(e){if(a)throw s(!1),t(e,{title:N}),new Error(e)}},()=>{a=!1,n.abort()}}),[e,t,a,r]),[o||n,l.current]})(),[H,W]=Object(T.a)(),[{exceptionItems:Q,exceptionItemMeta:{name:Y},newComment:K,bulkCloseAlerts:Z,disableBulkClose:J,bulkCloseIndex:X,entryErrorExists:ee,expireTime:te,expireErrorExists:ae},ne]=Object(i.useReducer)(((e,t)=>{switch(t.type){case"setExceptionItemMeta":{const{value:a}=t;return{...e,exceptionItemMeta:{...e.exceptionItemMeta,[a[0]]:a[1]}}}case"setComment":{const{comment:a}=t;return{...e,newComment:a}}case"setBulkCloseAlerts":{const{bulkClose:a}=t;return{...e,bulkCloseAlerts:a}}case"setDisableBulkCloseAlerts":{const{disableBulkCloseAlerts:a}=t;return{...e,disableBulkClose:a}}case"setBulkCloseIndex":{const{bulkCloseIndex:a}=t;return{...e,bulkCloseIndex:a}}case"setExceptionItems":{const{items:a}=t;return{...e,exceptionItems:a}}case"setConditionValidationErrorExists":{const{errorExists:a}=t;return{...e,entryErrorExists:a}}case"setExpireTime":{const{expireTime:a}=t;return{...e,expireTime:a}}case"setExpireError":{const{errorExists:a}=t;return{...e,expireErrorExists:a}}default:return e}}),{exceptionItems:[t],exceptionItemMeta:{name:t.name},newComment:"",bulkCloseAlerts:!1,disableBulkClose:!0,bulkCloseIndex:void 0,entryErrorExists:!1,expireTime:void 0!==t.expire_time?d()(t.expire_time):void 0,expireErrorExists:!1}),ie=Object(i.useMemo)((()=>null==a||!Object(p.b)(a.type)&&!Object(p.g)(a.type)&&!Object(p.d)(a.type)),[a]),[re,oe,se,le]=Object(C.a)();Object(i.useEffect)((()=>{null!=le&&le([{id:e.id,listId:e.list_id,namespaceType:e.namespace_type}])}),[e,le]);const ce=Object(i.useCallback)((e=>{ne({type:"setExceptionItems",items:e})}),[ne]),ue=Object(i.useCallback)((e=>{ne({type:"setExceptionItemMeta",value:e})}),[ne]),de=Object(i.useCallback)((e=>{ne({type:"setComment",comment:e})}),[ne]),pe=Object(i.useCallback)((e=>{ne({type:"setBulkCloseAlerts",bulkClose:e})}),[ne]),me=Object(i.useCallback)((e=>{ne({type:"setDisableBulkCloseAlerts",disableBulkCloseAlerts:e})}),[ne]),ge=Object(i.useCallback)((e=>{ne({type:"setBulkCloseIndex",bulkCloseIndex:e})}),[ne]),ye=Object(i.useCallback)((e=>{ne({type:"setConditionValidationErrorExists",errorExists:e})}),[ne]),fe=Object(i.useCallback)((e=>{ne({type:"setExpireTime",expireTime:e})}),[ne]),be=Object(i.useCallback)((e=>{ne({type:"setExpireError",errorExists:e})}),[ne]),he=Object(i.useCallback)((()=>{u(!1)}),[u]),Ee=Object(i.useCallback)((e=>e.every((e=>c.E.is(e)))),[]),ve=Object(i.useCallback)((async()=>{if(null!=U)try{const i=Object(b.a)({itemName:Y,commentToAdd:K,listType:x,selectedOs:t.os_types,expireTime:te,items:Q});if(Ee(i)){await U({itemsToUpdate:i});const t=null!=a?[a.rule_id]:[],r=null!=se?se[e.list_id].referenced_rules.map((({rule_id:e})=>e)):[],o=x===c.b.RULE_DEFAULT?t:r;null!=W&&!Object(n.isEmpty)(o)&&Z&&await W(o,i,void 0,X),y(!0)}}catch(e){u(!1)}}),[U,Y,K,x,t.os_types,Q,Ee,a,se,e.list_id,W,Z,y,X,u,te]),xe=Object(i.useMemo)((()=>x===c.b.ENDPOINT?A:D),[x]),ke=Object(i.useMemo)((()=>G||H||Q.every((e=>0===e.entries.length))||k||ee||ae),[k,ee,Q,G,H,ae]);return r.a.createElement(l.EuiFlyout,{size:"l",onClose:he,"data-test-subj":"editExceptionFlyout"},r.a.createElement(L,null,r.a.createElement(l.EuiTitle,null,r.a.createElement("h2",{"data-test-subj":"exceptionFlyoutTitle"},xe)),r.a.createElement(l.EuiSpacer,{size:"m"})),k&&r.a.createElement(l.EuiSkeletonText,{"data-test-subj":"loadingEditExceptionFlyout",lines:4}),r.a.createElement(B,{className:"builder-section"},r.a.createElement(m.a,{exceptionItemName:Y,onChange:ue}),r.a.createElement(l.EuiHorizontalRule,null),r.a.createElement(O.a,{exceptionItemName:Y,allowLargeValueLists:ie,exceptionListItems:[t],exceptionListType:x,indexPatterns:S,rules:E,selectedOs:h,showOsTypeOptions:x===c.b.ENDPOINT,isEdit:!0,onExceptionItemAdd:ce,onSetErrorExists:ye,getExtendedFields:V}),!s&&x===c.b.DETECTION&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.EuiHorizontalRule,null),r.a.createElement(v,{isLoadingReferences:re,errorFetchingReferences:oe,listAndReferences:null!=se?[se[e.list_id]]:[]})),!s&&x===c.b.RULE_DEFAULT&&null!=a&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.EuiHorizontalRule,null),r.a.createElement(w,{rule:a})),r.a.createElement(l.EuiHorizontalRule,null),r.a.createElement(M.a,{accordionTitle:r.a.createElement($,{size:"xs"},r.a.createElement("h3",null,(Se=null!==(f=t.comments.length)&&void 0!==f?f:0,g.i18n.translate("xpack.securitySolution.ruleExceptions.editExceptionFlyout.commentsTitle",{values:{comments:Se},defaultMessage:"Add comments ({comments})"})))),exceptionItemComments:t.comments,newCommentValue:K,newCommentOnChange:de}),x!==c.b.ENDPOINT&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.EuiHorizontalRule,null),r.a.createElement(P.a,{expireTime:te,setExpireTime:fe,setExpireError:be})),o&&r.a.createElement(r.a.Fragment,null,r.a.createElement(l.EuiHorizontalRule,null),r.a.createElement(j.a,{exceptionListType:x,shouldBulkCloseAlert:Z,disableBulkClose:J,exceptionListItems:Q,onDisableBulkClose:me,onUpdateBulkCloseIndex:ge,onBulkCloseCheckboxChange:pe}))),r.a.createElement(l.EuiFlyoutFooter,null,r.a.createElement(z,{justifyContent:"spaceBetween"},r.a.createElement(l.EuiButtonEmpty,{"data-test-subj":"cancelExceptionEditButton",onClick:he},F),r.a.createElement(l.EuiButton,{"data-test-subj":"editExceptionConfirmButton",onClick:ve,isDisabled:ke,fill:!0},xe))));var Se},G=r.a.memo(V);G.displayName="EditExceptionFlyout"},,function(e,t,a){"use strict";a.d(t,"d",(function(){return n.q})),a.d(t,"c",(function(){return n.n})),a.d(t,"g",(function(){return g})),a.d(t,"e",(function(){return f})),a.d(t,"a",(function(){return O})),a.d(t,"b",(function(){return I})),a.d(t,"f",(function(){return T.a}));var n=a(143),i=a(108),r=a(46),o=a(409),s=a(4),l=a(332),c=a(353),u=a(397),d=a(401);const p=["PUT",s.gb];var m=a(304);const g=()=>{const{addError:e}=Object(i.a)();return(e=>{const t=Object(l.b)(),a=Object(u.b)(),i=Object(d.b)(),s=Object(c.c)();return Object(r.useMutation)((e=>Object(n.y)({rule:Object(o.b)(e)})),{...e,mutationKey:p,onSettled:(...n)=>{var r;t(),a(),i();const[o]=n;o&&s(o),null==e||null===(r=e.onSettled)||void 0===r||r.call(e,...n)}})})({onError:t=>{e(t,{title:m.a})}})},y=["POST",s.gb],f=()=>{const{addError:e}=Object(i.a)();return(e=>{const t=Object(l.b)(),a=Object(u.b)(),i=Object(d.b)();return Object(r.useMutation)((e=>Object(n.d)({rule:Object(o.b)(e)})),{...e,mutationKey:y,onSettled:(...n)=>{t(),a(),i(),null!=e&&e.onSettled&&e.onSettled(...n)}})})({onError:t=>{e(t,{title:m.a})}})};var b=a(43),h=a(193),E=a(112),v=a(283),x=a(207),k=a(506),S=a(373);b.exact(b.type({group:b.string,id:b.string,action_type_id:b.string,params:b.record(b.string,b.any)}));const w=b.intersection([b.type({from:b.string}),b.partial({throttle:b.string,kibana_siem_app_url:b.string})]),j=b.intersection([b.type({author:x.t,created_at:b.string,created_by:b.string,description:x.w,enabled:x.m,false_positives:x.x,from:h.n,id:x.D,interval:h.m,immutable:x.n,name:x.B,max_signals:x.p,references:x.G,related_integrations:x.r,required_fields:x.s,risk_score:h.d,risk_score_mapping:h.e,rule_id:x.I,severity:h.p,severity_mapping:h.q,setup:x.P,tags:x.J,type:h.D,to:h.o,threat:x.R,updated_at:b.string,updated_by:b.string,actions:h.g,throttle:b.union([h.l,b.null])}),b.partial({outcome:x.O,alias_target_id:x.N,alias_purpose:x.M,building_block_type:x.e,anomaly_threshold:b.number,filters:x.y,index:x.k,data_view_id:x.g,language:b.string,license:x.z,meta:w,machine_learning_job_id:b.array(b.string),new_terms_fields:b.array(b.string),history_window_start:b.string,output_index:x.c,query:x.F,rule_name_override:x.C,saved_id:b.string,threshold:x.S,threat_query:h.C,threat_filters:h.x,threat_index:h.y,threat_indicator_path:h.z,threat_mapping:h.B,threat_language:h.A,timeline_id:x.U,timeline_title:x.V,timestamp_override:x.X,timestamp_override_fallback_disabled:x.Y,event_category_override:x.h,timestamp_field:x.W,tiebreaker_field:x.T,note:x.l,exceptions_list:x.i,uuid:b.string,version:x.L,execution_summary:v.g,alert_suppression:x.a,investigation_fields:x.v})]),O=(b.array(j),b.type({page:E.n,perPage:E.n,total:E.n})),I=b.type({field:k.e,order:S.f});var T=a(552)},function(e,t,a){"use strict";a.d(t,"b",(function(){return w})),a.d(t,"c",(function(){return j})),a.d(t,"a",(function(){return Fe}));var n=a(42),i=a(2),r=a.n(i),o=a(106),s=a(275),l=a(40),c=a(121),u=a(276),d=a(250),p=a(127),m=a(277),g=a(572),y=a(819);const f=e=>null==e||"unset"===e.toLowerCase(),b=r.a.memo((({contextId:e,eventId:t,primary:a,secondary:n,isDraggable:i})=>f(a)&&f(n)?null:!f(a)&&f(n)?r.a.createElement(c.c,{contextId:e,eventId:t,field:"auditd.summary.actor.primary",isDraggable:i,value:a,iconType:"user",isAggregatable:!0,fieldType:"keyword"}):f(a)&&!f(n)||a===n?r.a.createElement(c.c,{contextId:e,eventId:t,field:"auditd.summary.actor.secondary",isDraggable:i,value:n,iconType:"user",isAggregatable:!0,fieldType:"keyword"}):r.a.createElement(l.EuiFlexGroup,{gutterSize:"none"},r.a.createElement(p.c,{grow:!1,component:"span"},r.a.createElement(c.c,{contextId:e,eventId:t,field:"auditd.summary.actor.primary",isDraggable:i,value:a,iconType:"user",isAggregatable:!0,fieldType:"keyword"})),r.a.createElement(p.c,{grow:!1,component:"span"},u.i),r.a.createElement(p.c,{grow:!1,component:"span"},r.a.createElement(c.c,{contextId:e,eventId:t,field:"auditd.summary.actor.secondary",isDraggable:i,value:n,iconType:"user",isAggregatable:!0,fieldType:"keyword"})))));b.displayName="PrimarySecondary";const h=r.a.memo((({contextId:e,eventId:t,userName:a,primary:n,secondary:i,isDraggable:o})=>f(a)&&f(n)&&f(i)?null:f(a)||f(n)||f(i)||a!==n||a!==i?!f(a)&&f(n)&&f(i)?r.a.createElement(c.c,{contextId:e,eventId:t,field:"user.name",isDraggable:o,value:a,iconType:"user",isAggregatable:!0,fieldType:"keyword"}):r.a.createElement(b,{contextId:e,eventId:t,isDraggable:o,primary:n,secondary:i}):r.a.createElement(c.c,{contextId:e,eventId:t,field:"user.name",isDraggable:o,value:a,iconType:"user",isAggregatable:!0,fieldType:"keyword"})));h.displayName="PrimarySecondaryUserInfo";const E=r.a.memo((({eventId:e,contextId:t,hostName:a,userName:n,primary:i,secondary:o,workingDirectory:s,session:l,isDraggable:d})=>r.a.createElement(r.a.Fragment,null,r.a.createElement(p.c,{grow:!1,component:"span"},u.Vb),r.a.createElement(p.c,{grow:!1,component:"span"},r.a.createElement(c.c,{contextId:t,eventId:e,field:"auditd.session",value:l,iconType:"number",isDraggable:d,isAggregatable:!0,fieldType:"keyword"})),r.a.createElement(p.c,{grow:!1,component:"span"},r.a.createElement(h,{contextId:t,eventId:e,userName:n,primary:i,secondary:o,isDraggable:d})),null!=a&&r.a.createElement(p.c,{grow:!1,component:"span"},"@"),r.a.createElement(y.a,{contextId:t,eventId:e,workingDirectory:s,hostName:a,isDraggable:d}))));E.displayName="SessionUserHostWorkingDir";const v=r.a.memo((({id:e,contextId:t,hostName:a,userName:n,primary:i,processName:o,processPid:s,processExecutable:d,processTitle:y,secondary:f,workingDirectory:b,args:h,result:v,session:x,text:k,isDraggable:S})=>r.a.createElement(l.EuiFlexGroup,{alignItems:"center",justifyContent:"center",gutterSize:"none",wrap:!0},r.a.createElement(E,{eventId:e,contextId:t,hostName:a,userName:n,primary:i,secondary:f,workingDirectory:b,session:x,isDraggable:S}),null!=d&&r.a.createElement(p.c,{grow:!1,component:"span"},k),r.a.createElement(p.c,{grow:!1,component:"span"},r.a.createElement(m.a,{contextId:t,endgamePid:void 0,endgameProcessName:void 0,eventId:e,processPid:s,processName:o,processExecutable:d,isDraggable:S})),r.a.createElement(g.a,{eventId:e,args:h,contextId:t,isDraggable:S,processTitle:y}),null!=v&&r.a.createElement(p.c,{grow:!1,component:"span"},u.pc),r.a.createElement(p.c,{grow:!1,component:"span"},r.a.createElement(c.c,{contextId:t,eventId:e,field:"auditd.result",isDraggable:S,queryValue:v,value:v,isAggregatable:!0,fieldType:"keyword"})))));v.displayName="AuditdGenericLine";const x=r.a.memo((({data:e,contextId:t,isDraggable:a,text:i,timelineId:o})=>{const s=e._id,c=Object(n.get)("auditd.session[0]",e),u=Object(n.get)("host.name[0]",e),m=Object(n.get)("user.name[0]",e),g=Object(n.get)("auditd.result[0]",e),y=Object(n.get)("process.pid[0]",e),f=Object(n.get)("process.name[0]",e),b=Object(n.get)("process.executable[0]",e),h=Object(n.get)("process.title[0]",e),E=Object(n.get)("process.working_directory[0]",e),x=Object(n.get)("auditd.summary.actor.primary[0]",e),k=Object(n.get)("auditd.summary.actor.secondary[0]",e),S=Object(n.get)("process.args",e);return null!=e.process?r.a.createElement(p.b,null,r.a.createElement(v,{id:s,contextId:t,text:i,hostName:u,userName:m,processName:f,processPid:y,processExecutable:b,processTitle:h,workingDirectory:E,args:S,session:c,primary:x,result:g,secondary:k,isDraggable:a}),r.a.createElement(l.EuiSpacer,{size:"s"}),r.a.createElement(d.a,{data:e,isDraggable:a,timelineId:o})):null}));x.displayName="AuditdGenericDetails";const k=r.a.memo((({id:e,contextId:t,hostName:a,userName:n,result:i,primary:o,secondary:s,filePath:d,processName:y,processPid:f,processExecutable:b,processTitle:h,workingDirectory:v,args:x,session:k,text:S,fileIcon:w,isDraggable:j})=>r.a.createElement(l.EuiFlexGroup,{alignItems:"center",justifyContent:"center",gutterSize:"none",wrap:!0},r.a.createElement(E,{eventId:e,contextId:t,hostName:a,userName:n,primary:o,secondary:s,workingDirectory:v,session:k,isDraggable:j}),(null!=d||null!=b)&&r.a.createElement(p.c,{grow:!1,component:"span"},S),r.a.createElement(p.c,{grow:!1,component:"span"},r.a.createElement(c.c,{contextId:t,eventId:e,field:"file.path",isDraggable:j,value:d,iconType:w})),null!=b&&r.a.createElement(p.c,{grow:!1,component:"span"},u.kc),r.a.createElement(p.c,{grow:!1,component:"span"},r.a.createElement(m.a,{contextId:t,endgamePid:void 0,endgameProcessName:void 0,eventId:e,isDraggable:j,processPid:f,processName:y,processExecutable:b})),r.a.createElement(g.a,{eventId:e,args:x,contextId:t,isDraggable:j,processTitle:h}),null!=i&&r.a.createElement(p.c,{grow:!1,component:"span"},u.pc),r.a.createElement(p.c,{grow:!1,component:"span"},r.a.createElement(c.c,{contextId:t,eventId:e,field:"auditd.result",isDraggable:j,queryValue:i,value:i})))));k.displayName="AuditdGenericFileLine";const S=r.a.memo((({data:e,contextId:t,text:a,fileIcon:i="document",timelineId:o,isDraggable:s})=>{const c=e._id,u=Object(n.get)("auditd.session[0]",e),m=Object(n.get)("host.name[0]",e),g=Object(n.get)("user.name[0]",e),y=Object(n.get)("auditd.result[0]",e),f=Object(n.get)("process.pid[0]",e),b=Object(n.get)("process.name[0]",e),h=Object(n.get)("process.executable[0]",e),E=Object(n.get)("process.title[0]",e),v=Object(n.get)("process.working_directory[0]",e),x=Object(n.get)("file.path[0]",e),S=Object(n.get)("auditd.summary.actor.primary[0]",e),w=Object(n.get)("auditd.summary.actor.secondary[0]",e),j=Object(n.get)("process.args",e);return null!=e.process?r.a.createElement(p.b,null,r.a.createElement(k,{id:c,contextId:t,text:a,hostName:m,userName:g,filePath:x,processName:b,processPid:f,processExecutable:h,processTitle:E,workingDirectory:v,args:j,session:u,primary:S,secondary:w,fileIcon:i,result:y,isDraggable:s}),r.a.createElement(l.EuiSpacer,{size:"s"}),r.a.createElement(d.a,{data:e,isDraggable:s,timelineId:o})):null}));S.displayName="AuditdGenericFileDetails";const w=({actionName:e,text:t})=>({id:o.d.auditd,isInstance:t=>{const a=Object(n.get)("event.module[0]",t),i=Object(n.get)("event.action[0]",t);return null!=a&&"auditd"===a.toLowerCase()&&null!=i&&i.toLowerCase()===e},renderRow:({data:a,isDraggable:n,scopeId:i})=>r.a.createElement(s.a,null,r.a.createElement(x,{data:a,isDraggable:n,contextId:`${e}-${i}`,text:t,timelineId:i}))}),j=({actionName:e,text:t,fileIcon:a="document"})=>({id:o.d.auditd_file,isInstance:t=>{const a=Object(n.get)("event.module[0]",t),i=Object(n.get)("event.action[0]",t);return null!=a&&"auditd"===a.toLowerCase()&&null!=i&&i.toLowerCase()===e},renderRow:({data:n,isDraggable:i,scopeId:o})=>r.a.createElement(s.a,null,r.a.createElement(S,{contextId:`${e}-${o}`,data:n,fileIcon:a,isDraggable:i,text:t,timelineId:o}))}),O=w({actionName:"was-authorized",text:u.oc}),I=w({actionName:"started-session",text:u.Yb}),T=w({actionName:"logged-in",text:u.m}),C=w({actionName:"login",text:u.m}),M=w({actionName:"executed",text:u.gb}),F=w({actionName:"ended-session",text:u.eb}),D=w({actionName:"acquired-credentials",text:u.e}),A=w({actionName:"disposed-credentials",text:u.db}),_=w({actionName:"connected-to",text:u.T}),N=j({actionName:"opened-file",text:u.Db}),R=w({actionName:"changed-file-attributes-of",text:u.y}),q=j({actionName:"changed-file-permissions-of",text:u.A}),P=j({actionName:"changed-file-ownership-of",text:u.z}),L=w({actionName:"loaded-kernel-module",text:u.ob}),B=w({actionName:"unloaded-kernel-module",text:u.gc}),z=j({actionName:"created-directory",text:u.V,fileIcon:"folderOpen"}),$=j({actionName:"mounted",text:u.Bb}),V=j({actionName:"renamed",text:u.Ob}),G=j({actionName:"checked-metadata-of",text:u.S}),U=j({actionName:"checked-filesystem-metadata-of",text:u.Q}),H=j({actionName:"symlinked",text:u.dc}),W=j({actionName:"unmounted",text:u.ic}),Q=j({actionName:"deleted",text:u.Z}),Y=j({actionName:"changed-timestamp-of",text:u.N}),K=w({actionName:"listen-for-connections",text:u.mb}),Z=w({actionName:"bound-socket",text:u.t}),J=w({actionName:"received-from",text:u.Hb}),X=w({actionName:"sent-to",text:u.Ub}),ee=w({actionName:"killed-pid",text:u.lb}),te=w({actionName:"changed-identity-of",text:u.D}),ae=w({actionName:"changed-system-time",text:u.M}),ne=w({actionName:"make-device",text:u.ub}),ie=w({actionName:"changed-system-name",text:u.L}),re=w({actionName:"allocated-memory",text:u.h}),oe=w({actionName:"adjusted-scheduling-policy-of",text:u.Rb}),se=w({actionName:"added-user-account",text:u.g}),le=w({actionName:"caused-mac-policy-error",text:u.u}),ce=w({actionName:"loaded-firewall-rule-to",text:u.nb}),ue=w({actionName:"changed-promiscuous-mode-on-device",text:u.H}),de=w({actionName:"locked-account",text:u.rb}),pe=w({actionName:"unlocked-account",text:u.hc}),me=w({actionName:"added-group-account-to",text:u.f}),ge=w({actionName:"crashed-program",text:u.U}),ye=w({actionName:"attempted-execution-of-forbidden-program",text:u.hb}),fe=w({actionName:"used-suspcious-link",text:u.jc}),be=w({actionName:"used-suspicious-link",text:u.jc}),he=w({actionName:"failed-log-in-too-many-times-to",text:u.ib}),Ee=w({actionName:"failed-login-too-many-times-to",text:u.ib}),ve=w({actionName:"attempted-log-in-from-unusual-place-to",text:u.o}),xe=w({actionName:"attempted-login-from-unusual-place-to",text:u.o}),ke=w({actionName:"opened-too-many-sessions-to",text:u.Eb}),Se=w({actionName:"attempted-log-in-during-unusual-hour-to",text:u.n}),we=w({actionName:"attempted-login-during-unusual-hour-to",text:u.n}),je=w({actionName:"tested-file-system-integrity-of",text:u.ec}),Oe=w({actionName:"violated-selinux-policy",text:u.nc}),Ie=w({actionName:"violated-apparmor-policy",text:u.lc}),Te=w({actionName:"changed-group",text:u.B}),Ce=w({actionName:"changed-user-id",text:u.P}),Me=w({actionName:"changed-auditd-configuration",text:u.v}),Fe=[M,T,C,O,D,F,A,I,_,N,R,q,P,L,B,z,$,V,G,U,H,W,Q,Y,K,Z,J,X,ee,te,ae,ne,ie,re,oe,se,me,ye,le,ue,ge,ce,de,fe,be,pe,he,Ee,xe,ke,ve,Se,we,je,Oe,Ie,Te,Ce,w({actionName:"changed-audit-configuration",text:u.v}),w({actionName:"refreshed-credentials",text:u.Jb}),w({actionName:"negotiated-crypto-key",text:u.Cb}),w({actionName:"crypto-officer-logged-in",text:u.X}),w({actionName:"crypto-officer-login",text:u.X}),w({actionName:"crypto-officer-logged-out",text:u.Y}),w({actionName:"crypto-officer-logout",text:u.Y}),w({actionName:"started-crypto-session",text:u.ac}),w({actionName:"access-result",text:u.d}),w({actionName:"aborted-auditd-startup",text:u.a}),w({actionName:"aborted-audit-startup",text:u.a}),w({actionName:"remote-audit-connected",text:u.Lb}),w({actionName:"remote-audit-disconnected",text:u.Mb}),w({actionName:"shutdown-audit",text:u.Wb}),w({actionName:"audit-error",text:u.p}),w({actionName:"reconfigured-auditd",text:u.Ib}),w({actionName:"reconfigured-audit",text:u.Ib}),w({actionName:"resumed-audit-logging",text:u.Pb}),w({actionName:"rotated-audit-logs",text:u.Qb}),w({actionName:"started-audit",text:u.Zb}),w({actionName:"deleted-group-account-from",text:u.ab}),w({actionName:"deleted-user-account",text:u.bb}),w({actionName:"changed-audit-feature",text:u.w}),w({actionName:"relabeled-filesystem",text:u.Kb}),w({actionName:"authenticated-to-group",text:u.q}),w({actionName:"changed-group-password",text:u.C}),w({actionName:"modified-group-account",text:u.xb}),w({actionName:"initialized-audit-subsystem",text:u.jb}),w({actionName:"modified-level-of",text:u.yb}),w({actionName:"overrode-label-of",text:u.Fb}),w({actionName:"changed-login-id-to",text:u.E}),w({actionName:"mac-permission",text:u.tb}),w({actionName:"changed-selinux-boolean",text:u.J}),w({actionName:"loaded-selinux-policy",text:u.qb}),w({actionName:"changed-selinux-enforcement",text:u.K}),w({actionName:"assigned-user-role-to",text:u.j}),w({actionName:"modified-role",text:u.zb}),w({actionName:"removed-use-role-from",text:u.Nb}),w({actionName:"removed-user-role-from",text:u.Nb}),Me,w({actionName:"violated-seccomp-policy",text:u.mc}),w({actionName:"started-service",text:u.bc}),w({actionName:"stopped-service",text:u.cc}),w({actionName:"booted-system",text:u.s}),w({actionName:"changed-to-runlevel",text:u.O}),w({actionName:"shutdown-system",text:u.Xb}),w({actionName:"sent-test",text:u.Tb}),w({actionName:"unknown",text:u.fc}),w({actionName:"sent-message",text:u.Sb}),w({actionName:"access-permission",text:u.c}),w({actionName:"authenticated",text:u.r}),w({actionName:"changed-password",text:u.G}),w({actionName:"ran-command",text:u.Gb}),w({actionName:"error",text:u.fb}),w({actionName:"logged-out",text:u.sb}),w({actionName:"logout",text:u.sb}),w({actionName:"changed-mac-configuration",text:u.F}),w({actionName:"loaded-mac-policy",text:u.pb}),w({actionName:"modified-user-account",text:u.Ab}),w({actionName:"changed-role-to",text:u.I}),w({actionName:"access-error",text:u.b}),w({actionName:"changed-configuration",text:u.x}),w({actionName:"issued-vm-control",text:u.kb}),w({actionName:"created-vm-image",text:u.W}),w({actionName:"deleted-vm-image",text:u.cb}),w({actionName:"checked-integrity-of",text:u.R}),w({actionName:"assigned-vm-id",text:u.k}),w({actionName:"migrated-vm-from",text:u.vb}),w({actionName:"migrated-vm-to",text:u.wb}),w({actionName:"assigned-vm-resource",text:u.l})]},,function(e,t,a){"use strict";a.d(t,"a",(function(){return b}));var n=a(2),i=a.n(n),r=a(40),o=a(41),s=a.n(o),l=a(5);const c=l.i18n.translate("xpack.securitySolution.andOrBadge.and",{defaultMessage:"AND"}),u=l.i18n.translate("xpack.securitySolution.andOrBadge.or",{defaultMessage:"OR"}),d=s()(r.EuiBadge).withConfig({displayName:"RoundBadge",componentId:"sc-15mz0pi-0"})(["align-items:center;border-radius:100%;display:inline-flex;font-size:9px;height:34px;justify-content:center;margin:0 5px 0 5px;padding:7px 6px 4px 6px;user-select:none;width:34px;.euiBadge__content{position:relative;top:-1px;}.euiBadge__text{text-overflow:clip;}"]);d.displayName="RoundBadge";const p=({type:e})=>i.a.createElement(d,{"data-test-subj":"and-or-badge",color:"hollow"},"and"===e?c:u);p.displayName="RoundedBadge";const m=Object(o.css)(["background:",";position:relative;width:2px;&:after{background:",";content:'';height:8px;right:-4px;position:absolute;width:10px;clip-path:circle();}"],(({theme:e})=>e.eui.euiColorLightShade),(({theme:e})=>e.eui.euiColorLightShade)),g=s()(r.EuiFlexItem).withConfig({displayName:"TopAntenna",componentId:"sc-1s6c9rb-0"})([""," &:after{top:0;}"],m),y=s()(r.EuiFlexItem).withConfig({displayName:"BottomAntenna",componentId:"sc-1s6c9rb-1"})([""," &:after{bottom:0;}"],m),f=({type:e})=>i.a.createElement(r.EuiFlexGroup,{className:"andBadgeContainer",gutterSize:"none",direction:"column",alignItems:"center"},i.a.createElement(g,{"data-test-subj":"andOrBadgeBarTop",grow:1}),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(p,{type:e})),i.a.createElement(y,{"data-test-subj":"andOrBadgeBarBottom",grow:1}));f.displayName="RoundedBadgeAntenna";const b=i.a.memo((({type:e,includeAntennas:t=!1})=>t?i.a.createElement(f,{type:e}):i.a.createElement(p,{type:e})));b.displayName="AndOrBadge"},,function(e,t,a){"use strict";a.d(t,"g",(function(){return o})),a.d(t,"b",(function(){return s})),a.d(t,"c",(function(){return l})),a.d(t,"a",(function(){return c})),a.d(t,"d",(function(){return m})),a.d(t,"e",(function(){return g})),a.d(t,"i",(function(){return y})),a.d(t,"h",(function(){return f})),a.d(t,"f",(function(){return b}));var n=a(156),i=a(214),r=a(143);const o=(e,t,a)=>{const{pagination:n,search:i,filters:r}=a||{};let o=[],s=[];return Array.isArray(e)&&e.length?(o=e.map((e=>e.list_id)),s=e.map((e=>e.namespace_type))):t&&(o=[t.list_id],s=[t.namespace_type]),{listIds:o,namespaceTypes:s,pagination:n,search:i,filters:r}},s=async({namespaceTypes:e,listIds:t,http:a,pagination:r,search:o})=>{try{const s=new AbortController,{pageIndex:l,pageSize:c,totalItemCount:u}=r||{},{page:d,per_page:p,total:m,data:g}=await Object(n.m)({filter:void 0,http:a,listIds:null!=t?t:[],namespaceTypes:null!=e?e:[],search:o,pagination:{perPage:c,page:(l||0)+1,total:u},signal:s.signal});return{data:g.map((e=>Object(i.b)(e))),pagination:{pageIndex:d-1,pageSize:p,totalItemCount:m}}}catch(e){throw new Error(e)}},l=async e=>{try{const t=new AbortController,{references:a}=await Object(r.l)({lists:e.map((e=>({id:e.id,listId:e.list_id,namespaceType:e.namespace_type}))),signal:t.signal});return a.reduce(((e,t)=>({...e,...t})),{})}catch(e){throw new Error(e)}},c=async({id:e,namespaceType:t,http:a})=>{try{const i=new AbortController;await Object(n.e)({http:a,id:e,namespaceType:t,signal:i.signal})}catch(e){throw new Error(e)}};var u=a(210),d=a(74),p=a(226);const m=async({id:e,http:t})=>{try{const a=new AbortController,i=Object(u.h)({filters:{list_id:e},namespaceTypes:["single","agnostic"],hideLists:p.a}),r=["single","agnostic"].join(),{data:o}=await Object(n.l)({filters:i,http:t,signal:a.signal,namespaceTypes:r,pagination:{}});return a.abort(),o&&o.length?o[0]:null}catch(e){throw new Error(e)}},g=async e=>{try{const t=new AbortController,{data:a}=await Object(r.j)({signal:t.signal,pagination:{page:1,perPage:1e4}});return t.abort(),a.reduce(((t,a,n)=>{var i;return(null===(i=a.exceptions_list)||void 0===i?void 0:i.find((t=>t.list_id===e)))&&t.push(a),t}),[])}catch(e){throw new Error(e)}},y=async({list:e,http:t})=>{try{const a=new AbortController;await Object(n.u)({http:t,list:e,signal:a.signal}),a.abort()}catch(e){throw new Error(e)}},f=async({rules:e,listId:t})=>{try{if(!e.length)return;const a=new AbortController;await Object(d.asyncForEach)(e,(async e=>{var n;const i=(null!==(n=e.exceptions_list)&&void 0!==n?n:[]).filter((({list_id:e})=>e!==t));await Object(r.p)({ruleProperties:{rule_id:e.rule_id,exceptions_list:i},signal:a.signal})}))}catch(e){throw new Error(e)}},b=async({rules:e,listId:t,id:a,listType:n,listNamespaceType:i})=>{try{if(!e.length)return;const o=new AbortController;await Object(d.asyncForEach)(e,(async e=>{var s;const l={list_id:t,id:a,type:n,namespace_type:i},c=[...null!==(s=e.exceptions_list)&&void 0!==s?s:[],l];await Object(r.p)({ruleProperties:{rule_id:e.rule_id,exceptions_list:c},signal:o.signal})}))}catch(e){throw new Error(e)}}},,function(e,t,a){"use strict";a.d(t,"b",(function(){return m})),a.d(t,"c",(function(){return g})),a.d(t,"a",(function(){return f}));var n=a(40),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(121),c=a(123),u=a(5);const d=u.i18n.translate("xpack.securitySolution.certificate.fingerprint.clientCertLabel",{defaultMessage:"client cert"}),p=u.i18n.translate("xpack.securitySolution.certificate.fingerprint.serverCertLabel",{defaultMessage:"server cert"}),m="tls.client_certificate.fingerprint.sha1",g="tls.server_certificate.fingerprint.sha1",y=s.a.span.withConfig({displayName:"FingerprintLabel",componentId:"sc-1isap0l-0"})(["margin-right:5px;"]);y.displayName="FingerprintLabel";const f=r.a.memo((({eventId:e,certificateType:t,contextId:a,fieldName:i,isDraggable:o,value:s})=>r.a.createElement(l.c,{contextId:a,"data-test-subj":`${t}-certificate-fingerprint`,eventId:e,field:i,iconType:"snowflake",isDraggable:o,tooltipContent:r.a.createElement(n.EuiText,{size:"xs"},r.a.createElement("span",null,i)),value:s,isAggregatable:!0,fieldType:"keyword"},r.a.createElement(y,null,"client"===t?d:p),r.a.createElement(c.b,{certificateFingerprint:s||""}))));f.displayName="CertificateFingerprint"},function(e,t,a){"use strict";a.d(t,"a",(function(){return u})),a.d(t,"b",(function(){return p}));var n=a(2),i=a.n(n),r=a(41),o=a.n(r),s=a(121),l=a(123);const c=a(5).i18n.translate("xpack.securitySolution.ja3.fingerprint.ja3.fingerprintLabel",{defaultMessage:"ja3"}),u="tls.fingerprints.ja3.hash",d=o.a.span.withConfig({displayName:"Ja3FingerprintLabel",componentId:"sc-94sjip-0"})(["margin-right:5px;"]);d.displayName="Ja3FingerprintLabel";const p=i.a.memo((({contextId:e,eventId:t,fieldName:a,isDraggable:n,value:r})=>i.a.createElement(s.c,{contextId:e,"data-test-subj":"ja3-hash",eventId:t,field:a,iconType:"snowflake",isDraggable:n,value:r,isAggregatable:!0,fieldType:"keyword"},i.a.createElement(d,null,c),i.a.createElement(l.e,{"data-test-subj":"ja3-hash-link",ja3Fingerprint:r||""}))));p.displayName="Ja3Fingerprint"},,function(e,t,a){"use strict";a.d(t,"a",(function(){return g}));var n=a(2),i=a(4),r=a(102);const o=async(e,t)=>r.b.get().http.fetch("/internal/ml/results/anomalies_table_data",{method:"POST",version:"1",body:JSON.stringify(e),asSystemRequest:!0,signal:t});var s=a(1080),l=a(108),c=a(533),u=a(162),d=a(231);const p=e=>null==e?"":e.reduce(((e,t)=>`${e}${t.fieldName}:${t.fieldValue}`),""),m=(e,t)=>-1!==t?t:null==e?50:e<0?0:e>100?100:Math.floor(e),g=({criteriaFields:e=[],influencers:t=[],startDate:a,endDate:g,threshold:y=-1,skip:f=!1,filterQuery:b,jobIds:h,aggregationInterval:E})=>{const v=Object(u.a)(),x=Object(d.a)(v),{addError:k}=Object(l.a)(),S=Object(r.m)(),[w]=Object(r.p)(i.x),j=Object(n.useMemo)((()=>new Date(a).getTime()),[a]),O=Object(n.useMemo)((()=>new Date(g).getTime()),[g]),{fetch:I,data:T=null,isLoading:C,error:M}=Object(c.b)(c.a.ANOMALIES_TABLE,o,{disabled:f});return Object(n.useEffect)((()=>{M&&k(M,{title:s.a})}),[M,k]),Object(n.useEffect)((()=>{x&&h.length>0&&I({jobIds:h,criteriaFields:e,influencersFilterQuery:b,aggregationInterval:E,threshold:m(w,y),earliestMs:j,latestMs:O,influencers:t,dateFormatTz:S,maxRecords:500,maxExamples:10})}),[p(t),p(e),j,O,x,E,h.sort().join()]),[C,T]}},function(e,t,a){"use strict";a.d(t,"a",(function(){return f}));var n=a(2),i=a.n(n),r=a(41),o=a.n(r),s=a(40),l=a(5);const c=l.i18n.translate("xpack.securitySolution.rule_exceptions.itemComments.unknownAvatarName",{defaultMessage:"Uknown"}),u=l.i18n.translate("xpack.securitySolution.rule_exceptions.itemComments.addCommentPlaceholder",{defaultMessage:"Add a new comment..."});var d=a(102),p=a(281);const m="exceptionCommentAccordionButton",g=o()(s.EuiAvatar).withConfig({displayName:"MyAvatar",componentId:"sc-ggp4j5-0"})(["",""],(({theme:e})=>Object(r.css)(["margin-right:",";"],e.eui.euiSizeS))),y=o()(s.EuiAccordion).withConfig({displayName:"CommentAccordion",componentId:"sc-ggp4j5-1"})(["",""],(({theme:e})=>Object(r.css)([".","{color:",";padding:"," 0;}"],m,e.eui.euiColorPrimary,e.eui.euiSizeM))),f=Object(n.memo)((function({exceptionItemComments:e,newCommentValue:t,accordionTitle:a,initialIsOpen:r=!1,newCommentOnChange:o}){const[f,b]=Object(n.useState)(!1),h=Object(d.f)(),E=null==h?void 0:h.fullName,v=null==h?void 0:h.username,x=null==h?void 0:h.email,k=Object(n.useMemo)((()=>E&&E.length>0?E:x&&x.length>0?x:v&&v.length>0?v:c),[E,x,v]),S=Object(n.useCallback)((e=>{o(e.target.value)}),[o]),w=Object(n.useCallback)((e=>{b(e)}),[]),j=Object(n.useMemo)((()=>{return e&&e.length>0?i.a.createElement(s.EuiText,{size:"s","data-test-subj":"ExceptionItemCommentsAccordionButton"},f?(e=>l.i18n.translate("xpack.securitySolution.rule_exceptions.itemComments.hideCommentsLabel",{values:{comments:e},defaultMessage:"Hide ({comments}) {comments, plural, =1 {Comment} other {Comments}}"}))(e.length):(t=e.length,l.i18n.translate("xpack.securitySolution.rule_exceptions.itemComments.showCommentsLabel",{values:{comments:t},defaultMessage:"Show ({comments}) {comments, plural, =1 {Comment} other {Comments}}"}))):null;var t}),[e,f]),O=Object(n.useMemo)((()=>e&&e.length>0?Object(p.j)(e):[]),[e]);return i.a.createElement("div",null,i.a.createElement(y,{initialIsOpen:r&&!!t,id:"add-exception-comments-accordion",buttonClassName:m,buttonContent:null!=a?a:j,"data-test-subj":"exceptionItemCommentsAccordion",onToggle:e=>w(e)},i.a.createElement(s.EuiCommentList,{comments:O}),i.a.createElement(s.EuiFlexGroup,{gutterSize:"none"},i.a.createElement(s.EuiFlexItem,{grow:!1},i.a.createElement(g,{name:k,size:"l","data-test-subj":"exceptionItemCommentAvatar"})),i.a.createElement(s.EuiFlexItem,{grow:1},i.a.createElement(s.EuiTextArea,{placeholder:u,"aria-label":"Comment Input",value:t,onChange:S,fullWidth:!0,"data-test-subj":"newExceptionItemCommentTextArea"})))))}))},function(e,t,a){"use strict";a.d(t,"a",(function(){return S})),a.d(t,"b",(function(){return w}));var n=a(2),i=a(4),r=a(172),o=a(131),s=a(201),l=a(18),c=a(265),u=a(46),d=a(143),p=a(332),m=a(353),g=a(397),y=a(650),f=a(856),b=a(857),h=a(401);const E=["POST",i.eb];var v=a(591),x=a(859),k=a(860);const S=(e,t)=>{t(i.l,{deepLinkId:o.a.rules,path:Object(s.b)(null!=e?e:"")})},w=e=>{const{mutateAsync:t}=(e=>{const t=Object(p.b)(),a=Object(m.b)(),n=Object(g.b)(),i=Object(y.b)(),o=Object(b.b)(),s=Object(f.b)(),l=Object(h.b)(),c=Object(p.c)();return Object(u.useMutation)((e=>Object(d.q)(e)),{...e,mutationKey:E,onSettled:(...e)=>{var u,d,p,m,g,y;const[f,b,{bulkAction:{type:h}}]=e,E=null!==(u=null==f||null===(d=f.attributes)||void 0===d||null===(p=d.results)||void 0===p?void 0:p.updated)&&void 0!==u?u:null==b||null===(m=b.body)||void 0===m||null===(g=m.attributes)||void 0===g||null===(y=g.results)||void 0===y?void 0:y.updated;switch(h){case r.b.enable:case r.b.disable:a(),l(),E?c(E):t();break;case r.b.delete:t(),a(),n(),i(),o(),s(),l();break;case r.b.duplicate:t(),n(),l();break;case r.b.edit:E?c(E):t(),a(),n(),l()}}})})(),a=Object(x.a)(),i=Object(v.a)(),o=Object(k.a)(),s=Object(c.c)(),S=null==s?void 0:s.actions.setLoadingRules;return{executeBulkAction:Object(n.useCallback)((async n=>{try{var s;null==S||S({ids:null!==(s=n.ids)&&void 0!==s?s:o(n.type),action:n.type});const i=await t({bulkAction:n});return function(e,t){e!==r.b.disable&&e!==r.b.enable||(t.attributes.results.updated.some((e=>e.immutable))&&Object(l.h)(l.a.COUNT,e===r.b.enable?l.c.SIEM_RULE_ENABLED:l.c.SIEM_RULE_DISABLED),t.attributes.results.updated.some((e=>!e.immutable))&&Object(l.h)(l.a.COUNT,e===r.b.disable?l.c.CUSTOM_RULE_DISABLED:l.c.CUSTOM_RULE_ENABLED))}(n.type,i),null!=e&&e.suppressSuccessToast||a({actionType:n.type,summary:i.attributes.summary,editPayload:n.type===r.b.edit?n.editPayload:void 0}),i}catch(e){i({actionType:n.type,error:e})}finally{null==S||S({ids:[],action:null})}}),[null==e?void 0:e.suppressSuccessToast,o,S,t,a,i])}}},,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return n}));const n=e=>null==e?[]:null!=e.host&&null!=e.host.name?[{fieldName:"host.name",fieldValue:e.host.name[0]}]:[]},,function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(41),i=a.n(n),r=a(40);const o=i()(r.EuiInMemoryTable).withConfig({displayName:"BasicTable",componentId:"sc-1ir53m2-0"})(["tbody{th,td{vertical-align:top;}.euiTableCellContent{display:block;}}"]);o.displayName="BasicTable"},,,function(e,t,a){"use strict";a.d(t,"a",(function(){return Xt}));var n=a(2),i=a.n(n),r=a(40),o=a(103),s=a(41),l=a.n(s),c=a(142),u=a(529),d=a(115),p=a(730),m=a(111),g=a(105),y=a(178),f=a(102),b=a(422),h=a(170),E=a(106),v=a(12),x=a(133),k=a(42);const S={process:{hash:{md5:["177afc1eb0be88eb9983fb74111260c4"],sha256:["3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb"],sha1:["f573b85e9beb32121f1949217947b2adc6749e3d"]},entity_id:["MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTY5MjAtMTMyNDg5OTk2OTAuNDgzMzA3NzAw"],executable:["C:\\Users\\sean\\Downloads\\3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb.exe"],name:["C:\\Users\\sean\\Downloads\\3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb.exe"],pid:[6920],args:["C:\\Users\\sean\\Downloads\\3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb.exe"]},host:{os:{full:["Windows Server 2019 Datacenter 1809 (10.0.17763.1518)"],name:["Windows"],version:["1809 (10.0.17763.1518)"],platform:["windows"],family:["windows"],kernel:["1809 (10.0.17763.1518)"]},mac:["aa:bb:cc:dd:ee:ff"],architecture:["x86_64"],ip:["10.1.2.3"],id:["d8ad572e-d224-4044-a57d-f5a84c0dfe5d"],name:["win2019-endpoint-1"]},file:{mtime:["2020-11-04T21:40:51.494Z"],path:["C:\\Users\\sean\\Downloads\\3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb.exe"],owner:["sean"],hash:{md5:["177afc1eb0be88eb9983fb74111260c4"],sha256:["3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb"],sha1:["f573b85e9beb32121f1949217947b2adc6749e3d"]},name:["3be13acde2f4dcded4fd8d518a513bfc9882407a6e384ffb17d12710db7d76fb.exe"],extension:["exe"],size:[1604112]},event:{category:["malware","intrusion_detection","process"],outcome:["success"],severity:[73],code:["malicious_file"],action:["execution"],id:["LsuMZVr+sdhvehVM++++Gp2Y"],kind:["alert"],created:["2020-11-04T21:41:30.533Z"],module:["endpoint"],type:["info","start","denied"],dataset:["endpoint.alerts"]},agent:{type:["endpoint"]},timestamp:"2020-11-04T21:41:30.533Z",message:["Malware Prevention Alert"],_id:"0dA2lXUBn9bLIbfPkY7d"};var w=a(206),j=a(203),O=a(152);const I=()=>{const e=Object(w.c)({eventAction:"execution",eventCategory:"process",eventType:"denied",skipRedundantFileDetails:!0,text:j.S});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:S,isDraggable:!1,scopeId:O.a}))},T=i.a.memo(I),C=[{_id:"1",data:[{field:"@timestamp",value:["2018-11-05T19:03:25.937Z"]},{field:"event.severity",value:["3"]},{field:"event.category",value:["Access"]},{field:"event.action",value:["Action"]},{field:"host.name",value:["apache"]},{field:"source.ip",value:["192.168.0.1"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["john.dee"]}],ecs:{_id:"1",timestamp:"2018-11-05T19:03:25.937Z",host:{name:["apache"],ip:["192.168.0.1"]},event:{id:["1"],action:["Action"],category:["Access"],module:["nginx"],severity:[3]},source:{ip:["192.168.0.1"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["1"],name:["john.dee"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"3",data:[{field:"@timestamp",value:["2018-11-07T19:03:25.937Z"]},{field:"event.severity",value:["1"]},{field:"event.category",value:["Access"]},{field:"host.name",value:["nginx"]},{field:"source.ip",value:["192.168.0.3"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["evan.davis"]}],ecs:{_id:"3",timestamp:"2018-11-07T19:03:25.937Z",host:{name:["nginx"],ip:["192.168.0.1"]},event:{id:["3"],category:["Access"],type:["HTTP Request"],module:["nginx"],severity:[1]},source:{ip:["192.168.0.3"],port:[443]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["3"],name:["evan.davis"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"4",data:[{field:"@timestamp",value:["2018-11-08T19:03:25.937Z"]},{field:"event.severity",value:["1"]},{field:"event.category",value:["Attempted Administrator Privilege Gain"]},{field:"host.name",value:["suricata"]},{field:"source.ip",value:["192.168.0.3"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["jenny.jones"]}],ecs:{_id:"4",timestamp:"2018-11-08T19:03:25.937Z",host:{name:["suricata"],ip:["192.168.0.1"]},event:{id:["4"],category:["Attempted Administrator Privilege Gain"],type:["Alert"],module:["suricata"],severity:[1]},source:{ip:["192.168.0.3"],port:[53]},destination:{ip:["192.168.0.3"],port:[6343]},suricata:{eve:{flow_id:[4],proto:[""],alert:{signature:["ET EXPLOIT NETGEAR WNR2000v5 hidden_lang_avi Stack Overflow (CVE-2016-10174)"],signature_id:[4]}}},user:{id:["4"],name:["jenny.jones"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"5",data:[{field:"@timestamp",value:["2018-11-09T19:03:25.937Z"]},{field:"event.severity",value:["3"]},{field:"event.category",value:["Access"]},{field:"host.name",value:["joe.computer"]},{field:"source.ip",value:["192.168.0.3"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["becky.davis"]}],ecs:{_id:"5",timestamp:"2018-11-09T19:03:25.937Z",host:{name:["joe.computer"],ip:["192.168.0.1"]},event:{id:["5"],category:["Access"],type:["HTTP Request"],module:["nginx"],severity:[3]},source:{ip:["192.168.0.3"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["5"],name:["becky.davis"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"6",data:[{field:"@timestamp",value:["2018-11-10T19:03:25.937Z"]},{field:"event.severity",value:["3"]},{field:"event.category",value:["Access"]},{field:"host.name",value:["braden.davis"]},{field:"source.ip",value:["192.168.0.6"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]}],ecs:{_id:"6",timestamp:"2018-11-10T19:03:25.937Z",host:{name:["braden.davis"],ip:["192.168.0.1"]},event:{id:["6"],category:["Access"],type:["HTTP Request"],module:["nginx"],severity:[3]},source:{ip:["192.168.0.6"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"8",data:[{field:"@timestamp",value:["2018-11-12T19:03:25.937Z"]},{field:"event.severity",value:["2"]},{field:"event.category",value:["Web Application Attack"]},{field:"host.name",value:["joe.computer"]},{field:"source.ip",value:["192.168.0.8"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["jone.doe"]}],ecs:{_id:"8",timestamp:"2018-11-12T19:03:25.937Z",host:{name:["joe.computer"],ip:["192.168.0.1"]},event:{id:["8"],category:["Web Application Attack"],type:["Alert"],module:["suricata"],severity:[2]},suricata:{eve:{flow_id:[8],proto:[""],alert:{signature:["ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie"],signature_id:[8]}}},source:{ip:["192.168.0.8"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["8"],name:["jone.doe"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"7",data:[{field:"@timestamp",value:["2018-11-11T19:03:25.937Z"]},{field:"event.severity",value:["3"]},{field:"event.category",value:["Access"]},{field:"host.name",value:["joe.computer"]},{field:"source.ip",value:["192.168.0.7"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["jone.doe"]}],ecs:{_id:"7",timestamp:"2018-11-11T19:03:25.937Z",host:{name:["joe.computer"],ip:["192.168.0.1"]},event:{id:["7"],category:["Access"],type:["HTTP Request"],module:["apache"],severity:[3]},source:{ip:["192.168.0.7"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["7"],name:["jone.doe"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"9",data:[{field:"@timestamp",value:["2018-11-13T19:03:25.937Z"]},{field:"event.severity",value:["3"]},{field:"event.category",value:["Access"]},{field:"host.name",value:["joe.computer"]},{field:"source.ip",value:["192.168.0.9"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["jone.doe"]}],ecs:{_id:"9",timestamp:"2018-11-13T19:03:25.937Z",host:{name:["joe.computer"],ip:["192.168.0.1"]},event:{id:["9"],category:["Access"],type:["HTTP Request"],module:["nginx"],severity:[3]},source:{ip:["192.168.0.9"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["9"],name:["jone.doe"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"10",data:[{field:"@timestamp",value:["2018-11-14T19:03:25.937Z"]},{field:"event.severity",value:["3"]},{field:"event.category",value:["Access"]},{field:"host.name",value:["joe.computer"]},{field:"source.ip",value:["192.168.0.10"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["jone.doe"]}],ecs:{_id:"10",timestamp:"2018-11-14T19:03:25.937Z",host:{name:["joe.computer"],ip:["192.168.0.1"]},event:{id:["10"],category:["Access"],type:["HTTP Request"],module:["nginx"],severity:[3]},source:{ip:["192.168.0.10"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["10"],name:["jone.doe"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"11",data:[{field:"@timestamp",value:["2018-11-15T19:03:25.937Z"]},{field:"event.severity",value:["3"]},{field:"event.category",value:["Access"]},{field:"host.name",value:["joe.computer"]},{field:"source.ip",value:["192.168.0.11"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["jone.doe"]}],ecs:{_id:"11",timestamp:"2018-11-15T19:03:25.937Z",host:{name:["joe.computer"],ip:["192.168.0.1"]},event:{id:["11"],category:["Access"],type:["HTTP Request"],module:["nginx"],severity:[3]},source:{ip:["192.168.0.11"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["11"],name:["jone.doe"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"12",data:[{field:"@timestamp",value:["2018-11-16T19:03:25.937Z"]},{field:"event.severity",value:["3"]},{field:"event.category",value:["Access"]},{field:"host.name",value:["joe.computer"]},{field:"source.ip",value:["192.168.0.12"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["jone.doe"]}],ecs:{_id:"12",timestamp:"2018-11-16T19:03:25.937Z",host:{name:["joe.computer"],ip:["192.168.0.1"]},event:{id:["12"],category:["Access"],type:["HTTP Request"],module:["nginx"],severity:[3]},source:{ip:["192.168.0.12"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["12"],name:["jone.doe"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"2",data:[{field:"@timestamp",value:["2018-11-06T19:03:25.937Z"]},{field:"event.severity",value:["3"]},{field:"event.category",value:["Authentication"]},{field:"host.name",value:["joe.computer"]},{field:"source.ip",value:["192.168.0.2"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["joe.bob"]}],ecs:{_id:"2",timestamp:"2018-11-06T19:03:25.937Z",host:{name:["joe.computer"],ip:["192.168.0.1"]},event:{id:["2"],category:["Authentication"],type:["Authentication Success"],module:["authlog"],severity:[3]},source:{ip:["192.168.0.2"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["1"],name:["joe.bob"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"13",data:[{field:"@timestamp",value:["2018-13-12T19:03:25.937Z"]},{field:"event.severity",value:["1"]},{field:"event.category",value:["Web Application Attack"]},{field:"host.name",value:["joe.computer"]},{field:"source.ip",value:["192.168.0.8"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]}],ecs:{_id:"13",timestamp:"2018-12-12T19:03:25.937Z",host:{name:["joe.computer"],ip:["192.168.0.1"]},event:{id:["13"],category:["Web Application Attack"],type:["Alert"],module:["suricata"],severity:[1]},suricata:{eve:{flow_id:[13],proto:[""],alert:{signature:["ET WEB_SERVER Possible Attempt in HTTP Cookie"],signature_id:[13]}}},source:{ip:["192.168.0.8"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"14",data:[{field:"@timestamp",value:["2019-03-07T05:06:51.000Z"]},{field:"host.name",value:["zeek-franfurt"]},{field:"source.ip",value:["192.168.26.101"]},{field:"destination.ip",value:["192.168.238.205"]}],ecs:{_id:"14",timestamp:"2019-03-07T05:06:51.000Z",event:{module:["zeek"],dataset:["zeek.connection"]},host:{id:["37c81253e0fc4c46839c19b981be5177"],name:["zeek-franfurt"],ip:["207.154.238.205","10.19.0.5","fe80::d82b:9aff:fe0d:1e12"]},source:{ip:["185.176.26.101"],port:[44059]},destination:{ip:["207.154.238.205"],port:[11568]},geo:{region_name:["New York"],country_iso_code:["US"]},network:{transport:["tcp"]},zeek:{session_id:["C8DRTq362Fios6hw16"],connection:{local_resp:[!1],local_orig:[!1],missed_bytes:[0],state:["REJ"],history:["Sr"]}}}},{_id:"15",data:[{field:"@timestamp",value:["2019-03-07T00:51:28.000Z"]},{field:"host.name",value:["suricata-zeek-singapore"]},{field:"source.ip",value:["192.168.35.240"]},{field:"destination.ip",value:["192.168.67.3"]}],ecs:{_id:"15",timestamp:"2019-03-07T00:51:28.000Z",event:{module:["zeek"],dataset:["zeek.dns"]},host:{id:["af3fddf15f1d47979ce817ba0df10c6e"],name:["suricata-zeek-singapore"],ip:["206.189.35.240","10.15.0.5","fe80::98c7:eff:fe29:4455"]},source:{ip:["206.189.35.240"],port:[57475]},destination:{ip:["67.207.67.3"],port:[53]},geo:{region_name:["New York"],country_iso_code:["US"]},network:{transport:["udp"]},zeek:{session_id:["CyIrMA1L1JtLqdIuol"],dns:{AA:[!1],RD:[!1],trans_id:[65252],RA:[!1],TC:[!1]}}}},{_id:"16",data:[{field:"@timestamp",value:["2019-03-05T07:00:20.000Z"]},{field:"host.name",value:["suricata-zeek-singapore"]},{field:"source.ip",value:["192.168.35.240"]},{field:"destination.ip",value:["192.168.164.26"]}],ecs:{_id:"16",timestamp:"2019-03-05T07:00:20.000Z",event:{module:["zeek"],dataset:["zeek.http"]},host:{id:["af3fddf15f1d47979ce817ba0df10c6e"],name:["suricata-zeek-singapore"],ip:["206.189.35.240","10.15.0.5","fe80::98c7:eff:fe29:4455"]},source:{ip:["206.189.35.240"],port:[36220]},destination:{ip:["192.241.164.26"],port:[80]},geo:{region_name:["New York"],country_iso_code:["US"]},http:{version:["1.1"],request:{body:{bytes:[0]}},response:{status_code:[302],body:{bytes:[154]}}},zeek:{session_id:["CZLkpC22NquQJOpkwe"],http:{resp_mime_types:["text/html"],trans_depth:["3"],status_msg:["Moved Temporarily"],resp_fuids:["FzeujEPP7GTHmYPsc"],tags:[]}}}},{_id:"17",data:[{field:"@timestamp",value:["2019-02-28T22:36:28.000Z"]},{field:"host.name",value:["zeek-franfurt"]},{field:"source.ip",value:["192.168.77.171"]}],ecs:{_id:"17",timestamp:"2019-02-28T22:36:28.000Z",event:{module:["zeek"],dataset:["zeek.notice"]},host:{id:["37c81253e0fc4c46839c19b981be5177"],name:["zeek-franfurt"],ip:["207.154.238.205","10.19.0.5","fe80::d82b:9aff:fe0d:1e12"]},source:{ip:["8.42.77.171"]},zeek:{notice:{suppress_for:[3600],msg:["8.42.77.171 scanned at least 15 unique ports of host 207.154.238.205 in 0m0s"],note:["Scan::Port_Scan"],sub:["remote"],dst:["207.154.238.205"],dropped:[!1],peer_descr:["bro"]}}}},{_id:"18",data:[{field:"@timestamp",value:["2019-02-22T21:12:13.000Z"]},{field:"host.name",value:["zeek-sensor-amsterdam"]},{field:"source.ip",value:["192.168.66.184"]},{field:"destination.ip",value:["192.168.95.15"]}],ecs:{_id:"18",timestamp:"2019-02-22T21:12:13.000Z",event:{module:["zeek"],dataset:["zeek.ssl"]},host:{id:["2ce8b1e7d69e4a1d9c6bcddc473da9d9"],name:["zeek-sensor-amsterdam"]},source:{ip:["188.166.66.184"],port:[34514]},destination:{ip:["91.189.95.15"],port:[443]},geo:{region_name:["England"],country_iso_code:["GB"]},zeek:{session_id:["CmTxzt2OVXZLkGDaRe"],ssl:{cipher:["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"],established:[!1],resumed:[!1],version:["TLSv12"]}}}},{_id:"19",data:[{field:"@timestamp",value:["2019-03-03T04:26:38.000Z"]},{field:"host.name",value:["suricata-zeek-singapore"]}],ecs:{_id:"19",timestamp:"2019-03-03T04:26:38.000Z",event:{module:["zeek"],dataset:["zeek.files"]},host:{id:["af3fddf15f1d47979ce817ba0df10c6e"],name:["suricata-zeek-singapore"],ip:["206.189.35.240","10.15.0.5","fe80::98c7:eff:fe29:4455"]},zeek:{session_id:["Cu0n232QMyvNtzb75j"],files:{session_ids:["Cu0n232QMyvNtzb75j"],timedout:[!1],local_orig:[!1],tx_host:["5.101.111.50"],source:["HTTP"],is_orig:[!1],overflow_bytes:[0],sha1:["fa5195a5dfacc9d1c68d43600f0e0262cad14dde"],duration:[0],depth:[0],analyzers:["MD5","SHA1"],mime_type:["text/plain"],rx_host:["206.189.35.240"],total_bytes:[88722],fuid:["FePz1uVEVCZ3I0FQi"],seen_bytes:[1198],missing_bytes:[0],md5:["f7653f1951693021daa9e6be61226e32"]}}}},{_id:"20",data:[{field:"@timestamp",value:["2019-03-13T05:42:11.815Z"]},{field:"event.category",value:["audit-rule"]},{field:"host.name",value:["zeek-sanfran"]},{field:"process.args",value:["gpgconf","--list-dirs","agent-socket"]}],ecs:{_id:"20",timestamp:"2019-03-13T05:42:11.815Z",event:{action:["executed"],module:["auditd"],category:["audit-rule"]},host:{id:["f896741c3b3b44bdb8e351a4ab6d2d7c"],name:["zeek-sanfran"],ip:["134.209.63.134","10.46.0.5","fe80::a0d9:16ff:fecf:e70b"]},user:{name:["alice"]},process:{pid:[5402],name:["gpgconf"],ppid:[5401],args:["gpgconf","--list-dirs","agent-socket"],executable:["/usr/bin/gpgconf"],title:["gpgconf --list-dirs agent-socket"],working_directory:["/"]}}},{_id:"21",data:[{field:"@timestamp",value:["2019-03-14T22:30:25.527Z"]},{field:"event.category",value:["user-login"]},{field:"host.name",value:["zeek-london"]},{field:"source.ip",value:["192.168.77.171"]},{field:"user.name",value:["root"]}],ecs:{_id:"21",timestamp:"2019-03-14T22:30:25.527Z",event:{action:["logged-in"],module:["auditd"],category:["user-login"]},auditd:{result:["success"],session:["14"],data:{terminal:["/dev/pts/0"],op:["login"]},summary:{actor:{primary:["alice"],secondary:["alice"]},object:{primary:["/dev/pts/0"],secondary:["8.42.77.171"],type:["user-session"]},how:["/usr/sbin/sshd"]}},host:{id:["7c21f5ed03b04d0299569d221fe18bbc"],name:["zeek-london"],ip:["46.101.3.136","10.16.0.5","fe80::4066:42ff:fe19:b3b9"]},source:{ip:["8.42.77.171"]},user:{name:["root"]},process:{pid:[17471],executable:["/usr/sbin/sshd"]}}},{_id:"22",data:[{field:"@timestamp",value:["2019-03-13T03:35:21.614Z"]},{field:"event.category",value:["user-login"]},{field:"host.name",value:["suricata-bangalore"]},{field:"user.name",value:["root"]}],ecs:{_id:"22",timestamp:"2019-03-13T03:35:21.614Z",event:{action:["disposed-credentials"],module:["auditd"],category:["user-login"]},auditd:{result:["success"],session:["340"],data:{acct:["alice"],terminal:["ssh"],op:["PAM:setcred"]},summary:{actor:{primary:["alice"],secondary:["alice"]},object:{primary:["ssh"],secondary:["8.42.77.171"],type:["user-session"]},how:["/usr/sbin/sshd"]}},host:{id:["0a63559c1acf4c419d979c4b4d8b83ff"],name:["suricata-bangalore"],ip:["139.59.11.147","10.47.0.5","fe80::ec0b:1bff:fe29:80bd"]},user:{name:["root"]},process:{pid:[21202],executable:["/usr/sbin/sshd"]}}},{_id:"23",data:[{field:"@timestamp",value:["2019-03-13T03:35:21.614Z"]},{field:"event.category",value:["user-login"]},{field:"host.name",value:["suricata-bangalore"]},{field:"user.name",value:["root"]}],ecs:{_id:"23",timestamp:"2019-03-13T03:35:21.614Z",event:{action:["ended-session"],module:["auditd"],category:["user-login"]},auditd:{result:["success"],session:["340"],data:{acct:["alice"],terminal:["ssh"],op:["PAM:session_close"]},summary:{actor:{primary:["alice"],secondary:["alice"]},object:{primary:["ssh"],secondary:["8.42.77.171"],type:["user-session"]},how:["/usr/sbin/sshd"]}},host:{id:["0a63559c1acf4c419d979c4b4d8b83ff"],name:["suricata-bangalore"],ip:["139.59.11.147","10.47.0.5","fe80::ec0b:1bff:fe29:80bd"]},user:{name:["root"]},process:{pid:[21202],executable:["/usr/sbin/sshd"]}}},{_id:"24",data:[{field:"@timestamp",value:["2019-03-18T23:17:01.645Z"]},{field:"event.category",value:["user-login"]},{field:"host.name",value:["zeek-london"]},{field:"user.name",value:["root"]}],ecs:{_id:"24",timestamp:"2019-03-18T23:17:01.645Z",event:{action:["acquired-credentials"],module:["auditd"],category:["user-login"]},auditd:{result:["success"],session:["unset"],data:{acct:["root"],terminal:["cron"],op:["PAM:setcred"]},summary:{actor:{primary:["unset"],secondary:["root"]},object:{primary:["cron"],type:["user-session"]},how:["/usr/sbin/cron"]}},host:{id:["7c21f5ed03b04d0299569d221fe18bbc"],name:["zeek-london"],ip:["46.101.3.136","10.16.0.5","fe80::4066:42ff:fe19:b3b9"]},user:{name:["root"]},process:{pid:[9592],executable:["/usr/sbin/cron"]}}},{_id:"25",data:[{field:"@timestamp",value:["2019-03-19T01:17:01.336Z"]},{field:"event.category",value:["user-login"]},{field:"host.name",value:["siem-kibana"]},{field:"user.name",value:["root"]}],ecs:{_id:"25",timestamp:"2019-03-19T01:17:01.336Z",event:{action:["started-session"],module:["auditd"],category:["user-login"]},auditd:{result:["success"],session:["2908"],data:{acct:["root"],terminal:["cron"],op:["PAM:session_open"]},summary:{actor:{primary:["root"],secondary:["root"]},object:{primary:["cron"],type:["user-session"]},how:["/usr/sbin/cron"]}},host:{id:["aa7ca589f1b8220002f2fc61c64cfbf1"],name:["siem-kibana"]},user:{name:["root"]},process:{pid:[725],executable:["/usr/sbin/cron"]}}},{_id:"26",data:[{field:"@timestamp",value:["2019-03-13T03:34:08.890Z"]},{field:"event.category",value:["user-login"]},{field:"host.name",value:["suricata-bangalore"]},{field:"user.name",value:["alice"]}],ecs:{_id:"26",timestamp:"2019-03-13T03:34:08.890Z",event:{action:["was-authorized"],module:["auditd"],category:["user-login"]},auditd:{result:["success"],session:["338"],data:{terminal:["/dev/pts/0"]},summary:{actor:{primary:["root"],secondary:["alice"]},object:{primary:["/dev/pts/0"],type:["user-session"]},how:["/sbin/pam_tally2"]}},host:{id:["0a63559c1acf4c419d979c4b4d8b83ff"],name:["suricata-bangalore"],ip:["139.59.11.147","10.47.0.5","fe80::ec0b:1bff:fe29:80bd"]},user:{name:["alice"]},process:{pid:[21170],executable:["/sbin/pam_tally2"]}}},{_id:"27",data:[{field:"@timestamp",value:["2019-03-22T19:13:11.026Z"]},{field:"event.action",value:["connected-to"]},{field:"event.category",value:["audit-rule"]},{field:"host.name",value:["zeek-london"]},{field:"destination.ip",value:["192.168.216.34"]},{field:"user.name",value:["alice"]}],ecs:{_id:"27",timestamp:"2019-03-22T19:13:11.026Z",event:{action:["connected-to"],module:["auditd"],category:["audit-rule"]},auditd:{result:["success"],session:["246"],summary:{actor:{primary:["alice"],secondary:["alice"]},object:{primary:["192.168.216.34"],secondary:["80"],type:["socket"]},how:["/usr/bin/wget"]}},host:{id:["7c21f5ed03b04d0299569d221fe18bbc"],name:["zeek-london"],ip:["46.101.3.136","10.16.0.5","fe80::4066:42ff:fe19:b3b9"]},destination:{ip:["192.168.216.34"],port:[80]},user:{name:["alice"]},process:{pid:[1490],name:["wget"],ppid:[1476],executable:["/usr/bin/wget"],title:["wget www.example.com"]}}},{_id:"28",data:[{field:"@timestamp",value:["2019-03-26T22:12:18.609Z"]},{field:"event.action",value:["opened-file"]},{field:"event.category",value:["audit-rule"]},{field:"host.name",value:["zeek-london"]},{field:"user.name",value:["root"]}],ecs:{_id:"28",timestamp:"2019-03-26T22:12:18.609Z",event:{action:["opened-file"],module:["auditd"],category:["audit-rule"]},auditd:{result:["success"],session:["242"],summary:{actor:{primary:["unset"],secondary:["root"]},object:{primary:["/proc/15990/attr/current"],type:["file"]},how:["/lib/systemd/systemd-journald"]}},file:{path:["/proc/15990/attr/current"],device:["00:00"],inode:["27672309"],uid:["0"],owner:["root"],gid:["0"],group:["root"],mode:["0666"]},host:{id:["7c21f5ed03b04d0299569d221fe18bbc"],name:["zeek-london"],ip:["46.101.3.136","10.16.0.5","fe80::4066:42ff:fe19:b3b9"]},user:{name:["root"]},process:{pid:[27244],name:["systemd-journal"],ppid:[1],executable:["/lib/systemd/systemd-journald"],title:["/lib/systemd/systemd-journald"],working_directory:["/"]}}},{_id:"29",data:[{field:"@timestamp",value:["2019-04-08T21:18:57.000Z"]},{field:"event.action",value:["user_login"]},{field:"event.category",value:null},{field:"host.name",value:["zeek-london"]},{field:"user.name",value:["Braden"]}],ecs:{_id:"29",event:{action:["user_login"],dataset:["login"],kind:["event"],module:["system"],outcome:["failure"]},host:{id:["7c21f5ed03b04d0299569d221fe18bbc"],name:["zeek-london"],ip:["46.101.3.136","10.16.0.5","fe80::4066:42ff:fe19:b3b9"]},source:{ip:["128.199.212.120"]},user:{name:["Braden"]},process:{pid:[6278]}}},{_id:"30",data:[{field:"@timestamp",value:["2019-04-08T22:27:14.814Z"]},{field:"event.action",value:["process_started"]},{field:"event.category",value:null},{field:"host.name",value:["zeek-london"]},{field:"user.name",value:["Evan"]}],ecs:{_id:"30",event:{action:["process_started"],dataset:["login"],kind:["event"],module:["system"],outcome:["failure"]},host:{id:["7c21f5ed03b04d0299569d221fe18bbc"],name:["zeek-london"],ip:["46.101.3.136","10.16.0.5","fe80::4066:42ff:fe19:b3b9"]},source:{ip:["128.199.212.120"]},user:{name:["Evan"]},process:{pid:[6278]}}},{_id:"31",data:[{field:"@timestamp",value:["2018-11-05T19:03:25.937Z"]},{field:"message",value:["I am a log file message"]},{field:"event.severity",value:["3"]},{field:"event.category",value:["Access"]},{field:"event.action",value:["Action"]},{field:"host.name",value:["apache"]},{field:"source.ip",value:["192.168.0.1"]},{field:"destination.ip",value:["192.168.0.3"]},{field:"destination.bytes",value:["123456"]},{field:"user.name",value:["john.dee"]}],ecs:{_id:"1",timestamp:"2018-11-05T19:03:25.937Z",host:{name:["apache"],ip:["192.168.0.1"]},event:{id:["1"],action:["Action"],category:["Access"],module:["nginx"],severity:[3]},message:["I am a log file message"],source:{ip:["192.168.0.1"],port:[80]},destination:{ip:["192.168.0.3"],port:[6343]},user:{id:["1"],name:["john.dee"]},geo:{region_name:["xx"],country_iso_code:["xx"]}}},{_id:"32",data:[],ecs:{_id:"BuBP4W0BOpWiDweSoYSg",timestamp:"2019-10-18T23:59:15.091Z",threat:{enrichments:[{indicator:{provider:["indicator_provider"],reference:["https://example.com"]},matched:{atomic:["192.168.1.1"],field:["source.ip"],type:["ip"]},feed:{name:["feed_name"]}}]}}}];var M=a(601),F=a(276);const D=()=>{const e=Object(M.b)({actionName:"connected-to",text:F.T});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:C[26].ecs,isDraggable:!1,scopeId:O.a}))},A=i.a.memo(D),_=()=>{const e=Object(M.c)({actionName:"opened-file",text:`${F.Db} ${F.kc}`});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:C[27].ecs,isDraggable:!1,scopeId:O.a}))},N=i.a.memo(_),R={file:{path:["C:\\Windows\\System32\\bcrypt.dll"],hash:{md5:["00439016776de367bad087d739a03797"],sha1:["2c4ba5c1482987d50a182bad915f52cd6611ee63"],sha256:["e70f5d8f87aab14e3160227d38387889befbe37fa4f8f5adc59eff52804b35fd"]},name:["bcrypt.dll"]},host:{os:{full:["Windows Server 2019 Datacenter 1809 (10.0.17763.1697)"],name:["Windows"],version:["1809 (10.0.17763.1697)"],family:["windows"],kernel:["1809 (10.0.17763.1697)"],platform:["windows"]},mac:["aa:bb:cc:dd:ee:ff"],name:["win2019-endpoint-1"],architecture:["x86_64"],ip:["10.1.2.3"],id:["d8ad572e-d224-4044-a57d-f5a84c0dfe5d"]},event:{category:["library"],kind:["event"],created:["2021-02-05T21:27:23.921Z"],module:["endpoint"],action:["load"],type:["start"],id:["LzzWB9jjGmCwGMvk++++Da5H"],dataset:["endpoint.events.library"]},process:{name:["sshd.exe"],pid:[9644],entity_id:["MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTk2NDQtMTMyNTcwMzQwNDEuNzgyMTczODAw"],executable:["C:\\Program Files\\OpenSSH-Win64\\sshd.exe"]},agent:{type:["endpoint"]},user:{name:["SYSTEM"],domain:["NT AUTHORITY"]},message:["Endpoint DLL load event"],timestamp:"2021-02-05T21:27:23.921Z",_id:"IAUYdHcBGrBB52F2zo8Q"},q=()=>{const e=Object(w.d)({actionName:"load",text:j.q});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:R,isDraggable:!1,scopeId:O.a}))},P=i.a.memo(q);var L=a(1394),B=a(820);const z=()=>i.a.createElement(i.a.Fragment,null,B.a.renderRow({data:{destination:{bytes:[40],geo:{city_name:["New York"],continent_name:["North America"],country_iso_code:["US"],country_name:["United States"],region_name:["New York"]},ip:["10.1.2.3"],packets:[1],port:[80]},event:{action:["network_flow"],category:["network_traffic"],duration:[L.a],end:["2018-11-12T19:03:25.936Z"],start:["2018-11-12T19:03:25.836Z"]},_id:"abcd",network:{bytes:[100],community_id:["we.live.in.a"],direction:["outgoing"],packets:[3],protocol:["http"],transport:["tcp"]},process:{name:["rat"]},source:{bytes:[60],geo:{city_name:["Atlanta"],continent_name:["North America"],country_iso_code:["US"],country_name:["United States"],region_name:["Georgia"]},ip:["192.168.1.2"],packets:[2],port:[9987]},timestamp:"2018-11-12T19:03:25.936Z",tls:{client_certificate:{fingerprint:{sha1:["tls.client_certificate.fingerprint.sha1-value"]}},fingerprints:{ja3:{hash:["tls.fingerprints.ja3.hash-value"]}},server_certificate:{fingerprint:{sha1:["tls.server_certificate.fingerprint.sha1-value"]}}},user:{name:["first.last"]}},isDraggable:!1,scopeId:O.a})),$=i.a.memo(z),V={host:{os:{full:["Windows Server 2019 Datacenter 1809 (10.0.17763.1697)"],name:["Windows"],version:["1809 (10.0.17763.1697)"],family:["windows"],kernel:["1809 (10.0.17763.1697)"],platform:["windows"]},mac:["aa:bb:cc:dd:ee:ff"],name:["win2019-endpoint-1"],architecture:["x86_64"],ip:["10.1.2.3"],id:["d8ad572e-d224-4044-a57d-f5a84c0dfe5d"]},event:{category:["registry"],kind:["event"],created:["2021-02-04T13:44:31.559Z"],module:["endpoint"],action:["modification"],type:["change"],id:["LzzWB9jjGmCwGMvk++++CbOn"],dataset:["endpoint.events.registry"]},process:{name:["GoogleUpdate.exe"],pid:[7408],entity_id:["MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTc0MDgtMTMyNTY5MTk4NDguODY4NTI0ODAw"],executable:["C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe"]},registry:{hive:["HKLM"],key:["SOFTWARE\\WOW6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState"],path:["HKLM\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\CurrentState\\StateValue"],value:["StateValue"]},agent:{type:["endpoint"]},user:{name:["SYSTEM"],domain:["NT AUTHORITY"]},message:["Endpoint registry event"],timestamp:"2021-02-04T13:44:31.559Z",_id:"4cxLbXcBGrBB52F2uOfF"},G=()=>{const e=Object(w.e)({actionName:"modification",text:j.u});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:V,isDraggable:!1,scopeId:O.a}))},U=i.a.memo(G);var H=a(871);const W=()=>i.a.createElement(i.a.Fragment,null,H.a.renderRow({data:C[2].ecs,isDraggable:!1,scopeId:O.a})),Q=i.a.memo(W),Y={_id:"2MjPcG0BOpWiDweSoutC",user:{id:["S-1-5-21-3573271228-3407584681-1597858646-1002"],domain:["Anvi-Acer"],name:["Arun"]},host:{os:{platform:["windows"],name:["Windows"],version:["6.1"]},ip:["10.178.85.222"],name:["HD-obe-8bf77f54"]},event:{module:["endgame"],dataset:["esensor"],action:["termination_event"],category:["process"],kind:["event"]},timestamp:"1569555712000",process:{hash:{md5:["bd4401441a21bf1abce6404f4231db4d"],sha1:["797255e72d5ed5c058d4785950eba7abaa057653"],sha256:["87976f3430cc99bc939e0694247c0759961a49832b87218f4313d6fc0bc3a776"]},pid:[442384],ppid:[8],name:["RuntimeBroker.exe"],executable:["C:\\Windows\\System32\\RuntimeBroker.exe"]},endgame:{pid:[442384],process_name:["RuntimeBroker.exe"],exit_code:[0]}},K=()=>{const e=Object(w.h)({actionName:"termination_event",text:j.H});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:Y,isDraggable:!1,scopeId:O.a}))},Z=i.a.memo(K),J={_id:"S8jPcG0BOpWiDweSou3g",user:{id:["S-1-5-18"],domain:["NT AUTHORITY"],name:["SYSTEM"]},host:{os:{platform:["windows"],name:["Windows"],version:["6.1"]},ip:["10.178.85.222"],name:["HD-obe-8bf77f54"]},event:{module:["endgame"],dataset:["esensor"],action:["request_event"],category:["network"],kind:["event"]},message:["DNS query is completed for the name %1, type %2, query options %3 with status %4 Results %5 "],timestamp:"1569555712000",dns:{question:{name:["update.googleapis.com"],type:["A"]},resolved_ip:["10.100.197.67"]},network:{protocol:["dns"]},process:{pid:[443192],name:["GoogleUpdate.exe"],executable:["C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe"]},winlog:{event_id:[3008]},endgame:{process_name:["GoogleUpdate.exe"],pid:[443192]}},X=()=>{const e=Object(w.a)();return i.a.createElement(i.a.Fragment,null,e.renderRow({data:J,isDraggable:!1,scopeId:O.a}))},ee=i.a.memo(X),te={_id:"BcjPcG0BOpWiDweSou3g",user:{id:["S-1-5-21-3573271228-3407584681-1597858646-1002"],domain:["Anvi-Acer"],name:["Arun"]},host:{os:{platform:["windows"],name:["Windows"],version:["6.1"]},ip:["10.178.85.222"],name:["HD-obe-8bf77f54"]},event:{module:["endgame"],dataset:["esensor"],action:["creation_event"],category:["process"],type:["process_start"],kind:["event"]},timestamp:"1569555712000",process:{hash:{md5:["62d06d7235b37895b68de56687895743"],sha1:["12563599116157778a22600d2a163d8112aed845"],sha256:["d4c97ed46046893141652e2ec0056a698f6445109949d7fcabbce331146889ee"]},pid:[441684],ppid:[8],name:["Microsoft.Photos.exe"],executable:["C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe"],args:["C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe","-ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca"]},endgame:{process_name:["Microsoft.Photos.exe"],pid:[441684],parent_process_name:["svchost.exe"]}},ae=()=>{const e=Object(w.b)({actionName:"creation_event",text:j.A});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:te,isDraggable:!1,scopeId:O.a}))},ne=i.a.memo(ae),ie={_id:"98jPcG0BOpWiDweSouzg",user:{id:["S-1-5-21-3573271228-3407584681-1597858646-1002"],domain:["Anvi-Acer"],name:["Arun"]},host:{os:{platform:["windows"],name:["Windows"],version:["6.1"]},ip:["10.178.85.222"],name:["HD-obe-8bf77f54"]},event:{module:["endgame"],dataset:["esensor"],action:["file_create_event"],category:["file"],kind:["event"]},timestamp:"1569555712000",endgame:{process_name:["chrome.exe"],pid:[11620],file_path:["C:\\Users\\Arun\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\63d78c21-e593-4484-b7a9-db33cd522ddc.tmp"]}},re={_id:"OMjPcG0BOpWiDweSeuW9",user:{id:["S-1-5-18"],domain:["NT AUTHORITY"],name:["SYSTEM"]},host:{os:{platform:["windows"],name:["Windows"],version:["10.0"]},ip:["10.134.159.150"],name:["HD-v1s-d2118419"]},event:{module:["endgame"],dataset:["esensor"],action:["file_delete_event"],category:["file"],kind:["event"]},timestamp:"1569555704000",endgame:{pid:[1084],file_name:["tmp000002f6"],file_path:["C:\\Windows\\TEMP\\tmp00000404\\tmp000002f6"],process_name:["AmSvc.exe"]}},oe=()=>{const e=Object(w.g)({actionName:"file_delete_event",text:j.f});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:re,isDraggable:!1,scopeId:O.a}))},se=i.a.memo(oe),le=()=>{const e=Object(w.f)({actionName:"file_create_event",text:j.e});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:ie,isDraggable:!1,scopeId:O.a}))},ce=i.a.memo(le),ue={_id:"QsjPcG0BOpWiDweSeuRE",user:{id:["S-1-5-18"],domain:["NT AUTHORITY"],name:["SYSTEM"]},host:{os:{platform:["windows"],name:["Windows"],version:["10.0"]},ip:["10.134.159.150"],name:["HD-v1s-d2118419"]},event:{module:["endgame"],dataset:["esensor"],action:["user_logon"],category:["authentication"],type:["authentication_success"],kind:["event"]},message:["An account was successfully logged on.\r\n\r\nSubject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tWIN-Q3DOP1UKA81$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nLogon Type:\t\t\t5\r\n\r\nNew Logon:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tSYSTEM\r\n\tAccount Domain:\t\tNT AUTHORITY\r\n\tLogon ID:\t\t0x3e7\r\n\tLogon GUID:\t\t{00000000-0000-0000-0000-000000000000}\r\n\r\nProcess Information:\r\n\tProcess ID:\t\t0x1b0\r\n\tProcess Name:\t\tC:\\Windows\\System32\\services.exe\r\n\r\nNetwork Information:\r\n\tWorkstation Name:\t\r\n\tSource Network Address:\t-\r\n\tSource Port:\t\t-\r\n\r\nDetailed Authentication Information:\r\n\tLogon Process:\t\tAdvapi  \r\n\tAuthentication Package:\tNegotiate\r\n\tTransited Services:\t-\r\n\tPackage Name (NTLM only):\t-\r\n\tKey Length:\t\t0\r\n\r\nThis event is generated when a logon session is created. It is generated on the computer that was accessed.\r\n\r\nThe subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\r\n\r\nThe logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).\r\n\r\nThe New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.\r\n\r\nThe network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\r\n\r\nThe authentication information fields provide detailed information about this specific logon request.\r\n\t- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.\r\n\t- Transited services indicate which intermediate services have participated in this logon request.\r\n\t- Package name indicates which sub-protocol was used among the NTLM protocols.\r\n\t- Key length indicates the length of the generated session key. This will be 0 if no session key was requested."],timestamp:"1569555704000",process:{pid:[432],name:["C:\\Windows\\System32\\services.exe"],executable:["C:\\Windows\\System32\\services.exe"]},winlog:{event_id:[4624]},endgame:{target_logon_id:["0x3e7"],pid:[432],process_name:["C:\\Windows\\System32\\services.exe"],logon_type:[5],subject_user_name:["WIN-Q3DOP1UKA81$"],subject_logon_id:["0x3e7"],target_user_name:["SYSTEM"],target_domain_name:["NT AUTHORITY"]}},de=()=>{const e=Object(w.i)({actionName:"user_logon"});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:ue,isDraggable:!1,scopeId:O.a}))},pe=i.a.memo(de),me={_id:"LsjPcG0BOpWiDweSCNfu",user:{id:["S-1-5-18"],domain:["NT AUTHORITY"],name:["SYSTEM"]},host:{os:{platform:["windows"],name:["Windows"],version:["10.0"]},ip:["10.43.255.177"],name:["HD-gqf-0af7b4fe"]},event:{module:["endgame"],dataset:["esensor"],action:["ipv4_connection_accept_event"],category:["network"],kind:["event"]},timestamp:"1569555676000",network:{community_id:["1:network-community_id"],transport:["tcp"]},process:{pid:[1084],name:["AmSvc.exe"],executable:["C:\\Program Files\\Cybereason ActiveProbe\\AmSvc.exe"]},source:{ip:["127.0.0.1"],port:[49306]},destination:{port:[49305],ip:["127.0.0.1"]},endgame:{pid:[1084]}},ge=()=>{const e=Object(w.j)({actionName:"ipv4_connection_accept_event",text:j.b});return i.a.createElement(i.a.Fragment,null,e.renderRow({data:me,isDraggable:!1,scopeId:O.a}))},ye=i.a.memo(ge);var fe=a(870);const be=()=>i.a.createElement(i.a.Fragment,null,fe.a.renderRow({data:C[31].ecs,isDraggable:!1,scopeId:O.a})),he=i.a.memo(be);var Ee=a(873);const ve=()=>i.a.createElement(i.a.Fragment,null,Ee.a.renderRow({data:C[13].ecs,isDraggable:!1,scopeId:O.a})),xe=i.a.memo(ve);var ke=a(5);const Se=ke.i18n.translate("xpack.securitySolution.eventRenderers.alertName",{defaultMessage:"Alert"}),we=ke.i18n.translate("xpack.securitySolution.eventRenderers.alertsName",{defaultMessage:"Alerts"}),je=ke.i18n.translate("xpack.securitySolution.eventRenderers.alertsDescription",{defaultMessage:"Alerts are displayed when malware or ransomware is prevented and detected"}),Oe=ke.i18n.translate("xpack.securitySolution.eventRenderers.auditdName",{defaultMessage:"Auditd"}),Ie=ke.i18n.translate("xpack.securitySolution.eventRenderers.auditdDescriptionPart1",{defaultMessage:"audit events convey security-relevant logs from the Linux Audit Framework."}),Te=ke.i18n.translate("xpack.securitySolution.eventRenderers.auditdFileName",{defaultMessage:"Auditd File"}),Ce=ke.i18n.translate("xpack.securitySolution.eventRenderers.auditdFileDescriptionPart1",{defaultMessage:"File events show users (and system accounts) performing CRUD operations on files via specific processes."}),Me=ke.i18n.translate("xpack.securitySolution.eventRenderers.authenticationName",{defaultMessage:"Authentication"}),Fe=ke.i18n.translate("xpack.securitySolution.eventRenderers.authenticationDescriptionPart1",{defaultMessage:"Authentication events show users (and system accounts) successfully or unsuccessfully logging into hosts."}),De=ke.i18n.translate("xpack.securitySolution.eventRenderers.authenticationDescriptionPart2",{defaultMessage:"Some authentication events may include additional details when users authenticate on behalf of other users."}),Ae=ke.i18n.translate("xpack.securitySolution.eventRenderers.dnsName",{defaultMessage:"Domain Name System (DNS)"}),_e=ke.i18n.translate("xpack.securitySolution.eventRenderers.dnsDescriptionPart1",{defaultMessage:"Domain Name System (DNS) events show users (and system accounts) making requests via specific processes to translate from host names to IP addresses."}),Ne=ke.i18n.translate("xpack.securitySolution.eventRenderers.fileName",{defaultMessage:"File"}),Re=ke.i18n.translate("xpack.securitySolution.eventRenderers.fileDescriptionPart1",{defaultMessage:"File events show users (and system accounts) performing CRUD operations on files via specific processes."}),qe=ke.i18n.translate("xpack.securitySolution.eventRenderers.fimName",{defaultMessage:"File Integrity Module (FIM)"}),Pe=ke.i18n.translate("xpack.securitySolution.eventRenderers.fimDescriptionPart1",{defaultMessage:"File Integrity Module (FIM) events show users (and system accounts) performing CRUD operations on files via specific processes."}),Le=ke.i18n.translate("xpack.securitySolution.eventRenderers.flowName",{defaultMessage:"Flow"}),Be=ke.i18n.translate("xpack.securitySolution.eventRenderers.flowDescriptionPart1",{defaultMessage:"The Flow renderer visualizes the flow of data between a source and destination. It's applicable to many types of events."}),ze=ke.i18n.translate("xpack.securitySolution.eventRenderers.flowDescriptionPart2",{defaultMessage:"The hosts, ports, protocol, direction, duration, amount transferred, process, geographic location, and other details are visualized when available."}),$e=ke.i18n.translate("xpack.securitySolution.eventRenderers.libraryName",{defaultMessage:"Library"}),Ve=ke.i18n.translate("xpack.securitySolution.eventRenderers.libraryDescription",{defaultMessage:"Library events display a Dynamically Linked Library (DLL) being loaded by a process"}),Ge=ke.i18n.translate("xpack.securitySolution.eventRenderers.processName",{defaultMessage:"Process"}),Ue=ke.i18n.translate("xpack.securitySolution.eventRenderers.processDescriptionPart1",{defaultMessage:"Process events show users (and system accounts) starting and stopping processes."}),He=ke.i18n.translate("xpack.securitySolution.eventRenderers.processDescriptionPart2",{defaultMessage:"Details including the command line arguments, parent process, and if applicable, file hashes are displayed when available."}),We=ke.i18n.translate("xpack.securitySolution.eventRenderers.registryName",{defaultMessage:"Registry"}),Qe=ke.i18n.translate("xpack.securitySolution.eventRenderers.registryDescription",{defaultMessage:"Registry events show updates to the Windows Registry"}),Ye=ke.i18n.translate("xpack.securitySolution.eventRenderers.socketName",{defaultMessage:"Socket (Network)"}),Ke=ke.i18n.translate("xpack.securitySolution.eventRenderers.socketDescriptionPart1",{defaultMessage:"Socket (Network) events show processes listening, accepting, and closing connections."}),Ze=ke.i18n.translate("xpack.securitySolution.eventRenderers.socketDescriptionPart2",{defaultMessage:"Details including the protocol, ports, and a community ID for correlating all network events related to a single flow are displayed when available."}),Je=ke.i18n.translate("xpack.securitySolution.eventRenderers.suricataName",{defaultMessage:"Suricata"}),Xe=ke.i18n.translate("xpack.securitySolution.eventRenderers.suricataDescriptionPart1",{defaultMessage:"Summarizes"}),et=ke.i18n.translate("xpack.securitySolution.eventRenderers.suricataDescriptionPart2",{defaultMessage:"intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM) events"}),tt=ke.i18n.translate("xpack.securitySolution.eventRenderers.systemName",{defaultMessage:"System"}),at=ke.i18n.translate("xpack.securitySolution.eventRenderers.systemDescriptionPart1",{defaultMessage:"The Auditbeat"}),nt=ke.i18n.translate("xpack.securitySolution.eventRenderers.systemDescriptionPart2",{defaultMessage:"module collects various security related information about a system."}),it=ke.i18n.translate("xpack.securitySolution.eventRenderers.systemDescriptionPart3",{defaultMessage:"All datasets send both periodic state information (e.g. all currently running processes) and real-time changes (e.g. when a new process starts or stops)."}),rt=ke.i18n.translate("xpack.securitySolution.eventRenderers.threatMatchName",{defaultMessage:"Threat Indicator Match"}),ot=ke.i18n.translate("xpack.securitySolution.eventRenderers.threatMatchDescription",{defaultMessage:"Summarizes events that matched threat indicators"}),st=ke.i18n.translate("xpack.securitySolution.eventRenderers.zeekName",{defaultMessage:"Zeek (formerly Bro)"}),lt=ke.i18n.translate("xpack.securitySolution.eventRenderers.zeekDescriptionPart1",{defaultMessage:"Summarizes events from the"}),ct=ke.i18n.translate("xpack.securitySolution.eventRenderers.zeekDescriptionPart2",{defaultMessage:"Network Security Monitoring (NSM) tool"}),ut={[E.d.alert]:Se,[E.d.alerts]:we,[E.d.auditd]:Oe,[E.d.auditd_file]:Te,[E.d.library]:$e,[E.d.system_security_event]:Me,[E.d.system_dns]:Ae,[E.d.netflow]:Le,[E.d.system]:tt,[E.d.system_endgame_process]:Ge,[E.d.registry]:We,[E.d.system_fim]:qe,[E.d.system_file]:Ne,[E.d.system_socket]:Ye,[E.d.suricata]:"Suricata",[E.d.threat_match]:rt,[E.d.zeek]:st,[E.d.plain]:""},dt=({children:e,url:t})=>i.a.createElement(r.EuiLink,{href:t,target:"_blank",rel:"noopener nofollow noreferrer","data-test-subj":"externalLink"},e),pt=[{id:E.d.alerts,name:ut[E.d.alerts],description:je,example:T,searchableDescription:je},{id:E.d.auditd,name:ut[E.d.auditd],description:i.a.createElement("span",null,i.a.createElement(dt,{url:"https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-auditd.html"},Oe)," ",Ie),example:A,searchableDescription:`${Oe} ${Ie}`},{id:E.d.auditd_file,name:ut[E.d.auditd_file],description:i.a.createElement("span",null,i.a.createElement(dt,{url:"https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-auditd.html"},Oe)," ",Ce),example:N,searchableDescription:`${Te} ${Ce}`},{id:E.d.library,name:ut[E.d.library],description:Ve,example:P,searchableDescription:Ve},{id:E.d.system_security_event,name:ut[E.d.system_security_event],description:i.a.createElement("div",null,i.a.createElement("p",null,Fe),i.a.createElement("br",null),i.a.createElement("p",null,De)),example:pe,searchableDescription:`${Fe} ${De}`},{id:E.d.system_dns,name:ut[E.d.system_dns],description:_e,example:ee,searchableDescription:_e},{id:E.d.netflow,name:ut[E.d.netflow],description:i.a.createElement("div",null,i.a.createElement("p",null,Be),i.a.createElement("br",null),i.a.createElement("p",null,ze)),example:$,searchableDescription:`${Be} ${ze}`},{id:E.d.system,name:ut[E.d.system],description:i.a.createElement("div",null,i.a.createElement("p",null,at," ",i.a.createElement(dt,{url:"https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-system.html"},tt)," ",nt),i.a.createElement("br",null),i.a.createElement("p",null,it)),example:Z,searchableDescription:`${at} ${tt} ${nt} ${it}`},{id:E.d.system_endgame_process,name:ut[E.d.system_endgame_process],description:i.a.createElement("div",null,i.a.createElement("p",null,Ue),i.a.createElement("br",null),i.a.createElement("p",null,He)),example:ne,searchableDescription:`${Ue} ${He}`},{id:E.d.registry,name:ut[E.d.registry],description:Qe,example:U,searchableDescription:Qe},{id:E.d.system_fim,name:ut[E.d.system_fim],description:Pe,example:ce,searchableDescription:Pe},{id:E.d.system_file,name:ut[E.d.system_file],description:Re,example:se,searchableDescription:Re},{id:E.d.system_socket,name:ut[E.d.system_socket],description:i.a.createElement("div",null,i.a.createElement("p",null,Ke),i.a.createElement("br",null),i.a.createElement("p",null,Ze)),example:ye,searchableDescription:`${Ke} ${Ze}`},{id:E.d.suricata,name:ut[E.d.suricata],description:i.a.createElement("p",null,Xe," ",i.a.createElement(dt,{url:"https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-suricata.html"},Je)," ",et),example:Q,searchableDescription:`${Xe} ${Je} ${et}`},{id:E.d.threat_match,name:ut[E.d.threat_match],description:ot,example:he,searchableDescription:`${rt} ${ot}`},{id:E.d.zeek,name:ut[E.d.zeek],description:i.a.createElement("p",null,lt," ",i.a.createElement(dt,{url:"https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-zeek.html"},st)," ",ct),example:xe,searchableDescription:`${lt} ${st} ${ct}`}],mt=l()(r.EuiInMemoryTable).withConfig({displayName:"StyledEuiInMemoryTable",componentId:"sc-ietqpj-0"})([".euiTable{tr > *:last-child{display:none;}.euiTableHeaderCellCheckbox > .euiTableCellContent{display:none;}}"]),gt=l()(r.EuiFlexItem).withConfig({displayName:"StyledEuiFlexItem",componentId:"sc-ietqpj-1"})(["overflow:auto;> div{padding:0;> div{margin:0;}}"]),yt=e=>{if(e)return i.a.createElement(gt,{grow:1},i.a.createElement(e,null))},ft={box:{incremental:!0,schema:!0}},bt=()=>i.a.createElement(i.a.Fragment,null),ht={sort:{field:"name",direction:"asc"}},Et=l.a.button.withConfig({displayName:"StyledNameButton",componentId:"sc-ietqpj-2"})(["text-align:left;"]),vt=({excludedRowRendererIds:e=[],setExcludedRowRendererIds:t})=>{const a=Object(n.useCallback)((a=>()=>{const n=Object(k.xor)([a.id],e);t(n)}),[e,t]),o=Object(n.useCallback)(((e,t)=>i.a.createElement(Et,{className:"kbn-resetFocusState",onClick:a(t)},e)),[a]),s=Object(n.useCallback)(((t,n)=>i.a.createElement(r.EuiCheckbox,{id:n.id,onChange:a(n),checked:!e.includes(n.id)})),[e,a]),l=Object(n.useMemo)((()=>[{field:"id",name:"",sortable:!1,width:"32px",render:s},{field:"name",name:"Name",sortable:!0,width:"10%",render:o},{field:"description",name:"Description",width:"25%",render:e=>e},{field:"example",name:"Example",width:"65%",render:yt},{field:"searchableDescription",name:"Searchable Description",sortable:!1,width:"0px",render:bt}]),[s,o]);return i.a.createElement(mt,{items:pt,itemId:"id",columns:l,search:ft,sorting:ht,isSelectable:!0})};vt.displayName="RowRenderersBrowserComponent";const xt=i.a.memo(vt);xt.displayName="RowRenderersBrowser";const kt=ke.i18n.translate("xpack.securitySolution.customizeEventRenderers.eventRenderersTitle",{defaultMessage:"Event Renderers"}),St=ke.i18n.translate("xpack.securitySolution.customizeEventRenderers.customizeEventRenderersTitle",{defaultMessage:"Customize Event Renderers"}),wt=ke.i18n.translate("xpack.securitySolution.customizeEventRenderers.customizeEventRenderersDescription",{defaultMessage:"Event Renderers automatically convey the most relevant details in an event to reveal its story"}),jt=ke.i18n.translate("xpack.securitySolution.customizeEventRenderers.enableAllRenderersButtonLabel",{defaultMessage:"Enable all"}),Ot=ke.i18n.translate("xpack.securitySolution.customizeEventRenderers.disableAllRenderersButtonLabel",{defaultMessage:"Disable all"}),It=l()(r.EuiModal).withConfig({displayName:"StyledEuiModal",componentId:"sc-m3n5c2-0"})([""," max-width:95vw;min-height:90vh;> .euiModal__flex{max-height:90vh;}"],(({theme:e})=>`margin-top: ${e.eui.euiSizeXXL};`)),Tt=l()(r.EuiModalBody).withConfig({displayName:"StyledEuiModalBody",componentId:"sc-m3n5c2-1"})([".euiModalBody__overflow{display:flex;align-items:stretch;overflow:hidden;> div{display:flex;flex-direction:column;flex:1;> div:first-child{flex:0;}.euiBasicTable{flex:1;overflow:auto;}}}"]),Ct=({timelineId:e})=>{const t=Object(o.useDispatch)(),a=Object(n.useMemo)((()=>m.b.getTimelineByIdSelector()),[]),s=Object(g.a)((t=>{var n;return(null!==(n=a(t,e))&&void 0!==n?n:x.b).excludedRowRendererIds})),[l,c]=Object(n.useState)(!1),u=Object(n.useCallback)((a=>t(Object(v.setExcludedRowRendererIds)({id:e,excludedRowRendererIds:a}))),[t,e]),d=Object(n.useCallback)((()=>c(!l)),[l]),p=Object(n.useCallback)((()=>c(!1)),[]),y=Object(n.useCallback)((()=>{u(Object.values(E.d))}),[u]),f=Object(n.useCallback)((()=>{u([])}),[u]);return i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiToolTip,{content:St},i.a.createElement(r.EuiButtonIcon,{"aria-label":St,"data-test-subj":"show-row-renderers-gear",iconType:"gear",onClick:d},kt)),l&&i.a.createElement(It,{onClose:p,"data-test-subj":"row-renderers-modal"},i.a.createElement(r.EuiModalHeader,null,i.a.createElement(r.EuiFlexGroup,{alignItems:"center",justifyContent:"spaceBetween",direction:"row",gutterSize:"none"},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiModalHeaderTitle,null,St),i.a.createElement(r.EuiText,{size:"s"},wt)),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiFlexGroup,null,i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButtonEmpty,{size:"s","data-test-subj":"disable-all",onClick:y},Ot)),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButton,{fill:!0,size:"s","data-test-subj":"enable-all",onClick:f},jt)))))),i.a.createElement(Tt,null,i.a.createElement(xt,{excludedRowRendererIds:s,setExcludedRowRendererIds:u}))))},Mt=i.a.memo(Ct);var Ft=a(497),Dt=a(4),At=a(804);const _t=ke.i18n.translate("xpack.securitySolution.timeline.eventsSelect.actions.pinSelected",{defaultMessage:"Pin selected"}),Nt=ke.i18n.translate("xpack.securitySolution.timeline.eventsSelect.actions.selectAll",{defaultMessage:"All"}),Rt=ke.i18n.translate("xpack.securitySolution.timeline.eventsSelect.actions.selectNone",{defaultMessage:"None"}),qt=ke.i18n.translate("xpack.securitySolution.timeline.eventsSelect.actions.selectPinned",{defaultMessage:"Pinned"}),Pt=ke.i18n.translate("xpack.securitySolution.timeline.eventsSelect.actions.selectUnpinned",{defaultMessage:"Unpinned"}),Lt=ke.i18n.translate("xpack.securitySolution.timeline.eventsSelect.actions.unpinSelected",{defaultMessage:"Unpin selected"}),Bt=l.a.div.withConfig({displayName:"InputDisplay",componentId:"sc-oi2e53-0"})(["width:5px;"]);Bt.displayName="InputDisplay";const zt=l.a.div.withConfig({displayName:"PinIconContainer",componentId:"sc-oi2e53-1"})(["margin-right:5px;"]);zt.displayName="PinIconContainer";const $t=l.a.div.withConfig({displayName:"PinActionItem",componentId:"sc-oi2e53-2"})(["display:flex;flex-direction:row;"]);$t.displayName="PinActionItem";const Vt=i.a.memo((({text:e})=>i.a.createElement(r.EuiText,{size:"s",color:"subdued"},e)));Vt.displayName="DropdownDisplay";const Gt=Object(s.createGlobalStyle)([".eventsSelectItem{width:100% !important;.euiContextMenu__icon{display:none !important;}}.eventsSelectDropdown{width:","px;}"],60),Ut=l.a.div.withConfig({displayName:"CheckboxContainer",componentId:"sc-1giocnz-0"})(["position:relative;"]);Ut.displayName="CheckboxContainer";const Ht=l.a.div.withConfig({displayName:"PositionedCheckbox",componentId:"sc-1giocnz-1"})(["left:7px;position:absolute;top:-28px;"]);Ht.displayName="PositionedCheckbox";const Wt=i.a.memo((({checkState:e,timelineId:t})=>i.a.createElement("div",{"data-test-subj":"events-select"},i.a.createElement(r.EuiSuperSelect,{className:"eventsSelectDropdown","data-test-subj":"events-select-dropdown",itemClassName:"eventsSelectItem",onChange:k.noop,options:[{inputDisplay:i.a.createElement(Bt,null),disabled:!0,dropdownDisplay:i.a.createElement(Vt,{text:Nt}),value:"select-all"},{inputDisplay:i.a.createElement(Bt,null),disabled:!0,dropdownDisplay:i.a.createElement(Vt,{text:Rt}),value:"select-none"},{inputDisplay:i.a.createElement(Bt,null),disabled:!0,dropdownDisplay:i.a.createElement(Vt,{text:qt}),value:"select-pinned"},{inputDisplay:i.a.createElement(Bt,null),disabled:!0,dropdownDisplay:i.a.createElement(Vt,{text:Pt}),value:"select-unpinned"},{inputDisplay:i.a.createElement(Bt,null),disabled:!0,dropdownDisplay:i.a.createElement($t,null,i.a.createElement(zt,null,i.a.createElement(At.a,{allowUnpinning:!0,isAlert:!1,pinned:!0})),i.a.createElement(Vt,{text:_t})),value:"pin-selected"},{inputDisplay:i.a.createElement(Bt,null),disabled:!0,dropdownDisplay:i.a.createElement($t,null,i.a.createElement(zt,null,i.a.createElement(At.a,{allowUnpinning:!0,isAlert:!1,pinned:!1})),i.a.createElement(Vt,{text:Lt})),value:"unpin-selected"}]}),i.a.createElement(Ut,{"data-test-subj":"timeline-events-select-checkbox-container"},i.a.createElement(Ht,{"data-test-subj":"timeline-events-select-positioned-checkbox"},i.a.createElement(r.EuiCheckbox,{checked:"checked"===e,"data-test-subj":"events-select-checkbox",disabled:!0,id:`timeline-${t}-events-select`,indeterminate:"indeterminate"===e,onChange:k.noop}))),i.a.createElement(Gt,null))));Wt.displayName="EventsSelect";var Qt=a(564);const Yt=l.a.div.withConfig({displayName:"SortingColumnsContainer",componentId:"sc-1ls1217-0"})(["button{color:",";}.euiPopover .euiButtonEmpty{padding:0;.euiButtonEmpty__text{display:none;}}"],(({theme:e})=>e.eui.euiColorPrimary)),Kt=l.a.div.withConfig({displayName:"FieldBrowserContainer",componentId:"sc-1ls1217-1"})([".euiToolTipAnchor{.euiButtonContent{padding:",";}button{color:",";}.euiButtonContent__icon{width:16px;height:16px;}.euiButtonEmpty__text{display:none;}}"],(({theme:e})=>`0 ${e.eui.euiSizeXS}`),(({theme:e})=>e.eui.euiColorPrimary)),Zt=l.a.div.withConfig({displayName:"ActionsContainer",componentId:"sc-1ls1217-2"})(["align-items:center;display:flex;"]),Jt=({width:e,browserFields:t,columnHeaders:a,isEventViewer:s=!1,isSelectAllChecked:l,onSelectAll:E,showEventsSelect:v,showSelectAllCheckbox:x,sort:k,tabType:S,timelineId:w,fieldBrowserOptions:j})=>{const{triggersActionsUi:O}=Object(f.j)().services,{globalFullScreen:I,setGlobalFullScreen:T}=Object(y.a)(),{timelineFullScreen:C,setTimelineFullScreen:M}=Object(y.c)(),F=Object(o.useDispatch)(),D=Object(n.useMemo)((()=>m.b.getTimelineByIdSelector()),[]),{defaultColumns:A}=Object(g.a)((e=>D(e,w))),_=Object(n.useCallback)((()=>{w===c.f.active?M(!C):T(!I)}),[w,M,C,T,I]),N=Object(n.useMemo)((()=>Object(u.b)({globalFullScreen:I,isActiveTimelines:Object(d.isActiveTimeline)(w),timelineFullScreen:C})),[I,C,w]),R=Object(n.useCallback)((e=>{E({isSelected:e.currentTarget.checked})}),[E]),q=Object(n.useCallback)((e=>F(m.a.updateSort({id:w,sort:e.map((({id:e,direction:t})=>{var n,i;const r=a.find((t=>t.id===e)),o=null!==(n=null==r?void 0:r.type)&&void 0!==n?n:"",s=null!==(i=null==r?void 0:r.esTypes)&&void 0!==i?i:[];return{columnId:e,columnType:o,esTypes:s,sortDirection:t}}))}))),[a,F,w]),P=Object(n.useMemo)((()=>{var e;return{onSort:q,columns:null!==(e=null==k?void 0:k.map((({columnId:e,sortDirection:t})=>({id:e,direction:t}))))&&void 0!==e?e:[]}}),[q,k]),L=Object(n.useMemo)((()=>{var e;return null!==(e=null==a?void 0:a.reduce(((e,t)=>{var a;return{...e,[t.id]:null!==(a=t.displayAsText)&&void 0!==a?a:t.id}}),{}))&&void 0!==e?e:{}}),[a]),B=Object(n.useMemo)((()=>{var e;return null!==(e=null==a?void 0:a.map((({aggregatable:e,displayAsText:t,id:a,type:n})=>({id:a,isSortable:e,displayAsText:t,schema:n}))))&&void 0!==e?e:[]}),[a]),z=Object(n.useCallback)((()=>{F(m.a.updateColumns({id:w,columns:A}))}),[A,F,w]),$=Object(n.useCallback)((e=>{a.some((({id:t})=>t===e))?F(m.a.removeColumn({columnId:e,id:w})):F(m.a.upsertColumn({column:Object(p.a)(e,A),id:w,index:1}))}),[a,F,w,A]),V=Object(r.useDataGridColumnSorting)(B,P,{},[],L);return i.a.createElement(Zt,null,x&&i.a.createElement(h.o,{role:"checkbox"},i.a.createElement(h.p,{textAlign:"center",width:b.b},i.a.createElement(r.EuiCheckbox,{"data-test-subj":"select-all-events",id:"select-all-events",checked:l,onChange:R}))),i.a.createElement(h.o,{role:"button"},i.a.createElement(Kt,null,O.getFieldBrowser({browserFields:t,columnIds:a.map((({id:e})=>e)),onResetColumns:z,onToggleColumn:$,options:j}))),i.a.createElement(h.o,{role:"button"},i.a.createElement(Mt,{"data-test-subj":"row-renderers-browser",timelineId:w})),i.a.createElement(h.o,{role:"button"},i.a.createElement(h.p,{textAlign:"center",width:b.b},i.a.createElement(r.EuiToolTip,{content:N?Ft.a:Qt.e},i.a.createElement(r.EuiButtonIcon,{"aria-label":Object(u.b)({globalFullScreen:I,isActiveTimelines:Object(d.isActiveTimeline)(w),timelineFullScreen:C})?Ft.a:Qt.e,className:N?Dt.yb:"",color:N?"ghost":"primary","data-test-subj":Object(d.isActiveTimeline)(w)?"full-screen-active":"full-screen",iconType:"fullScreen",onClick:_})))),S!==c.g.eql&&i.a.createElement(h.o,{role:"button","data-test-subj":"timeline-sorting-fields"},i.a.createElement(h.p,{textAlign:"center",width:b.b},i.a.createElement(r.EuiToolTip,{content:Qt.l},i.a.createElement(Yt,null,V)))),v&&i.a.createElement(h.o,{role:"button"},i.a.createElement(h.p,{textAlign:"center",width:b.b},i.a.createElement(Wt,{checkState:"unchecked",timelineId:w}))))};Jt.displayName="HeaderActionsComponent";const Xt=i.a.memo(Jt)},function(e,t,a){"use strict";a.d(t,"a",(function(){return Ie})),a.d(t,"b",(function(){return Me})),a.d(t,"c",(function(){return Re})),a.d(t,"e",(function(){return ve})),a.d(t,"d",(function(){return Ne})),a.d(t,"f",(function(){return qe.a}));var n=a(104),i=a.n(n),r=a(2),o=a.n(r),s=a(40),l=a(41),c=a.n(l),u=a(5);const d=u.i18n.translate("xpack.securitySolution.artifactCard.lastUpdated",{defaultMessage:"Last updated"}),p=u.i18n.translate("xpack.securitySolution.artifactCard.created",{defaultMessage:"Created"}),m=u.i18n.translate("xpack.securitySolution.artifactCard.lastUpdatedBy",{defaultMessage:"Updated by"}),g=u.i18n.translate("xpack.securitySolution.artifactCard.createdBy",{defaultMessage:"Created by"}),y=u.i18n.translate("xpack.securitySolution.artifactCard.globalEffectScope",{defaultMessage:"Applied globally"}),f=(e=0)=>u.i18n.translate("xpack.securitySolution.artifactCard.policyEffectScope",{defaultMessage:"Applied to {count} {count, plural, one {policy} other {policies}}",values:{count:e}}),b=(e=0)=>u.i18n.translate("xpack.securitySolution.artifactCard.policyEffectScope.title",{defaultMessage:"Applied to the following {count, plural, one {policy} other {policies}}",values:{count:e}}),h=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.matchOperator",{defaultMessage:"IS"}),E=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.matchOperator.not",{defaultMessage:"IS NOT"}),v=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.wildcardMatchesOperator",{defaultMessage:"MATCHES"}),x=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.nestedOperator",{defaultMessage:"has"}),k=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.matchAnyOperator",{defaultMessage:"is one of"}),S=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.matchAnyOperator.not",{defaultMessage:"is not one of"}),w=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.existsOperator",{defaultMessage:"exists"}),j=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.listOperator",{defaultMessage:"included in"}),O=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.os",{defaultMessage:"OS"}),I=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.and",{defaultMessage:"AND"}),T=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.windows",{defaultMessage:"Windows"}),C=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.linux",{defaultMessage:"Linux"}),M=u.i18n.translate("xpack.securitySolution.artifactCard.conditions.macos",{defaultMessage:"Mac"}),F=u.i18n.translate("xpack.securitySolution.artifactExpandableCard.expand",{defaultMessage:"Expand"}),D=u.i18n.translate("xpack.securitySolution.artifactExpandableCard.collpase",{defaultMessage:"Collapse"}),A=u.i18n.translate("xpack.securitySolution.artifactMinifiedCard.descriptionLabel",{defaultMessage:"Description"});var _=a(132),N=a(53),R=a.n(N),q=a(117);const P=Object(r.memo)((({bold:e,truncate:t,size:a="s",withTooltip:n=!1,"data-test-subj":i,children:l})=>{const c=Object(r.useMemo)((()=>R()({"eui-textTruncate":t,"eui-textBreakWord":!0})),[t]),u=Object(r.useMemo)((()=>e?o.a.createElement("strong",null,l):l),[e,l]);return o.a.createElement(s.EuiText,{className:c,size:a,"data-test-subj":i},n&&"string"==typeof l&&l.length>0&&l!==Object(q.e)()?o.a.createElement(s.EuiToolTip,{anchorClassName:c,content:l,position:"top"},o.a.createElement(o.a.Fragment,null,u)):u)}));P.displayName="TextValueDisplay";var L=a(107);const B=c()(s.EuiFlexItem).withConfig({displayName:"StyledEuiFlexItem",componentId:"sc-1dvdnzg-0"})(["padding-top:2px;"]),z=Object(r.memo)((({date:e,type:t,"data-test-subj":a})=>{const n=Object(L.a)(a);return o.a.createElement(s.EuiFlexGroup,{responsive:!1,alignItems:"flexStart",gutterSize:"m","data-test-subj":a},o.a.createElement(B,{grow:!1},o.a.createElement(s.EuiIcon,{type:"calendar"})),o.a.createElement(s.EuiFlexItem,{grow:!0},o.a.createElement(s.EuiFlexGroup,{responsive:!1,direction:"column",alignItems:"flexStart",gutterSize:"xs"},o.a.createElement(s.EuiFlexItem,{className:"eui-textTruncate","data-test-subj":n("label")},o.a.createElement(P,null,"update"===t?d:p)),o.a.createElement(s.EuiFlexItem,{className:"eui-textTruncate","data-test-subj":n("value")},o.a.createElement(P,{bold:!0},o.a.createElement(_.b,{value:e,dateFormat:"M/D/YYYY"}))))))}));z.displayName="DateField";var $=a(47),V=a(502);const G=Object(r.memo)((({items:e,button:t,panelPaddingSize:a,anchorPosition:n,maxWidth:l="32ch",maxHeight:c="255px",fixedWidth:u=!1,title:d,loading:p=!1,hoverInfo:m,isNavigationDisabled:g=!1,...y})=>{const f=Object(L.a)(y["data-test-subj"]),[b,h]=Object(r.useState)(!1),E=Object(r.useCallback)((()=>h(!1)),[h]),v=Object(r.useCallback)((()=>h(!b)),[b]),x=Object(r.useMemo)((()=>({"data-test-subj":f("popoverPanel")})),[f]),k=Object(r.useMemo)((()=>e.map(((e,t)=>{var a,n;return p?o.a.createElement(s.EuiSkeletonText,{lines:1,key:Object($.v4)(),"data-test-subj":null!==(n=e["data-test-subj"])&&void 0!==n?n:f(`item-loading-${t}`)}):o.a.createElement(V.a,i()({},e,{isNavigationDisabled:g,key:Object($.v4)(),"data-test-subj":null!==(a=e["data-test-subj"])&&void 0!==a?a:f(`item-${t}`),textTruncate:Boolean(l)||e.textTruncate,hoverInfo:m,onClick:t=>{if(E(),e.onClick)return e.onClick(t)}}))}))),[e,p,g,f,l,m,E]),S=Object(r.useMemo)((()=>{const e={className:"eui-yScroll",style:{}};return l&&!u&&(e.style.maxWidth=l),c&&(e.style.maxHeight=c),u&&(e.style.width=null!=l?l:"32ch"),e}),[l,u,c]);return o.a.createElement(s.EuiPopover,i()({},y,{anchorPosition:n,panelPaddingSize:a,panelProps:x,button:o.a.createElement("div",{className:"eui-displayInlineBlock","data-test-subj":f("triggerButtonWrapper"),onClick:v},t),isOpen:b,closePopover:E}),d?o.a.createElement(s.EuiPopoverTitle,{paddingSize:"m"},d):null,o.a.createElement(s.EuiContextMenuPanel,i()({},S,{items:k})))}));G.displayName="ContextMenuWithRouterSupport";const U=Object(r.memo)((({items:e,"data-test-subj":t,icon:a="boxesHorizontal"})=>{const n=Object(L.a)(t),[l,c]=Object(r.useState)(!1),d=Object(r.useCallback)((()=>c(!1)),[c]),p=Object(r.useCallback)((()=>c(!l)),[l]),m=Object(r.useMemo)((()=>({"data-test-subj":n("popoverPanel")})),[n]),g=Object(r.useMemo)((()=>e.map((e=>o.a.createElement(V.a,i()({},e,{key:Object($.v4)(),onClick:t=>{if(d(),e.onClick)return e.onClick(t)}}))))),[d,e]);return o.a.createElement(s.EuiPopover,{anchorPosition:"downRight",panelPaddingSize:"none",panelProps:m,"data-test-subj":t,button:o.a.createElement(s.EuiButtonIcon,{"data-test-subj":n("button"),iconType:a,onClick:p,"aria-label":u.i18n.translate("xpack.securitySolution.actionsContextMenu.label",{defaultMessage:"Open"})}),isOpen:l,closePopover:d},o.a.createElement(s.EuiContextMenuPanel,{items:g,"data-test-subj":n("contextMenuPanel")}))}));U.displayName="ActionsContextMenu";const H=Object(r.memo)((({actions:e,"data-test-subj":t})=>e&&e.length>0?o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(U,{items:e,icon:"boxesHorizontal","data-test-subj":t})):null));H.displayName="CardActionsFlexItem";const W=c()(s.EuiFlexItem).withConfig({displayName:"StyledEuiFlexItemSmallBottomMargin",componentId:"sc-1orjmip-0"})(["margin-bottom:4px !important;"]),Q=Object(r.memo)((({name:e,createdDate:t,updatedDate:a,actions:n,"data-test-subj":i})=>{const r=Object(L.a)(i);return o.a.createElement(s.EuiFlexGroup,{responsive:!1,alignItems:"flexStart","data-test-subj":i},o.a.createElement(W,{grow:!0},o.a.createElement(s.EuiFlexGroup,{alignItems:"flexStart"},o.a.createElement(s.EuiFlexItem,{grow:!0},o.a.createElement(s.EuiTitle,{size:"s"},o.a.createElement("h3",{"data-test-subj":r("title")},e))),o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(s.EuiFlexGroup,{responsive:!1,gutterSize:"xl"},o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(z,{date:a,type:"update","data-test-subj":r("updated")})),o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(z,{date:t,type:"create","data-test-subj":r("created")})))))),o.a.createElement(H,{actions:n,"data-test-subj":r("actions")}))}));Q.displayName="CardHeader";const Y=c()(s.EuiFlexItem).withConfig({displayName:"StyledEuiFlexItem",componentId:"sc-1oz5dfu-0"})(["margin:6px;"]),K=Object(r.memo)((({createdBy:e,updatedBy:t,"data-test-subj":a})=>{const n=Object(L.a)(a);return o.a.createElement(s.EuiFlexGroup,{alignItems:"center",gutterSize:"l",responsive:!1,"data-test-subj":a},o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(Z,{label:g,value:e,"data-test-subj":n("createdBy")})),o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(Z,{label:m,value:t,"data-test-subj":n("updatedBy")})))}));K.displayName="TouchedByUsers";const Z=Object(r.memo)((({label:e,value:t,"data-test-subj":a})=>{const n=Object(L.a)(a);return o.a.createElement(s.EuiFlexGroup,{alignItems:"center",gutterSize:"m",wrap:!1,responsive:!1,"data-test-subj":a},o.a.createElement(Y,{grow:!1},o.a.createElement(s.EuiBadge,{"data-test-subj":n("label")},e)),o.a.createElement(Y,{grow:!1},o.a.createElement(s.EuiFlexGroup,{responsive:!1,gutterSize:"s",alignItems:"center",wrap:!1},o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(s.EuiAvatar,{name:t,size:"s","data-test-subj":n("avatar")})),o.a.createElement(s.EuiFlexItem,{grow:!1,className:"eui-textTruncate","data-test-subj":n("value")},o.a.createElement(P,null,t)))))}));Z.displayName="UserName";var J=a(44),X=a(126);const ee=c()("div").withConfig({displayName:"StyledWithContextMenuShiftedWrapper",componentId:"sc-d4sgp-0"})(["margin-left:-10px;"]),te=c()(s.EuiButtonEmpty).withConfig({displayName:"StyledEuiButtonEmpty",componentId:"sc-d4sgp-1"})(["height:10px !important;"]),ae=Object(r.memo)((({policies:e,loadingPoliciesList:t=!1,"data-test-subj":a})=>{const n=Object(L.a)(a),{canReadPolicyManagement:i}=Object(X.a)().endpointPrivileges,[l,c]=Object(r.useMemo)((()=>e?["partial",f(e.length)]:["globe",y]),[e]),u=o.a.createElement(s.EuiFlexGroup,{responsive:!1,wrap:!1,alignItems:"center",gutterSize:"s","data-test-subj":a},o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(s.EuiIcon,{type:l,size:"s"})),o.a.createElement(s.EuiFlexItem,{grow:!1,"data-test-subj":n("value")},o.a.createElement(P,{size:"xs"},c)));return e&&e.length?o.a.createElement(ee,null,o.a.createElement(ne,{policies:e,loadingPoliciesList:t,canReadPolicies:i,"data-test-subj":n("popupMenu")},u)):u}));ae.displayName="EffectScope";const ne=Object(r.memo)((({policies:e,loadingPoliciesList:t=!1,canReadPolicies:a,children:n,"data-test-subj":i})=>{const l=Object(L.a)(i),c=Object(r.useMemo)((()=>a?o.a.createElement(te,{flush:"right",size:"s",iconSide:"right",iconType:"popout"},o.a.createElement(J.FormattedMessage,{id:"xpack.securitySolution.contextMenuItemByRouter.viewDetails",defaultMessage:"View details"})):void 0),[a]);return o.a.createElement(G,{maxHeight:"235px",fixedWidth:!0,panelPaddingSize:"none",items:e,anchorPosition:e.length>1?"rightCenter":"rightUp","data-test-subj":i,loading:t,hoverInfo:c,button:o.a.createElement(s.EuiButtonEmpty,{size:"xs","data-test-subj":l("button")},n),title:b(e.length),isNavigationDisabled:!a})}));ne.displayName="WithContextMenu";const ie=Object(r.memo)((({createdBy:e,updatedBy:t,policies:a,loadingPoliciesList:n=!1,"data-test-subj":i})=>{const r=Object(L.a)(i);return o.a.createElement(s.EuiFlexGroup,{alignItems:"center",responsive:!0,"data-test-subj":i},o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(K,{createdBy:e,updatedBy:t,"data-test-subj":r("touchedBy")})),o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(ae,{policies:a,loadingPoliciesList:n,"data-test-subj":r("effectScope")})))}));ie.displayName="CardSubHeader";var re=a(120);const oe=Object.freeze({linux:C,mac:M,macos:M,windows:T}),se=Object.freeze({[re.d.NESTED]:x,[re.d.MATCH_ANY]:k,[re.d.MATCH]:h,[re.d.WILDCARD]:v,[re.d.EXISTS]:w,[re.d.LIST]:j}),le=Object.freeze({[re.d.MATCH_ANY]:S,[re.d.MATCH]:E}),ce=c()(s.EuiFlexGroup).withConfig({displayName:"EuiFlexGroupNested",componentId:"sc-1oxtqy5-0"})(["margin-left:",";"],(({theme:e})=>e.eui.euiSizeXL)),ue=c()(s.EuiFlexItem).withConfig({displayName:"EuiFlexItemNested",componentId:"sc-1oxtqy5-1"})(["margin-bottom:6px !important;margin-top:6px !important;"]),de=c()("span").withConfig({displayName:"StyledCondition",componentId:"sc-1oxtqy5-2"})(["margin-right:6px;"]),pe=Object(r.memo)((({os:e,entries:t,"data-test-subj":a})=>{const n=Object(L.a)(a),i=Object(r.useMemo)((()=>e.map((e=>{var t;return null!==(t=oe[e])&&void 0!==t?t:e})).join(", ")),[e]),l=(e,t)=>"match_any"===e&&Array.isArray(t)?t.map((e=>o.a.createElement(s.EuiBadge,{color:"hollow"},e))):t,c=(e,t)=>{var a,n;return"nested"===e?"":"included"===t?null!==(a=se[e])&&void 0!==a?a:e:null!==(n=le[e])&&void 0!==n?n:e},u=Object(r.useCallback)(((e,t)=>{if("nested"===e&&t.length)return t.map((({field:e,type:t,value:a,operator:i})=>o.a.createElement(ce,{"data-test-subj":n("nestedCondition"),key:e+t+a,direction:"row",alignItems:"center",gutterSize:"m",responsive:!1},o.a.createElement(ue,{grow:!1},o.a.createElement(s.EuiToken,{iconType:"tokenNested",size:"s"})),o.a.createElement(ue,{grow:!1},o.a.createElement(s.EuiExpression,{description:"",value:e,color:"subdued"})),o.a.createElement(ue,{grow:!1},o.a.createElement(s.EuiExpression,{description:c(t,i),value:l(t,a)})))))}),[n]);return o.a.createElement("div",{"data-test-subj":a},o.a.createElement("div",{"data-test-subj":n("os")},o.a.createElement("strong",null,o.a.createElement(s.EuiExpression,{description:"",value:O}),o.a.createElement(s.EuiExpression,{description:h,value:i}))),t.map((({field:e,type:t,value:a,operator:i,entries:r=[]})=>o.a.createElement("div",{"data-test-subj":n("condition"),key:e+t+a},o.a.createElement("div",{className:"eui-xScroll"},o.a.createElement(s.EuiExpression,{description:o.a.createElement(de,null,I),value:e,color:"subdued"}),o.a.createElement(s.EuiExpression,{description:c(t,i),value:l(t,a)})),u(t,r)))))}));pe.displayName="CriteriaConditions";const me=e=>"effectScope"in e;var ge=a(226);const ye=e=>(e=>{const t=e.filter((e=>e.startsWith(ge.b)));return t.some((e=>e===`${ge.b}all`))?{type:"global"}:{type:"policy",policies:t.map((e=>e.substr(ge.b.length)))}})(e.tags),fe=e=>Object(r.useMemo)((()=>(e=>{var t;const a=e,{name:n,created_by:i,created_at:r,updated_at:o,updated_by:s,description:l="",entries:c}=a;return{name:n,created_by:i,created_at:r,updated_at:o,updated_by:s,description:l,comments:me(a)?[]:a.comments,entries:c,os:me(a)?[a.os]:null!==(t=a.os_types)&&void 0!==t?t:[],effectScope:me(a)?a.effectScope:ye(a)}})(e)),[e]),be=c()(s.EuiPanel).withConfig({displayName:"EuiPanelStyled",componentId:"sc-1qnczpg-0"})(["&.artifactEntryCard + &.artifactEntryCard{margin-top:",";}"],(({theme:e})=>e.eui.euiSizeL)),he=Object(r.memo)((({className:e,...t})=>o.a.createElement(be,i()({},t,{hasBorder:!0,paddingSize:"none",className:`artifactEntryCard ${null!=e?e:""}`}))));he.displayName="CardContainerPanel";const Ee=c()(s.EuiPanel).withConfig({displayName:"StyledEuiPanel",componentId:"sc-1aw8s5s-0"})(["padding:32px;&.top-section{padding-bottom:24px;}&.bottom-section{padding-top:24px;}&.artifact-entry-collapsible-card{padding:24px !important;}"]),ve=Object(r.memo)((e=>o.a.createElement(Ee,i()({},e,{hasBorder:!1,hasShadow:!1,paddingSize:"l"}))));ve.displayName="CardSectionPanel";var xe=a(42),ke=a(458);const Se=c()(s.EuiAvatar).withConfig({displayName:"CustomEuiAvatar",componentId:"sc-3lb0zi-0"})(["background-color:"," !important;"],(({theme:e})=>e.eui.euiColorLightShade)),we=Object(r.memo)((({comments:e,"data-test-subj":t})=>{const a=Object(L.a)(t),[n,i]=Object(r.useState)(!1),l=Object(r.useCallback)((()=>{i(!n)}),[i,n]),c=Object(r.useMemo)((()=>(e=>e.map((e=>({username:e.created_by,timestamp:o.a.createElement(_.b,{value:e.created_at,dateFormat:"MMM D, YYYY"}),event:ke.b,timelineAvatar:o.a.createElement(Se,{size:"s",name:e.created_by}),children:o.a.createElement(s.EuiText,{size:"s"},e.comment)}))))(e)),[e]),d=Object(r.useMemo)((()=>n?((e=0)=>u.i18n.translate("xpack.securitySolution.artifactCard.comments.label.hide",{defaultMessage:"Hide comments ({count})",values:{count:e}}))(e.length):((e=0)=>u.i18n.translate("xpack.securitySolution.artifactCard.comments.label.show",{defaultMessage:"Show comments ({count})",values:{count:e}}))(e.length)),[e.length,n]);return Object(xe.isEmpty)(e)?null:o.a.createElement("div",{"data-test-subj":t},o.a.createElement(s.EuiSpacer,{size:"s"}),o.a.createElement(s.EuiButtonEmpty,{onClick:l,flush:"left",size:"xs","data-test-subj":a("label")},d),o.a.createElement(s.EuiAccordion,{id:"1",arrowDisplay:"none",forceState:n?"open":"closed"},o.a.createElement(s.EuiSpacer,{size:"m"}),o.a.createElement(s.EuiCommentList,{comments:c,"data-test-subj":a("list")})))}));we.displayName="CardComments";const je=(e,t)=>Object(r.useMemo)((()=>"policy"===e.effectScope.type?null==e?void 0:e.effectScope.policies.map((e=>t&&t[e]?t[e]:{children:e})):void 0),[e.effectScope,t]),Oe=Object(r.memo)((({truncate:e,children:t,"data-test-subj":a,withTooltip:n})=>o.a.createElement(P,{size:"m",truncate:e,"data-test-subj":a,withTooltip:n},t||Object(q.e)())));Oe.displayName="ArtifactDescription";const Ie=Object(r.memo)((({item:e,policies:t,loadingPoliciesList:a=!1,actions:n,hideDescription:r=!1,hideComments:l=!1,"data-test-subj":c,...u})=>{const d=fe(e),p=Object(L.a)(c),m=je(d,t);return o.a.createElement(he,i()({},u,{"data-test-subj":c}),o.a.createElement(ve,{className:"top-section"},o.a.createElement(Q,{name:d.name,createdDate:d.created_at,updatedDate:d.updated_at,actions:n,"data-test-subj":p("header")}),o.a.createElement(ie,{createdBy:d.created_by,updatedBy:d.updated_by,policies:m,loadingPoliciesList:a,"data-test-subj":p("subHeader")}),!r&&o.a.createElement(o.a.Fragment,null,o.a.createElement(s.EuiSpacer,{size:"l"}),o.a.createElement(Oe,{"data-test-subj":p("description")},d.description)),l?null:o.a.createElement(o.a.Fragment,null,r&&o.a.createElement(s.EuiSpacer,{size:"l"}),o.a.createElement(we,{comments:d.comments,"data-test-subj":p("comments")}))),o.a.createElement(s.EuiHorizontalRule,{margin:"none"}),o.a.createElement(ve,{className:"bottom-section"},o.a.createElement(pe,{os:d.os,entries:d.entries,"data-test-subj":p("criteriaConditions")})))}));Ie.displayName="ArtifactEntryCard";const Te=c()(s.EuiSplitPanel.Outer).withConfig({displayName:"CardContainerPanel",componentId:"sc-lh5b0s-0"})(["&.artifactEntryCardMinified + &.artifactEntryCardMinified{margin-top:",";}"],(({theme:e})=>e.eui.euiSizeL)),Ce=c()(s.EuiSplitPanel.Inner).withConfig({displayName:"CustomSplitInnerPanel",componentId:"sc-lh5b0s-1"})(["background-color:"," !important;"],(({theme:e})=>e.eui.euiColorLightestShade)),Me=Object(r.memo)((({item:e,isSelected:t=!1,onToggleSelectedArtifact:a,"data-test-subj":n,...l})=>{var c;const u=fe(e),d=Object(L.a)(n),[p,m]=Object(r.useState)("closed"),g=Object(r.useCallback)((()=>{m((e=>"closed"===e?"open":"closed"))}),[]),y=Object(r.useCallback)((()=>"open"===p?"Hide details":"Show details"),[p]),f=Object(r.useMemo)((()=>o.a.createElement(Ce,null,o.a.createElement(s.EuiFlexGroup,{alignItems:"center",gutterSize:"s"},o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(s.EuiCheckbox,{id:u.name,"data-test-subj":`${u.name}_checkbox`,checked:t,onChange:()=>a(!t)})),o.a.createElement(s.EuiFlexItem,null,o.a.createElement(s.EuiTitle,{size:"xxs"},o.a.createElement("h5",{"data-test-subj":d("title")},u.name)))))),[u.name,d,t,a]);return o.a.createElement(Te,i()({},l,{"data-test-subj":n,className:`${null!==(c=l.className)&&void 0!==c?c:""}  artifactEntryCardMinified`,id:u.name,hasShadow:!1,hasBorder:!0}),f,o.a.createElement(s.EuiSplitPanel.Inner,{paddingSize:"s"},o.a.createElement(s.EuiPanel,{hasBorder:!1,hasShadow:!1,paddingSize:"s"},o.a.createElement(s.EuiTitle,{size:"xxs"},o.a.createElement("h5",{"data-test-subj":d("descriptionTitle")},A)),o.a.createElement(Oe,{"data-test-subj":d("description")},u.description)),o.a.createElement(s.EuiPanel,{hasBorder:!1,hasShadow:!1,paddingSize:"s"},o.a.createElement(s.EuiButtonEmpty,{"data-test-subj":d("collapse"),color:"primary",size:"s",flush:"left",iconType:"open"===p?"arrowUp":"arrowDown",iconSide:"right",iconSize:"m",onClick:g,style:{fontWeight:400}},y()),o.a.createElement(s.EuiAccordion,{id:"showDetails",arrowDisplay:"none",forceState:p},o.a.createElement(pe,{os:u.os,entries:u.entries,"data-test-subj":d("criteriaConditions")})))))}));Me.displayName="ArtifactEntryCardMinified";const Fe=Object(r.memo)((({expanded:e,onClick:t,"data-test-subj":a})=>o.a.createElement(s.EuiButtonIcon,{iconType:e?"arrowUp":"arrowDown",onClick:t,"data-test-subj":a,"aria-label":e?D:F})));Fe.displayName="CardExpandButton";const De=Object(r.memo)((({artifact:e,onExpandCollapse:t,policies:a,actions:n,expanded:i=!1,"data-test-subj":s})=>{const l=Object(L.a)(s),c=je(e,a),u=Object(r.useCallback)((()=>{t()}),[t]);return o.a.createElement(Ne,{"data-test-subj":s,expanded:i,expandToggle:o.a.createElement(Fe,{expanded:i,onClick:u,"data-test-subj":l("expandCollapse")}),name:o.a.createElement(P,{bold:!0,truncate:!i,withTooltip:!i},e.name),description:o.a.createElement(Oe,{truncate:!i,withTooltip:!i},e.description),effectScope:o.a.createElement(ae,{policies:c,"data-test-subj":l("effectScope")}),actionMenu:o.a.createElement(H,{actions:n,"data-test-subj":l("actions")})})}));De.displayName="CardCompressedHeader";const Ae=c.a.div.withConfig({displayName:"ButtonIconPlaceHolder",componentId:"sc-j6qhqr-0"})(["display:inline-block;width:",";height:",";"],(({theme:e})=>e.eui.euiSizeL),(({theme:e})=>e.eui.euiSizeL)),_e=c()(s.EuiFlexGroup).withConfig({displayName:"StyledEuiFlexGroup",componentId:"sc-j6qhqr-1"})(["&.flushTop,.flushTop{padding-top:0;margin-top:0;}"]),Ne=Object(r.memo)((({expanded:e,name:t,expandToggle:a,effectScope:n,actionMenu:i,description:l,"data-test-subj":c,flushTop:u})=>{const d=Object(L.a)(c),p=(e=>Object(r.useMemo)((()=>R()({"eui-textTruncate":!e})),[e]))(e),m=u?" flushTop":"";return o.a.createElement(_e,{responsive:!1,alignItems:"center","data-test-subj":c,className:m},o.a.createElement(s.EuiFlexItem,{grow:!1,className:m,"data-test-subj":d("expandCollapseHolder")},a),o.a.createElement(s.EuiFlexItem,{className:p+m},o.a.createElement(s.EuiFlexGroup,{alignItems:"center",className:m},o.a.createElement(s.EuiFlexItem,{grow:2,className:p+m,"data-test-subj":d("titleHolder")},t),o.a.createElement(s.EuiFlexItem,{grow:3,className:p+m,"data-test-subj":d("descriptionHolder")},l),o.a.createElement(s.EuiFlexItem,{grow:1,"data-test-subj":d("effectScopeHolder"),className:m},n))),!0===i?o.a.createElement(s.EuiFlexItem,{grow:!1,"data-test-subj":d("cardActionsPlaceholder"),className:m},o.a.createElement(Ae,null)):i)}));Ne.displayName="CardCompressedHeaderLayout";const Re=Object(r.memo)((({item:e,onExpandCollapse:t,policies:a,actions:n,expanded:r=!1,"data-test-subj":l,...c})=>{const u=fe(e),d=Object(L.a)(l);return o.a.createElement(he,i()({},c,{"data-test-subj":l}),o.a.createElement(ve,{className:"artifact-entry-collapsible-card"},o.a.createElement(De,{artifact:u,actions:n,policies:a,expanded:r,onExpandCollapse:t,"data-test-subj":d("header")})),r&&o.a.createElement(o.a.Fragment,null,o.a.createElement(s.EuiHorizontalRule,{margin:"xs"}),o.a.createElement(ve,null,o.a.createElement(pe,{os:u.os,entries:u.entries,"data-test-subj":d("criteriaConditions")}))))}));Re.displayName="ArtifactEntryCollapsibleCard";var qe=a(731)},,function(e,t,a){"use strict";a.d(t,"b",(function(){return w})),a.d(t,"a",(function(){return j})),a.d(t,"c",(function(){return O}));var n=a(42),i=a(129);let r,o;var s,l;!function(e){e.MALICIOUS_FILE="malicious_file",e.RANSOMWARE="ransomware",e.MEMORY_SIGNATURE="memory_signature",e.SHELLCODE_THREAD="shellcode_thread",e.BEHAVIOR="behavior"}(r||(r={})),function(e){e.PROCESS="process",e.FILE="file",e.NETWORK="network",e.REGISTRY="registry",e.MALWARE="malware"}(o||(o={})),s="host",l={"os.platform":"os.platform","os.name":"os.name","os.full":"os.full","os.family":"os.family","os.version":"os.version","os.kernel":"os.kernel"},Object.entries(l).reduce(((e,[t,a])=>(e[`${s}.${t}`]=`${s}.${a}`,e)),{});var c=a(155),u=a(135),d=a(563),p=a(188),m=a(217),g=a(319);const y=`${d.h}.terms.field`,f=`${d.h}.terms.value`,b=`${d.h}.cardinality.field`,h=`${d.h}.cardinality.value`,E=`${d.h}.count`,v=[{id:"host.name"},{id:"agent.id",overrideField:p.a,label:c.b},{id:"user.name"},{id:"rule.name"},{id:"cloud.provider"},{id:"cloud.region"},{id:"cloud.provider"},{id:"cloud.region"},{id:"orchestrator.cluster.id"},{id:"orchestrator.cluster.name"},{id:"container.image.name"},{id:"container.image.tag"},{id:"orchestrator.namespace"},{id:"orchestrator.resource.parent.type"},{id:"orchestrator.resource.type"},{id:"process.executable"},{id:"file.path"},{id:i.O,label:c.z}];function x({primaryEventCategory:e,allEventCategories:t}){switch(e){case o.PROCESS:return[{id:"process.name"},{id:"process.parent.name"},{id:"process.args"}];case o.FILE:return[{id:"file.name"},{id:"file.hash.sha256"},{id:"file.directory"},{id:"process.name"}];case o.NETWORK:return[{id:"destination.address"},{id:"destination.port"},{id:"source.address"},{id:"source.port"},{id:"dns.question.name"},{id:"process.name"}];case o.REGISTRY:return[{id:"registry.key"},{id:"registry.value"},{id:"process.name"}];case o.MALWARE:return x({primaryEventCategory:o.FILE,allEventCategories:t});default:let e=[];return null!=t&&t.includes(o.FILE)&&(e=e.concat(x({primaryEventCategory:o.FILE}))),null!=t&&t.includes(o.PROCESS)&&(e=e.concat(x({primaryEventCategory:o.PROCESS}))),e}}function k(e,t){switch(e){case r.BEHAVIOR:return[{id:"rule.description",label:u.q},...x({...t,primaryEventCategory:void 0})];case r.SHELLCODE_THREAD:return[{id:"Target.process.executable"},{id:"Memory_protection.unique_key_v1"}];case r.RANSOMWARE:return[{id:"Ransomware.feature"},{id:"process.hash.sha256"},...x({...t,primaryEventCategory:void 0})];case r.MEMORY_SIGNATURE:return x({...t,primaryEventCategory:void 0});case r.MALICIOUS_FILE:return[{id:"file.Ext.quarantine_path",overrideField:p.j,label:c.x}];default:return[]}}function S(e){switch(e){case"threshold":return[{id:E,label:u.u},{id:y,overrideField:f,label:u.v},{id:b,label:u.t}];case"machine_learning":return[{id:`${i.G}.machine_learning_job_id`,legacyId:"signal.rule.machine_learning_job_id"},{id:`${i.G}.anomaly_threshold`,legacyId:"signal.rule.anomaly_threshold"}];case"threat_match":return[{id:`${i.G}.threat_index`,legacyId:"signal.rule.threat_index"},{id:`${i.G}.threat_query`,legacyId:"signal.rule.threat_query"}];case"new_terms":return[{id:d.c,label:u.m},{id:d.b,label:u.l}];default:return[]}}function w({eventCategories:e,eventCode:t,eventRuleType:a,highlightedFieldsOverride:i}){const r=[...(o=i,o.map((e=>({id:e})))),...v,...x(e),...k(t,e),...S(a)];var o;return Object(n.uniqBy)("id",r)}function j(e){const t=Object(n.find)({category:"event",field:"event.category"},e);let a,i;return Array.isArray(null==t?void 0:t.originalValue)?(a=null==t?void 0:t.originalValue[0],i=null==t?void 0:t.originalValue):(a=null==t?void 0:t.originalValue,a&&(i=[a])),{primaryEventCategory:a,allEventCategories:i}}const O=({data:e,browserFields:t,scopeId:a,eventId:r,isDraggable:o=!1,isReadOnly:s=!1,investigationFields:l})=>{var c,d;const p=j(e),E=Object(n.find)({category:"event",field:"event.code"},e),x=Array.isArray(null==E?void 0:E.originalValue)?null==E||null===(c=E.originalValue)||void 0===c?void 0:c[0]:null==E?void 0:E.originalValue,k=Object(n.find)({category:"kibana",field:i.O},e),S=w({eventCategories:p,eventCode:x,eventRuleType:Array.isArray(null==k?void 0:k.originalValue)?null==k||null===(d=k.originalValue)||void 0===d?void 0:d[0]:null==k?void 0:k.originalValue,highlightedFieldsOverride:null!=l?l:[]});return null!=e?S.reduce(((i,l)=>{var c;const d=e.find((e=>e.field===l.id||l.legacyId&&e.field===l.legacyId));if(!d||Object(n.isEmpty)(d.values))return i;d.field===l.legacyId&&(l.id=l.legacyId);const p=null!=l.linkField&&e.find((e=>e.field===l.linkField)),E={...Object(m.b)({item:d,linkValueField:p||void 0,contextId:a,scopeId:a,browserFields:t,eventId:r,field:l}),isDraggable:o,isReadOnly:s};if("agent.id"===l.id&&!Object(g.b)({data:e}))return i;if(l.id===y){const t=function({values:e},t,a){const n=t.find((e=>e.field===f)),i=n&&n.values;if(Array.isArray(e)&&e.length>0&&Array.isArray(i)&&e.length===i.length)return e.map(((e,t)=>({title:e,description:{...a,values:[i[t]]}}))).filter((e=>!v.map((e=>e.id)).includes(e.title)))}(d,e,E);return t?[...i,...t]:i}if(l.id===b){const t=function({values:e},t,a){const n=t.find((e=>e.field===h)),i=n&&n.values;if(Array.isArray(e)&&1===e.length&&Array.isArray(i)&&e.length===i.length)return{title:u.t,description:{...a,values:[`count(${e[0]}) >= ${i[0]}`]}}}(d,e,E);return t?[...i,t]:i}return[...i,{title:null!==(c=l.label)&&void 0!==c?c:l.id,description:E}]}),[]):[]}},,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return b}));var n=a(40),i=a(42),r=a(2),o=a.n(r),s=a(45),l=a(130),c=a.n(l),u=a(102),d=a(18),p=a(19),m=a(175);const g=({disabled:e,hrefWithSearch:t,id:a,name:i,isSelected:s,isBeta:l,betaOptions:c})=>{var m;const{getAppUrl:g,navigateTo:y}=Object(u.l)(),f=Object(r.useCallback)((e=>{e.preventDefault(),y({path:t,restoreScroll:!0}),Object(d.h)(d.a.CLICK,`${d.c.TAB_CLICKED}${a}`)}),[y,t,a]),b=g({path:t});return o.a.createElement(n.EuiTab,{"data-href":b,"data-test-subj":`navigation-${a}`,disabled:e,isSelected:s,href:b,onClick:f,append:l&&o.a.createElement(n.EuiBadge,{color:"#E0E5EE"},null!==(m=null==c?void 0:c.text)&&void 0!==m?m:p.a)},i)},y=o.a.memo(g),f=({navTabs:e})=>{const[{tabName:t}]=Object(m.a)(),a=Object(r.useCallback)((()=>Object(i.getOr)("","id",Object.values(e).find((e=>t===e.id)))),[t,e]),[l,c]=Object(r.useState)(a());Object(r.useEffect)((()=>{const e=a();e!==l&&c(e)}),[t,e,a,l]);const{search:u}=Object(s.useLocation)(),d=Object(r.useMemo)((()=>Object.values(e).map((e=>{const t=l===e.id;return o.a.createElement(y,{key:`navigation-${e.id}`,id:e.id,hrefWithSearch:e.href+u,name:e.name,disabled:e.disabled,isSelected:t,isBeta:e.isBeta,betaOptions:e.betaOptions})}))),[e,l,u]);return o.a.createElement(n.EuiTabs,null,d)};f.displayName="TabNavigationComponent";const b=o.a.memo(f,((e,t)=>c()(e.navTabs,t.navTabs)));b.displayName="TabNavigation"},,function(e,t,a){"use strict";a.d(t,"a",(function(){return l})),a.d(t,"b",(function(){return c}));var n=a(2),i=a(419),r=a(5);r.i18n.translate("xpack.securitySolution.overviewHost.errorSearchDescription",{defaultMessage:"An error has occurred on host overview search"});const o=r.i18n.translate("xpack.securitySolution.overviewHost.failSearchDescription",{defaultMessage:"Failed to run search on host overview"});var s=a(194);const l="hostsDetailsQuery",c=({endDate:e,hostName:t,indexNames:a,id:r=l,skip:c=!1,startDate:u})=>{const{loading:d,result:p,search:m,refetch:g,inspect:y}=Object(s.a)({factoryQueryType:i.d.details,initialResult:{hostDetails:{}},errorMessage:o,abort:c}),f=Object(n.useMemo)((()=>({endDate:e,hostDetails:p.hostDetails,id:r,inspect:y,isInspected:!1,refetch:g,startDate:u})),[e,p.hostDetails,r,y,g,u]),b=Object(n.useMemo)((()=>({defaultIndex:a,factoryQueryType:i.d.details,hostName:t,timerange:{interval:"12h",from:u,to:e}})),[e,t,a,u]);return Object(n.useEffect)((()=>{c||m(b)}),[b,m,c]),[d,f]}},function(e,t,a){"use strict";a.d(t,"d",(function(){return s})),a.d(t,"b",(function(){return l})),a.d(t,"c",(function(){return c})),a.d(t,"a",(function(){return u}));var n=a(2),i=a.n(n),r=a(895),o=a(854);const s=()=>i.a.createElement(r.a,{docPath:o.h,linkText:o.i}),l=()=>i.a.createElement(r.a,{docPath:o.d,linkText:o.e}),c=()=>i.a.createElement(r.a,{docPath:o.f,linkText:o.g}),u=()=>i.a.createElement(r.a,{docPath:o.b,linkText:o.c})},,,,,,,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(42);const i=e=>{const t=Object(n.get)(["agent","type",0],e),a=Object(n.get)(["process","entity_id"],e),i=Object(n.get)(["process","entity_id",0],e),r=Object(n.get)(["event","module",0],e),o=Object(n.get)(["event","dataset"],e),s=Array.isArray(o)&&o.some((e=>e.includes("windows.sysmon"))),l="endpoint"===t||"winlogbeat"===t&&"sysmon"===r||s,c=null!=a&&1===a.length&&""!==i;return l&&c}},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(46),i=a(102),r=a(498);function o({documentId:e,isActiveTimeline:t,indices:a}){const o=Object(i.i)(),{selectedPatterns:s}=Object(r.a)(t),l=[...new Set(s.concat(a))],{loading:c,id:u,schema:d}=function({documentId:e,indices:t}){const a=Object(i.i)(),r=Object(n.useQuery)(["getAlertPrevalenceSchema",e],(()=>a.get("/api/endpoint/resolver/entity",{query:{_id:e,indices:t}})));if(r.isLoading)return{loading:!0,error:!1,id:null,schema:null};if(r.data&&r.data.length>0){const{data:[{schema:e,id:t}]}=r;return{loading:!1,error:!1,id:t,schema:e}}return{loading:!1,error:!0,id:null,schema:null}}({documentId:e,indices:l}),p=Object(n.useQuery)(["getAlertPrevalenceFromProcessTree",u],(()=>o.post("/api/endpoint/resolver/tree",{body:JSON.stringify({schema:d,ancestors:200,descendants:500,indexPatterns:l,nodes:[u],includeHits:!0})})),{enabled:null!==d&&null!==u});return p.isLoading||c?{loading:!0,error:!1,alertIds:void 0,statsNodes:void 0}:p.data?{loading:!1,error:!1,alertIds:p.data.alertIds,statsNodes:p.data.statsNodes}:{loading:!1,error:!0,alertIds:void 0,statsNodes:void 0}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return m}));var n=a(104),i=a.n(n),r=a(2),o=a.n(r),s=a(44),l=a(40),c=a(41),u=a.n(c),d=a(488);const p=u()(l.EuiButtonEmpty).withConfig({displayName:"EuiButtonEmptyStyled",componentId:"sc-1h0vyjj-0"})(["margin-bottom:",";.euiIcon{width:",";height:",";}.text{font-size:",";margin-inline-start:",";}"],(({theme:e})=>e.eui.euiSizeS),(({theme:e})=>e.eui.euiSizeM),(({theme:e})=>e.eui.euiSizeM),(({theme:e})=>e.eui.euiFontSizeXS),(({theme:e})=>e.eui.euiSizeXS)),m=Object(r.memo)((({backButtonLabel:e,backButtonUrl:t,onBackButtonNavigateTo:a,...n})=>{const r=Object(d.a)(...a);return o.a.createElement(p,i()({"data-test-subj":"backToOrigin"},n,{flush:"left",size:"xs",iconType:"arrowLeft",href:t,onClick:r,textProps:{className:"text"}}),e||o.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.list.backButton",defaultMessage:"Back"}))}));m.displayName="BackToExternalAppButton"},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(184);const i=(e,t)=>e===n.UsersType.details&&null!=t?[{fieldName:"user.name",fieldValue:t}]:[]},function(e,t,a){"use strict";let n;a.d(t,"a",(function(){return n})),function(e){e.withExceptions="withExceptions",e.withExceptionsExcludeExpiredExceptions="withExceptionsExcludeExpiredExceptions",e.withoutExceptions="withoutExceptions"}(n||(n={}))},function(e,t,a){"use strict";a.d(t,"a",(function(){return n})),a.d(t,"e",(function(){return i})),a.d(t,"c",(function(){return r})),a.d(t,"b",(function(){return o})),a.d(t,"d",(function(){return l}));const n=e=>e.sort(((e,t)=>e.toLowerCase().localeCompare(t.toLowerCase()))),i=({query:e,searchValue:t,filterOptions:a,defaultSearchTerm:n})=>{const i=null==e?void 0:e.ast.getFieldClauses();return null!=i&&i.length>0?i.reduce(((e,{field:t,value:a})=>(e[t]=`${a}`,e)),a):{[n]:t}},r=async e=>{const t=(await e.text()).split("\n").filter(Boolean).slice(-1)[0];return JSON.parse(t)},o=async e=>{const t=await r(e);return{skipped:0,succeeded:t.exported_rules_count,failed:t.missing_rules_count,total:t.exported_rules_count+t.missing_rules_count}},s={low:0,medium:1,high:2,critical:3},l=e=>{var t;return null!==(t=s[e])&&void 0!==t?t:-1}},,function(e,t,a){"use strict";a.d(t,"a",(function(){return Jt}));var n=a(2),i=a.n(n),r=a(103),o=a(40),s=a(119),l=a(115),c=a(111),u=a(133),d=a(118),p=a(105),m=a(220),g=a(130),y=a.n(g),f=a(309),b=a(476),h=a(568),E=a(348),v=a(573),x=a(867),k=a(186),S=a(266),w=a(399),j=a(748),O=a(155),I=a(1063);const T=()=>({promptContextId:void 0}),C=({browserFields:e,entityType:t="events",expandedEvent:a,handleOnEventClosed:r,isDraggable:s,isFlyoutView:l,runtimeMappings:c,tabType:u,scopeId:d,isReadOnly:p})=>{var g,y;const{hasAssistantPrivilege:C}=Object(f.a)(),M=C?m.j:T,F=Object(S.a)(),{indexName:D}=a,A=null!==(g=Object(k.a)(D,F))&&void 0!==g?g:D,[_,N,R,q,P]=Object(E.a)({entityType:t,indexName:null!=A?A:"",eventId:null!==(y=a.eventId)&&void 0!==y?y:"",runtimeMappings:c,skip:!a.eventId}),{isolateAction:L,isHostIsolationPanelOpen:B,isIsolateActionSuccessBannerVisible:z,handleIsolationActionSuccess:$,showAlertDetails:V,showHostIsolationPanel:G}=Object(v.a)(),{alertId:U,isAlert:H,hostName:W,ruleName:Q,timestamp:Y}=Object(k.b)(N),K=Object(n.useMemo)((()=>l?O.A:O.D),[l]),Z=Object(n.useCallback)((async()=>Object(b.d)(null!=N?N:[])),[N]),{promptContextId:J}=M(H?"alert":"event",H?O.e:O.i,H?Object(O.d)(K):Object(O.h)(K),Z,null,H?I.a[I.b].suggestedUserPrompt:I.a[I.d].suggestedUserPrompt,H?O.f:O.j),X=Object(n.useMemo)((()=>l||B?i.a.createElement(x.c,{eventId:a.eventId,eventIndex:A,isHostIsolationPanelOpen:B,isAlert:H,isolateAction:L,loading:_,ruleName:Q,showAlertDetails:V,timestamp:Y,promptContextId:J}):i.a.createElement(h.b,{eventId:a.eventId,eventIndex:A,isAlert:H,loading:_,ruleName:Q,timestamp:Y,handleOnEventClosed:r,promptContextId:J})),[l,B,a.eventId,A,H,L,_,Q,V,Y,r,J]),ee=Object(n.useMemo)((()=>l?i.a.createElement(x.a,{alertId:U,browserFields:e,detailsData:N,detailsEcsData:q,event:a,hostName:W,handleIsolationActionSuccess:$,handleOnEventClosed:r,isAlert:H,isDraggable:s,isolateAction:L,isIsolateActionSuccessBannerVisible:z,isHostIsolationPanelOpen:B,loading:_,rawEventData:R,showAlertDetails:V,scopeId:d,isReadOnly:p}):B?i.a.createElement(i.a.Fragment,null,z&&i.a.createElement(w.c,{hostName:W,alertId:U,isolateAction:L}),i.a.createElement(o.EuiFlyoutBody,null,i.a.createElement(j.a,{details:N,cancelCallback:V,successCallback:$,isolateAction:L}))):i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(h.a,{browserFields:e,detailsData:N,detailsEcsData:q,event:a,isAlert:H,isDraggable:s,loading:_,rawEventData:R,scopeId:d,timelineTabType:u,handleOnEventClosed:r}))),[U,e,N,q,a,$,r,W,H,s,l,B,z,p,L,_,R,V,u,d]);return null!=a&&a.eventId?i.a.createElement(i.a.Fragment,null,X,ee,i.a.createElement(x.b,{detailsData:N,detailsEcsData:q,refetchFlyoutData:P,handleOnEventClosed:r,isHostIsolationPanelOpen:B,isReadOnly:p,loadingEventDetails:_,onAddIsolationStatusClick:G,scopeId:d})):null},M=i.a.memo(C,((e,t)=>y()(e.browserFields,t.browserFields)&&y()(e.expandedEvent,t.expandedEvent)&&e.scopeId===t.scopeId&&e.isDraggable===t.isDraggable));var F=a(5),D=a(41),A=a.n(D),_=a(114),N=a(123),R=a(134),q=a(116),P=a(879),L=a(151),B=a(367),z=a(647),$=a(298),V=a(663);const G=A.a.h4.withConfig({displayName:"StyledTitle",componentId:"sc-1xbsnt9-0"})(["word-break:break-all;word-wrap:break-word;white-space:pre-wrap;"]),U=({hostName:e})=>i.a.createElement(o.EuiTitle,{size:"s"},i.a.createElement(G,null,F.i18n.translate("xpack.securitySolution.timeline.sidePanel.hostDetails.title",{defaultMessage:"Host details"}),`: ${e}`)),H=({hostName:e})=>i.a.createElement(N.d,{hostName:e,isButton:!0},F.i18n.translate("xpack.securitySolution.timeline.sidePanel.hostDetails.hostDetailsPageLink",{defaultMessage:"View details page"})),W=({contextID:e,scopeId:t,hostName:a,isDraggable:o=!1})=>{const{to:s,from:c,isInitializing:u}=Object(R.a)(),{selectedPatterns:d}=Object(q.d)(),p=Object(r.useDispatch)(),[m,{hostDetails:g}]=Object(V.b)({endDate:s,hostName:a,indexNames:d,startDate:c}),y=Object(n.useCallback)(((e,t)=>{const a=Object($.a)(e,t);p(Object(L.setAbsoluteRangeDatePicker)({id:_.a.global,from:a.from,to:a.to}))}),[p]);return i.a.createElement(B.a,{criteriaFields:Object(z.a)(g),startDate:c,endDate:s,skip:u},(({isLoadingAnomaliesData:n,anomaliesData:r,jobNameById:u})=>i.a.createElement(P.a,{contextID:e,sourcererScopeId:Object(l.getSourcererScopeId)(t),id:V.a,isInDetailsSidePanel:!0,data:g,anomaliesData:r,isDraggable:o,isLoadingAnomaliesData:n,indexNames:d,loading:m,startDate:c,endDate:s,narrowDateRange:y,hostName:a,jobNameById:u})))},Q=A()(o.EuiFlyoutBody).withConfig({displayName:"StyledEuiFlyoutBody",componentId:"sc-1i9mt5q-0"})([".euiFlyoutBody__overflow{display:flex;flex:1;overflow:hidden;.euiFlyoutBody__overflowContent{flex:1;overflow-x:hidden;overflow-y:scroll;margin-bottom:64px;padding:",";}}"],(({theme:e})=>`${e.eui.euiSizeXS} ${e.eui.euiSizeM} 0px`)),Y=A()(o.EuiFlexGroup).withConfig({displayName:"StyledEuiFlexGroup",componentId:"sc-1i9mt5q-1"})(["flex:1 0 auto;"]),K=A()(o.EuiFlexItem).withConfig({displayName:"StyledEuiFlexButtonWrapper",componentId:"sc-1i9mt5q-2"})(["align-self:flex-start;flex:1 0 auto;"]),Z=A.a.div.withConfig({displayName:"StyledPanelContent",componentId:"sc-1i9mt5q-3"})(["display:block;height:100%;overflow-y:scroll;overflow-x:hidden;"]),J=i.a.memo((({contextID:e,scopeId:t,expandedHost:a,handleOnHostClosed:n,isDraggable:r,isFlyoutView:s})=>{const{hostName:l}=a;return l?s?i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiFlyoutHeader,{hasBorder:!0},i.a.createElement(U,{hostName:l})),i.a.createElement(Q,null,i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(H,{hostName:l}),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(W,{contextID:e,scopeId:t,hostName:l}))):i.a.createElement(i.a.Fragment,null,i.a.createElement(Y,{justifyContent:"spaceBetween",wrap:!1},i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(U,{hostName:l})),i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(o.EuiButtonIcon,{iconType:"cross","aria-label":F.i18n.translate("xpack.securitySolution.timeline.sidePanel.hostDetails.close",{defaultMessage:"close"}),onClick:n}))),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(K,{grow:!1},i.a.createElement(H,{hostName:l})),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(Z,null,i.a.createElement(W,{contextID:e,scopeId:t,hostName:l,isDraggable:r}))):null}));var X=a(51),ee=a(273),te=a(1098),ae=a(1099),ne=a(102),ie=a(161),re=a(122),oe=a(1130),se=a(280),le=a(610),ce=a(385),ue=a(416);const de=A.a.h4.withConfig({displayName:"StyledTitle",componentId:"sc-1jm2ava-0"})(["word-break:break-all;word-wrap:break-word;white-space:pre-wrap;"]),pe=({ip:e})=>i.a.createElement(o.EuiTitle,{size:"s"},i.a.createElement(de,null,F.i18n.translate("xpack.securitySolution.timeline.sidePanel.networkDetails.title",{defaultMessage:"Network details"}),`: ${e}`)),me=({expandedNetwork:{ip:e,flowTarget:t}})=>i.a.createElement(N.h,{ip:e,flowTarget:t,isButton:!0},F.i18n.translate("xpack.securitySolution.timeline.sidePanel.networkDetails.networkDetailsPageLink",{defaultMessage:"View details page"})),ge=({contextID:e,expandedNetwork:t,isDraggable:a})=>{const{ip:o,flowTarget:s}=t,l=Object(r.useDispatch)(),{to:c,from:u,isInitializing:d}=Object(R.a)(),m=Object(n.useMemo)((()=>re.d.globalQuerySelector()),[]),g=Object(n.useMemo)((()=>re.d.globalFiltersQuerySelector()),[]),y=Object(p.a)(m),f=Object(p.a)(g),b=se.c.NetworkType.details,h=Object(n.useCallback)(((e,t)=>{const a=Object($.a)(e,t);l(Object(L.setAbsoluteRangeDatePicker)({id:_.a.global,from:a.from,to:a.to}))}),[l]),{services:{uiSettings:E}}=Object(ne.j)(),{indicesExist:v,indexPattern:x,selectedPatterns:k}=Object(q.d)(),[S,w]=Object(ie.i)({config:Object(X.getEsQueryConfig)(E),indexPattern:x,queries:[y],filters:f}),[j,{id:O,networkDetails:I}]=Object(oe.b)({skip:d||void 0===S,filterQuery:S,indexNames:k,ip:o});Object(ee.a)({id:O,filterQuery:S,kqlError:w,query:y,startDate:u,endDate:c});const{jobNameById:T}=Object(ce.a)(),C=Object(n.useMemo)((()=>Object.keys(T)),[T]),[M,F]=Object(le.a)({criteriaFields:Object(ae.a)(o,s),startDate:u,endDate:c,skip:d,jobIds:C,aggregationInterval:"auto"});return v?i.a.createElement(te.a,{contextID:e,id:O,ip:o,data:I,anomaliesData:F,loading:j,isInDetailsSidePanel:!0,isLoadingAnomaliesData:M,isDraggable:a,type:b,flowTarget:s,startDate:u,endDate:c,narrowDateRange:h,indexPatterns:k,jobNameById:T}):i.a.createElement(ue.a,null)},ye=A()(o.EuiFlyoutBody).withConfig({displayName:"StyledEuiFlyoutBody",componentId:"sc-1tify25-0"})([".euiFlyoutBody__overflow{display:flex;flex:1;overflow-x:hidden;overflow-y:scroll;.euiFlyoutBody__overflowContent{flex:1;overflow-x:hidden;overflow-y:scroll;padding:",";}}"],(({theme:e})=>`${e.eui.euiSizeXS} ${e.eui.euiSizeM} 64px`)),fe=A()(o.EuiFlexGroup).withConfig({displayName:"StyledEuiFlexGroup",componentId:"sc-1tify25-1"})(["flex:1 0 auto;"]),be=A()(o.EuiFlexItem).withConfig({displayName:"StyledEuiFlexButtonWrapper",componentId:"sc-1tify25-2"})(["align-self:flex-start;flex:1 0 auto;"]),he=A.a.div.withConfig({displayName:"StyledPanelContent",componentId:"sc-1tify25-3"})(["display:block;height:100%;overflow-y:scroll;overflow-x:hidden;"]),Ee=i.a.memo((({contextID:e,expandedNetwork:t,handleOnNetworkClosed:a,isFlyoutView:n,isDraggable:r})=>{const{ip:s}=t;return n?i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiFlyoutHeader,{hasBorder:!0},i.a.createElement(pe,{ip:s})),i.a.createElement(ye,null,i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(me,{expandedNetwork:t}),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(ge,{contextID:e,expandedNetwork:t}))):i.a.createElement(i.a.Fragment,null,i.a.createElement(fe,{justifyContent:"spaceBetween",wrap:!1},i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(pe,{ip:s})),i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(o.EuiButtonIcon,{iconType:"cross","aria-label":F.i18n.translate("xpack.securitySolution.timeline.sidePanel.networkDetails.close",{defaultMessage:"close"}),onClick:a}))),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(be,{grow:!1},i.a.createElement(me,{expandedNetwork:t})),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(he,null,i.a.createElement(ge,{contextID:e,expandedNetwork:t,isDraggable:r})))}));var ve=a(21),xe=a(797),ke=a(386),Se=a(686),we=a(184);const je=A.a.h4.withConfig({displayName:"StyledTitle",componentId:"sc-19b6yfb-0"})(["word-break:break-all;word-wrap:break-word;white-space:pre-wrap;"]),Oe=({userName:e})=>i.a.createElement(o.EuiTitle,{size:"s"},i.a.createElement(je,null,F.i18n.translate("xpack.securitySolution.timeline.sidePanel.userDetails.title",{defaultMessage:"User details"}),`: ${e}`)),Ie=({userName:e})=>i.a.createElement(N.m,{userName:e,isButton:!0},F.i18n.translate("xpack.securitySolution.timeline.sidePanel.networkDetails.userDetails",{defaultMessage:"View details page"})),Te=({contextID:e,scopeId:t,userName:a,isDraggable:o})=>{const{to:s,from:c,isInitializing:u}=Object(R.a)(),{selectedPatterns:d}=Object(q.d)(),p=Object(r.useDispatch)(),[m,{userDetails:g}]=Object(ke.b)({endDate:s,startDate:c,userName:a,indexNames:d,skip:u}),y=Object(n.useCallback)(((e,t)=>{const a=Object($.a)(e,t);p(Object(L.setAbsoluteRangeDatePicker)({id:_.a.global,from:a.from,to:a.to}))}),[p]);return i.a.createElement(B.a,{criteriaFields:Object(Se.a)(we.UsersType.details,a),startDate:c,endDate:s,skip:u},(({isLoadingAnomaliesData:n,anomaliesData:r,jobNameById:u})=>i.a.createElement(xe.a,{userName:a,isInDetailsSidePanel:!0,data:g,loading:m,contextID:e,sourcererScopeId:Object(l.getSourcererScopeId)(t),isDraggable:o,id:"usersDetailsQuery",anomaliesData:r,isLoadingAnomaliesData:n,startDate:c,endDate:s,narrowDateRange:y,indexPatterns:d,jobNameById:u})))},Ce=A()(o.EuiFlyoutBody).withConfig({displayName:"StyledEuiFlyoutBody",componentId:"sc-iwngk-0"})([".euiFlyoutBody__overflow{display:flex;flex:1;overflow-x:hidden;overflow-y:scroll;.euiFlyoutBody__overflowContent{flex:1;overflow-x:hidden;overflow-y:scroll;padding:",";}}"],(({theme:e})=>`${e.eui.euiSizeXS} ${e.eui.euiSizeM} 64px`)),Me=({contextID:e,scopeId:t,userName:a})=>i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiFlyoutHeader,{hasBorder:!0},i.a.createElement(Oe,{userName:a})),i.a.createElement(Ce,null,i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(Ie,{userName:a}),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(Te,{contextID:e,scopeId:t,userName:a}))),Fe=A()(o.EuiFlexGroup).withConfig({displayName:"StyledEuiFlexGroup",componentId:"sc-190swzt-0"})(["flex:1 0 auto;"]),De=A()(o.EuiFlexItem).withConfig({displayName:"StyledEuiFlexButtonWrapper",componentId:"sc-190swzt-1"})(["align-self:flex-start;flex:1 0 auto;"]),Ae=A.a.div.withConfig({displayName:"StyledPanelContent",componentId:"sc-190swzt-2"})(["display:block;height:100%;overflow-y:scroll;overflow-x:hidden;"]),_e=({contextID:e,scopeId:t,userName:a,isDraggable:n,handleOnClose:r})=>i.a.createElement(i.a.Fragment,null,i.a.createElement(Fe,{justifyContent:"spaceBetween",wrap:!1},i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(Oe,{userName:a})),i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(o.EuiButtonIcon,{iconType:"cross","aria-label":F.i18n.translate("xpack.securitySolution.timeline.sidePanel.networkDetails.close",{defaultMessage:"close"}),onClick:r}))),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(De,{grow:!1},i.a.createElement(Ie,{userName:a})),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(Ae,null,i.a.createElement(Te,{contextID:e,scopeId:t,userName:a,isDraggable:n})));var Ne=a(8);const Re=F.i18n.translate("xpack.securitySolution.timeline.userDetails.observedBadge",{defaultMessage:"OBSERVED"}),qe=F.i18n.translate("xpack.securitySolution.timeline.userDetails.managedBadge",{defaultMessage:"MANAGED"}),Pe=F.i18n.translate("xpack.securitySolution.timeline.userDetails.userLabel",{defaultMessage:"User"}),Le=F.i18n.translate("xpack.securitySolution.timeline.userDetails.failManagedUserDescription",{defaultMessage:"Failed to run search on user managed data"}),Be=F.i18n.translate("xpack.securitySolution.timeline.userDetails.managedDataTitle",{defaultMessage:"Managed data"}),ze=F.i18n.translate("xpack.securitySolution.timeline.userDetails.observedDataTitle",{defaultMessage:"Observed data"}),$e=F.i18n.translate("xpack.securitySolution.timeline.userDetails.hideObservedDataButton",{defaultMessage:"Hide observed data"}),Ve=F.i18n.translate("xpack.securitySolution.timeline.userDetails.showObservedDataButton",{defaultMessage:"Show observed data"}),Ge=F.i18n.translate("xpack.securitySolution.timeline.userDetails.hideManagedDataButton",{defaultMessage:"Hide Azure AD data"}),Ue=F.i18n.translate("xpack.securitySolution.timeline.userDetails.showManagedDataButton",{defaultMessage:"Show Azure AD data"}),He=F.i18n.translate("xpack.securitySolution.timeline.userDetails.riskScoreLabel",{defaultMessage:"Risk score"}),We=F.i18n.translate("xpack.securitySolution.timeline.userDetails.valuesColumnTitle",{defaultMessage:"Values"}),Qe=F.i18n.translate("xpack.securitySolution.timeline.userDetails.fieldColumnTitle",{defaultMessage:"Field"}),Ye=F.i18n.translate("xpack.securitySolution.timeline.userDetails.userIdLabel",{defaultMessage:"User ID"}),Ke=F.i18n.translate("xpack.securitySolution.timeline.userDetails.maxAnomalyScoreByJobLabel",{defaultMessage:"Max anomaly score by job"}),Ze=F.i18n.translate("xpack.securitySolution.timeline.userDetails.firstSeenLabel",{defaultMessage:"First seen"}),Je=F.i18n.translate("xpack.securitySolution.timeline.userDetails.lastSeenLabel",{defaultMessage:"Last seen"}),Xe=F.i18n.translate("xpack.securitySolution.timeline.userDetails.hostOsNameLabel",{defaultMessage:"Operating system"}),et=F.i18n.translate("xpack.securitySolution.timeline.userDetails.familyLabel",{defaultMessage:"Family"}),tt=F.i18n.translate("xpack.securitySolution.timeline.userDetails.ipAddressesLabel",{defaultMessage:"IP addresses"}),at=F.i18n.translate("xpack.securitySolution.timeline.userDetails.fullNameLabel",{defaultMessage:"Full name"}),nt=F.i18n.translate("xpack.securitySolution.timeline.userDetails.firstNameLabel",{defaultMessage:"First name"}),it=F.i18n.translate("xpack.securitySolution.timeline.userDetails.lastNameLabel",{defaultMessage:"Last name"}),rt=F.i18n.translate("xpack.securitySolution.timeline.userDetails.phoneLabel",{defaultMessage:"Phone"}),ot=F.i18n.translate("xpack.securitySolution.timeline.userDetails.noActiveIntegrationTitle",{defaultMessage:"You don’t have any active integrations"}),st=F.i18n.translate("xpack.securitySolution.timeline.userDetails.noActiveIntegrationText",{defaultMessage:"External integrations can provide additional metadata and help you manage users."}),lt=F.i18n.translate("xpack.securitySolution.timeline.userDetails.addExternalIntegrationButton",{defaultMessage:"Add external integrations"}),ct=F.i18n.translate("xpack.securitySolution.timeline.userDetails.noAzureDataTitle",{defaultMessage:"No metadata found for this user"}),ut=F.i18n.translate("xpack.securitySolution.timeline.userDetails.noAzureDataText",{defaultMessage:"If you expected to see metadata for this user, make sure you have configured your integrations properly."}),dt=(F.i18n.translate("xpack.securitySolution.timeline.userDetails.closeButton",{defaultMessage:"close"}),F.i18n.translate("xpack.securitySolution.timeline.userDetails.observedUserInspectTitle",{defaultMessage:"Observed user"})),pt=F.i18n.translate("xpack.securitySolution.timeline.userDetails.managedUserInspectTitle",{defaultMessage:"Managed user"});var mt=a(113),gt=a(284),yt=a(194),ft=a(886),bt=a(872);const ht=["logs-entityanalytics_azure.users-*"],Et="entityanalytics_azure",vt=`/detail/${Et}/overview`,xt="managedUserDetailsQuery";var kt=a(218),St=a(132),wt=a(117),jt=a(212);const Ot=({riskScoreState:e})=>{const{euiTheme:t}=Object(o.useEuiTheme)(),{fontSize:a}=Object(o.useEuiFontSize)("xs"),{data:n,isAuthorized:r}=e,s=n&&n.length>0?n[0]:void 0;return r?i.a.createElement(o.EuiFlexGroup,{alignItems:"center",gutterSize:"none",responsive:!1,"data-test-subj":"user-details-risk-score"},i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(It,{$_css:t.font.weight.bold,$_css2:a,$_css3:t.size.xs},He,": ")),s?i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiFlexItem,{grow:!1},Math.round(s.user.risk.calculated_score_norm)),i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(jt.b,{severity:mt.y.high,hideBackgroundColor:!0}))):Object(wt.d)()):null};var It=A()("span").withConfig({displayName:"_StyledSpan",componentId:"sc-18knn5l-0"})(["font-weight:",";font-size:",";margin-right:",";"],(e=>e.$_css),(e=>e.$_css2),(e=>e.$_css3)),Tt=a(44),Ct=a(649),Mt=a(42),Ft=a(48),Dt=a(224),At=a(473);const _t={name:Qe,field:"label",render:e=>i.a.createElement(Rt,{$_css:Ft.euiLightVars.euiFontWeightMedium,$_css2:Ft.euiLightVars.euiTitleColor},e)},Nt=({anomalies:e})=>{const{to:t,from:a}=Object(R.a)(),o=Object(r.useDispatch)(),s=Object(n.useCallback)(((e,t)=>{const a=Object($.a)(e,t);o(Object(L.setAbsoluteRangeDatePicker)({id:_.a.global,from:a.from,to:a.to}))}),[o]);return i.a.createElement(At.a,{anomalies:e.anomalies,startDate:a,endDate:t,isLoading:e.isLoading,narrowDateRange:s,jobNameById:e.jobNameById})};var Rt=A()("span").withConfig({displayName:"_StyledSpan",componentId:"sc-1eh5srw-0"})(["font-weight:",";color:",";"],(e=>e.$_css),(e=>e.$_css2)),qt=a(149);const Pt=({observedUser:e,contextID:t,scopeId:a,isDraggable:r})=>{const{euiTheme:s}=Object(o.useEuiTheme)(),c=(u=e,Object(n.useMemo)((()=>{var e,t,a,n,i,r,o;return u.details?[{label:Ye,values:null===(e=u.details.user)||void 0===e?void 0:e.id,field:"user.id"},{label:"Domain",values:null===(t=u.details.user)||void 0===t?void 0:t.domain,field:"user.domain"},{label:Ke,field:"anomalies",values:u.anomalies},{label:Ze,values:u.firstSeen.date?[u.firstSeen.date]:void 0,field:"@timestamp"},{label:Je,values:u.lastSeen.date?[u.lastSeen.date]:void 0,field:"@timestamp"},{label:Xe,values:null===(a=u.details.host)||void 0===a||null===(n=a.os)||void 0===n?void 0:n.name,field:"host.os.name"},{label:et,values:null===(i=u.details.host)||void 0===i||null===(r=i.os)||void 0===r?void 0:r.family,field:"host.os.family"},{label:tt,values:null===(o=u.details.host)||void 0===o?void 0:o.ip,field:"host.ip"}]:[]}),[u.details,u.anomalies,u.firstSeen,u.lastSeen]));var u;const[d,p]=Object(n.useState)(!1),m=Object(n.useCallback)((()=>{p((e=>!e))}),[p]),g=Object(n.useMemo)((()=>((e,t,a)=>[_t,{name:We,field:"values",render:(n,{field:r})=>function(e,t){return"anomalies"===e}(r)&&n?i.a.createElement(Nt,{anomalies:n}):"@timestamp"===r?i.a.createElement(St.b,{value:Object(Mt.head)(n)}):i.a.createElement(Dt.a,{rowItems:n,attrName:r,idPrefix:e?`observedUser-${e}`:"observedUser",isDraggable:a,sourcererScopeId:Object(l.getSourcererScopeId)(t)})}])(t,a,r)),[t,a,r]);return i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiTitle,{size:"s"},i.a.createElement("h5",null,ze)),i.a.createElement(o.EuiSpacer,{size:"l"}),i.a.createElement(qt.c,null,i.a.createElement(Bt,{isLoading:e.isLoading,id:"observedUser-data","data-test-subj":"observedUser-data",forceState:d?"open":"closed",buttonProps:{"data-test-subj":"observedUser-accordion-button",css:ve.css`
              color: ${s.colors.primary};
            `},buttonContent:d?$e:Ve,onToggle:m,extraAction:i.a.createElement(i.a.Fragment,null,i.a.createElement(Lt,{$_css:s.size.s},i.a.createElement(qt.b,{queryId:ke.a,title:dt})),e.lastSeen.date&&i.a.createElement(Tt.FormattedMessage,{id:"xpack.securitySolution.timeline.userDetails.observedUserUpdatedTime",defaultMessage:"Updated {time}",values:{time:i.a.createElement(St.b,{value:e.lastSeen.date,dateFormat:"MMM D, YYYY",relativeThresholdInHrs:168})}}))},i.a.createElement(o.EuiPanel,{color:"subdued"},i.a.createElement(Ct.a,{loading:e.isLoading||e.firstSeen.isLoading||e.lastSeen.isLoading||e.anomalies.isLoading,"data-test-subj":"observedUser-table",columns:g,items:c})))))};var Lt=A()("span").withConfig({displayName:"_StyledSpan",componentId:"sc-czrrgy-0"})(["margin-right:",";"],(e=>e.$_css)),Bt=A()(o.EuiAccordion).withConfig({displayName:"_StyledEuiAccordion",componentId:"sc-czrrgy-1"})([".euiAccordion__optionalAction{margin-left:auto;}"]);const zt=({managedUser:e,contextID:t,scopeId:a,isDraggable:r})=>{const{euiTheme:s}=Object(o.useEuiTheme)(),c=(u=e.details,Object(n.useMemo)((()=>{var e;return u?[{label:Ye,value:u.user.id,field:"user.id"},{label:at,value:u.user.full_name,field:"user.full_name"},{label:nt,value:u.user.first_name},{label:it,value:u.user.last_name},{label:rt,value:null===(e=u.user.phone)||void 0===e?void 0:e.join(", ")}]:null}),[u]));var u;const[d,p]=Object(n.useState)(!1),m=Object(n.useCallback)((()=>{p((e=>!e))}),[p]),g=Object(n.useMemo)((()=>((e,t,a)=>[_t,{name:We,field:"value",render:(n,{field:r})=>r&&n?i.a.createElement(Dt.a,{rowItems:[n],attrName:r,idPrefix:e?`managedUser-${e}`:"managedUser",isDraggable:a,sourcererScopeId:Object(l.getSourcererScopeId)(t)}):Object(wt.a)(n)}])(t,a,r)),[r,t,a]),{getAppUrl:y}=Object(ne.c)(),f=Object(n.useMemo)((()=>y({appId:"integrations",path:vt})),[y]);return e.isLoading||e.isIntegrationEnabled?i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiTitle,{size:"s"},i.a.createElement("h5",null,Be)),i.a.createElement(o.EuiSpacer,{size:"l"}),i.a.createElement(qt.c,null,i.a.createElement(Vt,{isLoading:e.isLoading,id:"managedUser-data","data-test-subj":"managedUser-data",forceState:d?"open":"closed",buttonProps:{"data-test-subj":"managedUser-accordion-button",css:ve.css`
              color: ${s.colors.primary};
            `},buttonContent:d?Ge:Ue,onToggle:m,extraAction:i.a.createElement(i.a.Fragment,null,i.a.createElement($t,{$_css:s.size.s},i.a.createElement(qt.b,{queryId:xt,title:pt})),e.lastSeen.date&&i.a.createElement(Tt.FormattedMessage,{id:"xpack.securitySolution.timeline.userDetails.updatedTime",defaultMessage:"Updated {time}",values:{time:i.a.createElement(St.b,{value:e.lastSeen.date,dateFormat:"MMM D, YYYY",relativeThresholdInHrs:168})}}))},i.a.createElement(o.EuiPanel,{color:"subdued"},c||e.isLoading?i.a.createElement(Ct.a,{loading:e.isLoading,"data-test-subj":"managedUser-table",columns:g,items:null!=c?c:[]}):i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiCallOut,{"data-test-subj":"managedUser-no-data",title:ct,color:"warning",iconType:"help"},i.a.createElement("p",null,ut))))))):i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiTitle,{size:"s"},i.a.createElement("h5",null,Be)),i.a.createElement(o.EuiSpacer,{size:"l"}),i.a.createElement(o.EuiPanel,{"data-test-subj":"managedUser-integration-disable-callout"},i.a.createElement(o.EuiEmptyPrompt,{title:i.a.createElement("h2",null,ot),body:i.a.createElement("p",null,st),actions:i.a.createElement(o.EuiButton,{fill:!0,href:f},lt)})))};var $t=A()("span").withConfig({displayName:"_StyledSpan",componentId:"sc-nbm1eh-0"})(["margin-right:",";"],(e=>e.$_css)),Vt=A()(o.EuiAccordion).withConfig({displayName:"_StyledEuiAccordion",componentId:"sc-nbm1eh-1"})([".euiAccordion__optionalAction{margin-left:auto;}"]);const Gt=({userName:e,observedUser:t,managedUser:a,riskScoreState:r,contextID:s,scopeId:l,isDraggable:c})=>{const{euiTheme:u}=Object(o.useEuiTheme)(),{fontSize:d}=Object(o.useEuiFontSize)("xl"),p=Object(n.useMemo)((()=>Object(Ne.max)([t.lastSeen,a.lastSeen].map((e=>e.date&&new Date(e.date))))),[a.lastSeen,t.lastSeen]);return i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiFlexGroup,{gutterSize:"m",alignItems:"center",responsive:!1,"data-test-subj":"user-details-content-header"},i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(o.EuiIcon,{type:"user",size:"m"})),i.a.createElement(o.EuiFlexItem,{grow:!1},Pe),i.a.createElement(o.EuiFlexItem,{grow:!1},t.lastSeen.date&&i.a.createElement(o.EuiBadge,{"data-test-subj":"user-details-content-observed-badge",color:"hollow"},Re)),i.a.createElement(o.EuiFlexItem,{grow:!1},a.lastSeen.date&&i.a.createElement(o.EuiBadge,{"data-test-subj":"user-details-content-managed-badge",color:"hollow"},qe))),i.a.createElement(o.EuiSpacer,{size:"m"}),t.lastSeen.isLoading||a.lastSeen.isLoading?i.a.createElement(o.EuiProgress,{size:"xs",color:"accent"}):i.a.createElement(o.EuiHorizontalRule,{margin:"none"}),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(N.m,{userName:e},i.a.createElement(Ht,{$_css:d,$_css2:u.font.weight.bold,$_css3:Object(o.euiTextBreakWord)()},e)),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(o.EuiText,{size:"xs","data-test-subj":"user-details-content-lastSeen"},Je,": ",p&&i.a.createElement(St.c,{value:p})),i.a.createElement(o.EuiHorizontalRule,{margin:"xs"}),i.a.createElement(Ot,{riskScoreState:r}),i.a.createElement(o.EuiHorizontalRule,{margin:"xs"}),i.a.createElement(o.EuiSpacer,{size:"xxl"}),i.a.createElement(Pt,{observedUser:t,contextID:s,scopeId:l,isDraggable:c}),i.a.createElement(o.EuiSpacer,null),i.a.createElement(zt,{managedUser:a,contextID:s,scopeId:l,isDraggable:c}))},Ut=({userName:e,contextID:t,scopeId:a,isDraggable:r=!1})=>{const{to:o,from:s,isInitializing:l}=Object(R.a)(),c=Object(gt.c)({riskEntity:mt.w.user}),u=(e=>{const{selectedPatterns:t}=Object(q.d)(),{to:a,from:i,isInitializing:r,deleteQuery:o,setQuery:s}=Object(R.a)(),[l,{userDetails:c,inspect:u,refetch:d,id:p}]=Object(ke.b)({endDate:a,startDate:i,userName:e,indexNames:t,skip:r});Object(kt.b)({deleteQuery:o,inspect:u,refetch:d,setQuery:s,queryId:p,loading:l});const[m,{firstSeen:g}]=Object(ft.a)({field:"user.name",value:e,defaultIndex:t,order:mt.b.asc,filterQuery:mt.m}),[y,{lastSeen:f}]=Object(ft.a)({field:"user.name",value:e,defaultIndex:t,order:mt.b.desc,filterQuery:mt.m});return Object(n.useMemo)((()=>({details:c,isLoading:l,firstSeen:{date:g,isLoading:m},lastSeen:{date:f,isLoading:y}})),[g,f,m,y,l,c])})(e),d=(e=>{const{to:t,from:a,isInitializing:i,deleteQuery:r,setQuery:o}=Object(R.a)(),{loading:s,result:{userDetails:l},search:c,refetch:u,inspect:d}=Object(yt.a)({factoryQueryType:mt.B.managedDetails,initialResult:{},errorMessage:Le});Object(n.useEffect)((()=>{i||c({defaultIndex:ht,factoryQueryType:mt.B.managedDetails,userName:e})}),[a,c,t,e,i]);const{data:p,isLoading:m}=Object(bt.a)({packages:[Et]});Object(kt.b)({deleteQuery:r,inspect:d,refetch:u,setQuery:o,queryId:xt,loading:s});const g=Object(n.useMemo)((()=>!(null==p||!p.some((({package_name:e,is_enabled:t})=>e===Et&&t)))),[p]),[y,{firstSeen:f}]=Object(ft.a)({field:"user.name",value:e,defaultIndex:ht,order:mt.b.asc}),[b,{lastSeen:h}]=Object(ft.a)({field:"user.name",value:e,defaultIndex:ht,order:mt.b.desc});return Object(n.useMemo)((()=>({details:l,isLoading:s||m,isIntegrationEnabled:g,firstSeen:{date:f,isLoading:y},lastSeen:{date:h,isLoading:b}})),[f,g,m,h,y,b,s,l])})(e);return i.a.createElement(B.a,{criteriaFields:Object(Se.a)(we.UsersType.details,e),startDate:s,endDate:o,skip:l},(({isLoadingAnomaliesData:n,anomaliesData:o,jobNameById:s})=>i.a.createElement(Gt,{userName:e,managedUser:d,observedUser:{...u,anomalies:{isLoading:n,anomalies:o,jobNameById:s}},riskScoreState:c,contextID:t,scopeId:a,isDraggable:r})))};var Ht=A()("span").withConfig({displayName:"_StyledSpan",componentId:"sc-1yxtora-0"})(["font-size:",";font-weight:",";",""],(e=>e.$_css),(e=>e.$_css2),(e=>e.$_css3));const Wt=F.i18n.translate("xpack.securitySolution.timeline.userDetails.closeButton",{defaultMessage:"close"}),Qt=({contextID:e,scopeId:t,userName:a,handleOnClose:n,isFlyoutView:r,isDraggable:s,isNewUserDetailsFlyoutEnable:l})=>l?r?i.a.createElement(o.EuiFlyoutBody,null,i.a.createElement(Ut,{userName:a,contextID:e,scopeId:t,isDraggable:s})):i.a.createElement("div",{className:"eui-yScroll"},i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(Kt,{iconType:"cross","aria-label":Wt,onClick:n}),i.a.createElement(Ut,{userName:a,contextID:e,scopeId:t,isDraggable:s})):r?i.a.createElement(Me,{userName:a,contextID:e,scopeId:t}):i.a.createElement(_e,{userName:a,contextID:e,isDraggable:s,handleOnClose:n,scopeId:t}),Yt=i.a.memo(Qt);var Kt=A()(o.EuiButtonIcon).withConfig({displayName:"_StyledEuiButtonIcon",componentId:"sc-uienxr-0"})(["float:right;"]),Zt=a(124);const Jt=i.a.memo((({browserFields:e,entityType:t,handleOnPanelClosed:a,isFlyoutView:m,runtimeMappings:g,tabType:y,scopeId:f,isReadOnly:b})=>{var h,E,v,x;const k=Object(r.useDispatch)(),S=Object(Zt.a)("newUserDetailsFlyout"),w=Object(n.useMemo)((()=>Object(l.isTimelineScope)(f)?c.b.getTimelineByIdSelector():Object(l.isInTableScope)(f)?s.j.getTableByIdSelector():void 0),[f]),j=Object(p.a)((e=>{var t,a;return null===(t=null!==(a=w&&w(e,f))&&void 0!==a?a:u.b)||void 0===t?void 0:t.expandedDetail}));Object(n.useEffect)((()=>()=>{k(s.h.toggleDetailPanel({id:f}))}),[k,f]);const O=Object(n.useCallback)((()=>{const e=Object(l.getScopedActions)(f);e&&k(e.toggleDetailPanel({id:f}))}),[k,f]),I=null!=y?y:d.d.query,T=Object(n.useCallback)((()=>{a?a():O()}),[O,a]);if(!j)return null;const C=j[I];if(null==C||!C.panelView)return null;let F=null,D="s",A=f;const _=`${f}-${I}`,N=f===d.c.active&&I===d.d.query;return"eventDetail"===(null==C?void 0:C.panelView)&&null!=C&&null!==(h=C.params)&&void 0!==h&&h.eventId&&(D="m",A=C.params.eventId,F=i.a.createElement(M,{browserFields:e,entityType:t,expandedEvent:null==C?void 0:C.params,handleOnEventClosed:T,isDraggable:N,isFlyoutView:m,runtimeMappings:g,tabType:I,scopeId:f,isReadOnly:b})),"hostDetail"===(null==C?void 0:C.panelView)&&null!=C&&null!==(E=C.params)&&void 0!==E&&E.hostName&&(A=C.params.hostName,F=i.a.createElement(J,{contextID:_,expandedHost:null==C?void 0:C.params,handleOnHostClosed:T,isDraggable:N,isFlyoutView:m,scopeId:f})),"userDetail"===(null==C?void 0:C.panelView)&&null!=C&&null!==(v=C.params)&&void 0!==v&&v.userName&&(A=C.params.userName,S&&(D="m"),F=i.a.createElement(Yt,{contextID:_,userName:C.params.userName,handleOnClose:T,isDraggable:N,isFlyoutView:m,isNewUserDetailsFlyoutEnable:S,scopeId:f})),"networkDetail"===(null==C?void 0:C.panelView)&&null!=C&&null!==(x=C.params)&&void 0!==x&&x.ip&&(A=C.params.ip,F=i.a.createElement(Ee,{contextID:_,expandedNetwork:null==C?void 0:C.params,handleOnNetworkClosed:T,isDraggable:N,isFlyoutView:m})),m?i.a.createElement(o.EuiFlyout,{"data-test-subj":"timeline:details-panel:flyout",size:D,onClose:T,ownFocus:!1,key:A},F):F}));Jt.displayName="DetailsPanel"},,function(e,t,a){"use strict";a.d(t,"a",(function(){return d})),a.d(t,"b",(function(){return X})),a.d(t,"d",(function(){return te})),a.d(t,"f",(function(){return _})),a.d(t,"e",(function(){return ne})),a.d(t,"g",(function(){return G})),a.d(t,"h",(function(){return oe})),a.d(t,"j",(function(){return Q})),a.d(t,"c",(function(){return se})),a.d(t,"i",(function(){return de}));var n=a(2),i=a.n(n),r=a(40),o=a(5),s=a(58),l=a(4),c=a(566),u=a(198);const d=Object(n.memo)((({handleRefresh:e,http:t,handleCloseFlyout:a,addSuccess:d,addError:p})=>{const{navigateToApp:m}=Object(s.useKibana)().services.application,{start:g,...y}=Object(c.a)(),f=Object(n.useRef)(new AbortController);let b;!function(e){e.name="name",e.description="description"}(b||(b={}));const[h,E]=Object(n.useState)({name:"",description:""}),v=({target:e},t)=>{const{value:a}=e;E({...h,[t]:a})};Object(n.useEffect)((()=>{null!=y.result&&m(l.l,{deepLinkId:l.wc.exceptions,path:`/details/${y.result.list_id}`})}),[y,m]);const x=Object(n.useCallback)((()=>{var e;y.loading||""===h.name||(f.current=new AbortController,g({http:t,signal:f.current.signal,name:h.name,description:null!==(e=h.description)&&void 0!==e?e:""}))}),[y.loading,h.name,h.description,g,t]),k=Object(n.useCallback)((t=>{d({text:Object(u.ob)(h.name),title:u.ib}),e(),a()}),[d,a,e,h]),S=Object(n.useCallback)((e=>{var t;e.message.includes("AbortError")||null!=e&&null!==(t=e.body)&&void 0!==t&&t.message.includes("AbortError")||p(e,{title:o.i18n.translate("xpack.securitySolution.exceptions.createSharedExceptionListErrorTitle",{defaultMessage:"creation error"})})}),[p]);return Object(n.useEffect)((()=>{y.loading||(null!=y&&y.result?k(y.result):null!=y&&y.error&&S(null==y?void 0:y.error))}),[null==y?void 0:y.error,y.loading,y.result,S,k]),i.a.createElement(r.EuiFlyout,{ownFocus:!0,size:"s",onClose:a,"data-test-subj":"createSharedExceptionListFlyout"},i.a.createElement(r.EuiFlyoutHeader,{hasBorder:!0},i.a.createElement(r.EuiTitle,{size:"m"},i.a.createElement("h2",{"data-test-subj":"createSharedExceptionListTitle"},u.h))),i.a.createElement(r.EuiFlyoutBody,null,i.a.createElement(r.EuiText,null,u.f),i.a.createElement(r.EuiFieldText,{placeholder:u.g,value:h.name,onChange:e=>v(e,b.name),"aria-label":"Shared exception list name","data-test-subj":"createSharedExceptionListNameInput"}),i.a.createElement(r.EuiSpacer,null),i.a.createElement(r.EuiText,null,u.d),i.a.createElement(r.EuiTextArea,{placeholder:u.e,value:h.description,onChange:e=>v(e,b.description),"aria-label":"Shared exception list description","data-test-subj":"createSharedExceptionListDescriptionInput"})),i.a.createElement(r.EuiFlyoutFooter,null,i.a.createElement(r.EuiFlexGroup,{justifyContent:"spaceBetween"},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButtonEmpty,{iconType:"cross",onClick:a,flush:"left"},u.a)),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButton,{"data-test-subj":"exception-lists-form-create-shared",onClick:x,disabled:""===h.name},u.c)))))}));d.displayName="CreateSharedListFlyout";var p=a(180),m=a(120),g=a(244),y=a(41),f=a.n(y),b=a(48),h=a(598),E=a(418);const v=f()(r.EuiFlexItem).withConfig({displayName:"StyledFlexItem",componentId:"sc-19zoulh-0"})(["border-right:1px solid #d3dae6;padding:"," "," "," 0;"],b.euiThemeVars.euiSizeXS,b.euiThemeVars.euiSizeS,b.euiThemeVars.euiSizeXS),x=f()(r.EuiText).withConfig({displayName:"TextContainer",componentId:"sc-19zoulh-1"})(["width:max-content;"]),k=Object(n.memo)((({title:e,badgeString:t})=>i.a.createElement(r.EuiFlexGroup,{alignItems:"center"},i.a.createElement(r.EuiFlexItem,null,i.a.createElement(x,{grow:!0,size:"xs"},`${e}:`)),i.a.createElement(v,null,i.a.createElement(r.EuiBadge,null,t)))));k.displayName="TitleBadge";var S=a(132),w=a(50),j=a.n(w);const O=o.i18n.translate("xpack.securitySolution.exceptions.commentEventLabel",{defaultMessage:"added a comment"}),I=(o.i18n.translate("xpack.securitySolution.exceptions.operatingSystemFullLabel",{defaultMessage:"Operating System"}),o.i18n.translate("xpack.securitySolution.exceptions.viewer.addToEndpointListLabel",{defaultMessage:"Add endpoint exception"}),o.i18n.translate("xpack.securitySolution.exceptions.viewer.addToDetectionsListLabel",{defaultMessage:"Add rule exception"}),o.i18n.translate("xpack.securitySolution.exceptions.viewer.addCommentPlaceholder",{defaultMessage:"Add a new comment..."}),o.i18n.translate("xpack.securitySolution.exceptions.viewer.addToClipboard",{defaultMessage:"Comment"}));o.i18n.translate("xpack.securitySolution.exceptions.clearExceptionsLabel",{defaultMessage:"Remove Exception List"}),o.i18n.translate("xpack.securitySolution.exceptions.fetchError",{defaultMessage:"Error fetching exception list"}),o.i18n.translate("xpack.securitySolution.exceptions.errorLabel",{defaultMessage:"Error"}),o.i18n.translate("xpack.securitySolution.exceptions.cancelLabel",{defaultMessage:"Cancel"}),o.i18n.translate("xpack.securitySolution.exceptions.modalErrorAccordionText",{defaultMessage:"Show rule reference information:"}),o.i18n.translate("xpack.securitySolution.exceptions.disassociateExceptionListError",{defaultMessage:"Failed to remove exception list"}),o.i18n.translate("xpack.securitySolution.exceptions.operatingSystemWindows",{defaultMessage:"Windows"}),o.i18n.translate("xpack.securitySolution.exceptions.operatingSystemMac",{defaultMessage:"macOS"}),o.i18n.translate("xpack.securitySolution.exceptions.operatingSystemWindowsAndMac",{defaultMessage:"Windows and macOS"}),o.i18n.translate("xpack.securitySolution.exceptions.operatingSystemLinux",{defaultMessage:"Linux"}),o.i18n.translate("xpack.securitySolution.exceptions.fetchingReferencesErrorToastTitle",{defaultMessage:"Error fetching exception references"});var T=a(880);const C=e=>e.map((e=>({username:e.created_by,timestamp:j()(e.created_at).format("on MMM Do YYYY @ HH:mm:ss"),event:O,timelineAvatar:i.a.createElement(r.EuiAvatar,{size:"l",name:e.created_by.toUpperCase()}),children:i.a.createElement(r.EuiText,{size:"s"},e.comment),actions:i.a.createElement(T.a,{"data-test-subj":"copy-to-clipboard",text:e.comment,titleSummary:I})})));var M=a(866),F=a(123),D=a(201);const A=({referenceName:e,referenceId:t,external:a,dataTestSubj:n})=>i.a.createElement(F.k,{"data-test-subj":`linkToRuleSecuritySolutionLink${null!=n?n:""}`,deepLinkId:l.wc.rules,path:Object(D.c)(t,M.b.alerts),target:a?"_blank":void 0},e);A.displayName="LinkToRuleDetailsComponent";const _=i.a.memo(A);_.displayName="LinkToRuleDetails";var N=a(44),R=a(317);const q=f.a.span.withConfig({displayName:"StyledText",componentId:"sc-1q48q07-0"})(["font-weight:bold;color:",";"],(({theme:e})=>e.eui.euiColorDarkestShade)),P=f()(r.EuiFlexGroup).withConfig({displayName:"MyUtilities",componentId:"sc-1q48q07-1"})(["height:50px;"]),L=f.a.span.withConfig({displayName:"StyledCondition",componentId:"sc-1q48q07-2"})(["display:inline-block !important;vertical-align:middle !important;line-height:1;"]),B=({dataTestSubj:e,pagination:t,lastUpdated:a,exceptionsTitle:n})=>{const{pageSize:o,totalItemCount:s}=t;return i.a.createElement(P,{alignItems:"center",justifyContent:"spaceBetween"},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(R.a,null,i.a.createElement(R.d,null,i.a.createElement(R.c,null,i.a.createElement(R.e,{dataTestSubj:`${e}ShowingText`},i.a.createElement(N.FormattedMessage,{id:"xpack.securitySolution.exceptions.viewer.paginationDetails",defaultMessage:"Showing {partOne} of {partTwo}",values:{partOne:i.a.createElement(q,null,`1-${Math.min(o,s)}`),partTwo:i.a.createElement(q,null,`${s}`)}})),n&&i.a.createElement(q,{"data-test-subj":`${e}exceptionsTitle`},n))))),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiText,{size:"s","data-test-subj":`${e}LastUpdated`},i.a.createElement(N.FormattedMessage,{id:"xpack.securitySolution.exceptions.viewer.lastUpdated",defaultMessage:"Updated {updated}",values:{updated:i.a.createElement(L,null,i.a.createElement(S.b,{value:a,tooltipAnchorClassName:"eui-textTruncate"}))}}))))};B.displayName="ExceptionsUtilityComponent";const z=i.a.memo(B);z.displayName="ExceptionsUtility";var $=a(567);const V=({isReadOnly:e,exceptions:t,listType:a,lastUpdated:r,pagination:o,emptyViewerTitle:s,emptyViewerBody:l,emptyViewerButtonText:c,viewerStatus:u,ruleReferences:d,hideUtility:p=!1,onDeleteException:y,onEditExceptionItem:f,onPaginationChange:b,onCreateExceptionListItem:h})=>{const E=Object(n.useMemo)((()=>a===m.b.ENDPOINT?$.c:$.d),[a]),v=Object(n.useMemo)((()=>a===m.b.ENDPOINT?$.a:$.b),[a]);return i.a.createElement(i.a.Fragment,null,i.a.createElement(g.c,{viewerStatus:u,listType:a,ruleReferences:d,isReadOnly:e,exceptions:t,emptyViewerTitle:s,emptyViewerBody:l,emptyViewerButtonText:c,pagination:o,lastUpdated:r,editActionLabel:E,deleteActionLabel:v,onPaginationChange:b,onEditExceptionItem:f,onDeleteException:y,getFormattedComments:C,securityLinkAnchorComponent:_,formattedDateComponent:S.a,onCreateExceptionListItem:h,exceptionsUtilityComponent:()=>p?null:i.a.createElement(z,{exceptionsTitle:$.e,pagination:o,lastUpdated:r})}))};V.displayName="ListExceptionItemsComponent";const G=i.a.memo(V);G.displayName="ListExceptionItems";var U=a(757),H=a(592),W=a(874);const Q=Object(n.memo)((({linkedRules:e,showButtonLoader:t,saveIsDisabled:a=!0,onSave:n,onCancel:o,onRuleSelectionChange:s})=>{const l=Object(r.useGeneratedHtmlId)({prefix:"complicatedFlyoutTitle"});return i.a.createElement(r.EuiFlyout,{hideCloseButton:!0,ownFocus:!0,onClose:o,"aria-labelledby":l},i.a.createElement(r.EuiFlyoutHeader,{hasBorder:!0},i.a.createElement(r.EuiTitle,{size:"m"},i.a.createElement("h2",{id:l},u.V)),i.a.createElement(r.EuiSpacer,{size:"s"}),i.a.createElement(r.EuiText,{size:"s",color:"subdued"},u.Y)),i.a.createElement(r.EuiFlyoutBody,null,i.a.createElement(W.a,{initiallySelectedRules:e,onRuleSelectionChange:s})),i.a.createElement(r.EuiFlyoutFooter,null,i.a.createElement(r.EuiFlexGroup,{justifyContent:"spaceBetween"},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButtonEmpty,{onClick:o,flush:"left"},u.X)),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButton,{"data-test-subj":"manageListRulesSaveButton",isLoading:t,disabled:a,onClick:n,fill:!0},u.Z)))))}));Q.displayName="ManageRules";var Y=a(743);const K=p.css`
  z-index: 100;
  .euiAccordion__buttonContent {
    cursor: pointer;
    width: 100%;
  }
`,Z=f()(r.EuiPanel).withConfig({displayName:"ExceptionPanel",componentId:"sc-11ogn3z-0"})(["margin:-"," "," 0 ",";"],b.euiThemeVars.euiSizeS,b.euiThemeVars.euiSizeM,b.euiThemeVars.euiSizeM),J=f()(r.EuiFlexGroup).withConfig({displayName:"ListHeaderContainer",componentId:"sc-11ogn3z-1"})(["padding:",";text-align:initial;"],b.euiThemeVars.euiSizeS),X=Object(n.memo)((({exceptionsList:e,handleDelete:t,handleExport:a,handleDuplicate:n,readOnly:o})=>{const{linkedRules:s,showManageRulesFlyout:l,showManageButtonLoader:c,disableManageButton:d,onManageRules:p,onSaveManageRules:y,onCancelManageRules:f,onRuleSelectionChange:b}=Object(U.a)(e.list_id),{listId:v,listName:x,listType:S,createdAt:w,createdBy:j,exceptions:O,pagination:I,ruleReferences:T,toggleAccordion:C,openAccordionId:M,menuActionItems:F,listDescription:D,exceptionItemsCount:A,onEditExceptionItem:_,onDeleteException:N,onPaginationChange:R,setToggleAccordion:q,exceptionViewerStatus:P,showAddExceptionFlyout:L,showEditExceptionFlyout:B,exceptionToEdit:z,onAddExceptionClick:$,handleConfirmExceptionFlyout:V,handleCancelExceptionItemFlyout:W,goToExceptionDetail:X,emptyViewerTitle:ee,emptyViewerBody:te,emptyViewerButtonText:ae,handleCancelExpiredExceptionsModal:ne,handleConfirmExpiredExceptionsModal:ie,showIncludeExpiredExceptionsModal:re}=Object(H.a)({exceptionsList:e,handleExport:a,handleDelete:t,handleDuplicate:n,handleManageRules:p});return i.a.createElement(r.EuiFlexGroup,{gutterSize:"none"},i.a.createElement(r.EuiFlexItem,null,i.a.createElement(r.EuiPanel,{hasShadow:!1},i.a.createElement(r.EuiAccordion,{buttonProps:{className:K},id:M,arrowDisplay:"none",onToggle:()=>q(!C),buttonContent:i.a.createElement(r.EuiPanel,null,i.a.createElement(J,{gutterSize:"m",alignItems:"flexStart"},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButtonIcon,{iconType:C?"arrowDown":"arrowRight","aria-label":"Next"})),i.a.createElement(r.EuiFlexItem,null,i.a.createElement(r.EuiFlexGroup,{direction:"column",key:v,alignItems:"flexStart",gutterSize:"none"},i.a.createElement(r.EuiFlexItem,{grow:!0},i.a.createElement(r.EuiText,{size:"m"},i.a.createElement(r.EuiLink,{"data-test-subj":"exception-list-name",onClick:X},x))),i.a.createElement(r.EuiFlexItem,{grow:!0},i.a.createElement(r.EuiText,{size:"xs"},i.a.createElement(r.EuiTextColor,{color:"subdued"},D))))),i.a.createElement(r.EuiFlexItem,null,i.a.createElement(r.EuiFlexGroup,{alignItems:"center"},i.a.createElement(r.EuiFlexItem,null,i.a.createElement(k,{title:u.i,badgeString:w})),i.a.createElement(r.EuiFlexItem,null,i.a.createElement(k,{title:u.b,badgeString:j})),i.a.createElement(r.EuiFlexItem,null,i.a.createElement(k,{title:u.l,badgeString:A})),i.a.createElement(r.EuiFlexItem,{"data-test-subj":"exceptionListCardLinkedRulesBadge"},i.a.createElement(k,{title:u.fb,badgeString:s.length.toString()})),i.a.createElement(r.EuiFlexItem,null,i.a.createElement(g.e,{disableActions:o,dataTestSubj:"sharedListOverflowCard",actions:F})))))),"data-test-subj":`exceptionsManagementListCard-${v}`},i.a.createElement(Z,{hasBorder:!0},i.a.createElement(G,{isReadOnly:o,exceptions:O,listType:e.type,pagination:I,hideUtility:!0,viewerStatus:P,ruleReferences:T,onDeleteException:N,onEditExceptionItem:_,onPaginationChange:R,onCreateExceptionListItem:$,lastUpdated:null,emptyViewerTitle:ee,emptyViewerBody:te,emptyViewerButtonText:ae}))))),L?i.a.createElement(E.a,{rules:null,isBulkAction:!1,isEndpointItem:S===m.b.ENDPOINT,sharedListToAddTo:[e],onCancel:W,onConfirm:V,"data-test-subj":"addExceptionItemFlyoutInSharedLists",showAlertCloseOptions:!1}):null,B&&z?i.a.createElement(h.a,{list:e,itemToEdit:z,showAlertCloseOptions:!0,openedFromListDetailPage:!0,onCancel:W,onConfirm:V,"data-test-subj":"editExceptionItemFlyoutInSharedLists"}):null,l?i.a.createElement(Q,{linkedRules:s,showButtonLoader:c,saveIsDisabled:d,onSave:y,onCancel:f,onRuleSelectionChange:b}):null,re?i.a.createElement(Y.b,{handleCloseModal:ne,onModalConfirm:ie,action:re}):null)}));X.displayName="ExceptionsListCard";var ee=a(594);const te=i.a.memo((({handleRefresh:e,http:t,addSuccess:a,addError:o,setDisplayImportListFlyout:s})=>{var l;const c=Object(n.useRef)(null),d=Object(r.useGeneratedHtmlId)({prefix:"filePicker"}),[p,m]=Object(n.useState)(null),[g,y]=Object(n.useState)(!1),[f,b]=Object(n.useState)(!1),[h,E]=Object(n.useState)(!1),v=Object(n.useCallback)((()=>{var e;null!==(e=c.current)&&void 0!==e&&e.fileInput&&(c.current.fileInput.value="",c.current.handleChange()),m(null),E(!1),b(!1),y(!1)}),[]),{start:x,...k}=Object(ee.a)(),S=Object(n.useRef)(new AbortController),w=Object(n.useCallback)((()=>{!k.loading&&p&&(S.current=new AbortController,Array.from(p).forEach((e=>x({file:e,http:t,signal:S.current.signal,overwrite:g,overwriteExceptions:g,asNewList:f}))))}),[f,p,t,x,k.loading,g]),j=Object(n.useCallback)((t=>{v(),a({title:u.lb}),e()}),[v,a,e]),O=Object(n.useCallback)((e=>{e.forEach((e=>{e.error.message.includes("AbortError")||o(e.error.message,{title:u.kb})}))}),[o]);Object(n.useEffect)((()=>{var e;if(!k.loading)if(null!=k&&null!==(e=k.result)&&void 0!==e&&e.success)j(null==k?void 0:k.result);else{var t,a;const e=[];var n,i;null!=k&&null!==(t=k.error)&&void 0!==t&&t.body&&e.push({error:{...null==k||null===(n=k.error)||void 0===n?void 0:n.body}}),null!=k&&null!==(a=k.result)&&void 0!==a&&a.errors&&(null==k||null===(i=k.result)||void 0===i||i.errors.forEach((t=>{t.error.message.includes("already exists")&&E(!0),e.push(t)}))),O(e)}}),[O,j,null==k?void 0:k.error,k.loading,null==k?void 0:k.result,null==k||null===(l=k.result)||void 0===l?void 0:l.errors]);const I=Object(n.useCallback)((e=>{m(null!=e?e:null)}),[]);return i.a.createElement(r.EuiFlyout,{ownFocus:!0,size:"s",onClose:()=>s(!1)},i.a.createElement(r.EuiFlyoutHeader,{hasBorder:!0},i.a.createElement(r.EuiTitle,{size:"m"},i.a.createElement("h2",null,u.R))),i.a.createElement(r.EuiFlyoutBody,null,i.a.createElement(r.EuiText,null,u.Q),i.a.createElement(r.EuiFilePicker,{id:d,multiple:!0,ref:c,initialPromptText:u.U,onChange:I,display:"large","aria-label":"Use aria labels when no actual label is in use"}),h&&i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiSpacer,null),i.a.createElement(r.EuiTextColor,{color:"danger"},u.T),i.a.createElement(r.EuiSpacer,null),i.a.createElement(r.EuiCheckbox,{id:"basicCheckboxId",label:u.S,checked:g,"data-test-subj":"importExceptionListOverwriteExistingCheckbox",onChange:e=>{y(!g),b(!1)}}),i.a.createElement(r.EuiCheckbox,{id:"createNewListCheckbox",label:u.P,"data-test-subj":"importExceptionListCreateNewCheckbox",checked:f,onChange:e=>{b(!f),y(!1)}}))),i.a.createElement(r.EuiFlyoutFooter,null,i.a.createElement(r.EuiFlexGroup,{justifyContent:"spaceBetween"},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButtonEmpty,{"data-test-subj":"exceptionListsImportFormCloseBTN",iconType:"cross",onClick:()=>s(!1),flush:"left"},u.a)),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButton,{"data-test-subj":"exception-lists-form-import-action",onClick:w,disabled:null==p||k.loading},u.jb)))))})),ae=({linkTitle:e,listId:t,external:a,dataTestSubj:n})=>i.a.createElement(F.k,{"data-test-subj":`linkToRuleSecuritySolutionLink${null!=n?n:""}`,deepLinkId:l.wc.exceptions,path:`/details/${t}`,target:a?"_blank":void 0},e);ae.displayName="LinkToListDetailsComponent";const ne=i.a.memo(ae);ne.displayName="LinkToListDetails";var ie=a(595);const re=({list:e,isReadOnly:t,refreshExceptions:a})=>{const{listName:n,exceptions:o,listType:s,lastUpdated:l,pagination:c,emptyViewerTitle:d,emptyViewerBody:p,emptyViewerButtonText:y,viewerStatus:f,ruleReferences:b,showAddExceptionFlyout:v,showEditExceptionFlyout:x,exceptionToEdit:k,exceptionViewerStatus:S,onSearch:w,onAddExceptionClick:j,onDeleteException:O,onEditExceptionItem:I,onPaginationChange:T,handleCancelExceptionItemFlyout:C,handleConfirmExceptionFlyout:M}=Object(ie.a)(e,a);return i.a.createElement(i.a.Fragment,null,v?i.a.createElement(E.a,{rules:null,isBulkAction:!1,isEndpointItem:s===m.b.ENDPOINT,sharedListToAddTo:[e],onCancel:C,onConfirm:M,"data-test-subj":"addExceptionItemFlyoutInList",showAlertCloseOptions:!1}):f===g.i.EMPTY||f===g.i.LOADING?i.a.createElement(g.a,{isReadOnly:t,viewerStatus:f,onEmptyButtonStateClick:j,title:u.B,body:u.y(n),buttonText:u.z}):i.a.createElement(r.EuiPanel,{hasBorder:!1,hasShadow:!1},i.a.createElement(i.a.Fragment,null,x&&k&&i.a.createElement(h.a,{list:e,itemToEdit:k,showAlertCloseOptions:!0,openedFromListDetailPage:!0,onCancel:C,onConfirm:M,"data-test-subj":"editExceptionItemFlyoutInList"}),i.a.createElement(g.g,{addExceptionButtonText:s===m.b.ENDPOINT?u.x:u.w,listType:s,onSearch:w,onAddExceptionClick:j,isSearching:f===g.i.SEARCHING,isButtonFilled:!1,buttonIconType:"plusInCircle"}),i.a.createElement(G,{viewerStatus:S,listType:s,ruleReferences:b,isReadOnly:t,exceptions:o,emptyViewerTitle:d,emptyViewerBody:p,emptyViewerButtonText:y,pagination:c,lastUpdated:l,onPaginationChange:T,onEditExceptionItem:I,onDeleteException:O,onCreateExceptionListItem:j}))))};re.displayName="ListWithSearchComponent";const oe=i.a.memo(re);oe.displayName="ListWithSearch";const se=({onRefresh:e,totalExceptionLists:t,setSort:a,sort:n,sortFields:o})=>{var s;const l=null==o?void 0:o.find((e=>e.field===(null==n?void 0:n.field)));return i.a.createElement(R.a,{border:!0},i.a.createElement(R.d,null,i.a.createElement(R.c,null,i.a.createElement(R.e,{dataTestSubj:"showingExceptionLists"},u.gb(t))),i.a.createElement(R.c,null,i.a.createElement(R.b,{dataTestSubj:"refreshRulesAction",iconSide:"left",iconType:"refresh",onClick:e},u.eb))),i.a.createElement(R.d,null,i.a.createElement(i.a.Fragment,null,i.a.createElement(R.c,null,n&&i.a.createElement(R.b,{dataTestSubj:"sortExceptions",iconSide:"right",iconType:"asc"===n.order?"sortUp":"sortDown",popoverPanelPaddingSize:"s",popoverContent:()=>i.a.createElement(r.EuiContextMenuPanel,{size:"s",items:null==o?void 0:o.map((e=>{const t=(null==l?void 0:l.field)===e.field;let o=e.defaultOrder;return t&&(o="asc"===n.order?"desc":"asc"),i.a.createElement(r.EuiContextMenuItem,{key:e.field,onClick:()=>null==a?void 0:a({field:e.field,order:o})},i.a.createElement(le,null,e.label," ",(null==l?void 0:l.field)===e.field&&i.a.createElement(ce,{type:"asc"===n.order?"sortUp":"sortDown"})))}))})},i.a.createElement(le,null,u.hb," ",null==o||null===(s=o.find((e=>e.field===n.field)))||void 0===s?void 0:s.label))))))},le=f()("div").withConfig({displayName:"SortMenuItem",componentId:"sc-1h5b7pp-0"})(["display:flex;align-items:center;"]),ce=f()(r.EuiIcon).withConfig({displayName:"SortIcon",componentId:"sc-1h5b7pp-1"})(["margin-left:8px;"]);se.displayName="ExceptionsTableUtilityBar";const ue={strict:!0,fields:{created_by:{type:"string"},name:{type:"string"},type:{type:"string"},list_id:{type:"string"},tags:{type:"string"}}},de=i.a.memo((({onSearch:e})=>i.a.createElement(r.EuiSearchBar,{"data-test-subj":"exceptionsHeaderSearch","aria-label":u.m,onChange:e,box:{"data-test-subj":"exceptionsHeaderSearchInput",placeholder:u.D,incremental:!1,schema:ue}})));de.displayName="ListsSearchBar"},,function(e,t,a){"use strict";a.d(t,"c",(function(){return E})),a.d(t,"a",(function(){return p})),a.d(t,"b",(function(){return x}));var n=a(2),i=a.n(n),r=a(40),o=a(145),s=a(42);const l=a(5).i18n.translate("xpack.securitySolution.callouts.dismissButton",{defaultMessage:"Dismiss"}),c=({message:e,text:t,onClick:a=s.noop})=>{const{type:o}=e,c=o,u=null!=t?t:l,d=Object(n.useCallback)((()=>a(e)),[a,e]);return i.a.createElement(r.EuiButton,{color:c,"data-test-subj":"callout-dismiss-btn",onClick:d},u)},u=({message:e,iconType:t,dismissButtonText:a,onDismiss:n,showDismissButton:o=!0})=>{const{type:s,id:l,title:u,description:p}=e,m=null!=t?t:d(s);return i.a.createElement(r.EuiCallOut,{color:s,title:u,iconType:m,"data-test-subj":`callout-${l}`,"data-test-messages":`[${l}]`},p,o&&i.a.createElement(c,{message:e,text:a,onClick:n}))},d=e=>{switch(e){case"primary":return"iInCircle";case"success":return"cheer";case"warning":return"help";case"danger":return"warning";default:return Object(o.a)(e)}},p=Object(n.memo)(u);var m=a(788),g=a.n(m),y=a(1111);const f=(e,t)=>b(e,s.identity,(()=>t)),b=(e,t,a)=>{const n=e.map((e=>[t(e),a(e)]));return Object(s.fromPairs)(n)},h=({namespace:e,condition:t,message:a})=>{const{isVisible:o,dismiss:l}=((e,t="common")=>{const{getMessages:a,addMessage:i}=Object(y.a)(),[r,o]=g()({}),l=(e=>`kibana.securitySolution.${e}.callouts.dismissed`)(t),c=Object(n.useCallback)((()=>Object.entries(r).filter((([e,t])=>t)).map((([e,t])=>e))),[r]),u=Object(n.useCallback)((e=>{var t;return null!==(t=r[e.id])&&void 0!==t&&t}),[r]),d=Object(n.useCallback)((e=>{const{id:t,type:a}=e;o.set(t,!1),"primary"!==a&&"success"!==a||i(l,t)}),[o,i,l]),p=Object(n.useCallback)((e=>{const t=a(l),n=Object(s.difference)(e,t),i=Object(s.intersection)(e,t);o.setAll({...f(n,!0),...f(i,!1)})}),[a,l,o]);return Object(n.useEffect)((()=>{const t=e.map((e=>e.id)),a=Object.keys(r);Object(s.isEqual)(t,a)||p(t)}),[e,r,p]),{getVisibleMessageIds:c,isVisible:u,dismiss:d}})([a],e);return t&&o(a)?i.a.createElement(i.a.Fragment,null,i.a.createElement(p,{message:a,onDismiss:l}),i.a.createElement(r.EuiSpacer,{size:"l"})):null},E=Object(n.memo)(h),v=({condition:e,message:t})=>e?i.a.createElement(p,{message:t,showDismissButton:!1}):null,x=Object(n.memo)(v)},function(e,t,a){"use strict";a.d(t,"a",(function(){return f}));var n=a(2),i=a(102),r=a(109),o=a(214),s=a(5);const l=s.i18n.translate("xpack.securitySolution.containers.detectionEngine.alerts.fetchListsIndex.errorDescription",{defaultMessage:"Failed to retrieve the lists index"}),c=s.i18n.translate("xpack.securitySolution.containers.detectionEngine.alerts.createListsIndex.errorDescription",{defaultMessage:"Failed to create the lists index"});var u=a(108),d=a(126);const p=e=>{const[t]=Object.keys(e),a=e[t];return null!=a&&a.manage},m=e=>{const[t]=Object.keys(e),a=e[t];return null!=a&&a.read},g=e=>{const[t]=Object.keys(e),a=e[t];return null!=a&&(a.create||a.create_doc||a.index||a.write)},y=()=>{const[e,t]=Object(n.useState)({isAuthenticated:null,canManageIndex:null,canReadIndex:null,canWriteIndex:null}),{listPrivileges:a}=Object(d.a)();return Object(n.useEffect)((()=>{if(null!=a.result){const{is_authenticated:e,lists:{index:n},listItems:{index:i}}=a.result;t({isAuthenticated:e,canReadIndex:m(n)&&m(i),canManageIndex:p(n)&&p(i),canWriteIndex:g(n)&&g(i)})}}),[a.result]),Object(n.useEffect)((()=>{null!=a.error&&t({isAuthenticated:!1,canManageIndex:!1,canReadIndex:!1,canWriteIndex:!1})}),[a.error]),{loading:a.loading,...e}},f=()=>{const{createIndex:e,indexExists:t,loading:a,error:s}=(()=>{const[e,t]=Object(n.useState)(null),[a,s]=Object(n.useState)(null),{lists:d}=Object(i.j)().services,p=Object(i.i)(),{addError:m}=Object(u.a)(),{canReadIndex:g,canManageIndex:f,canWriteIndex:b}=y(),{loading:h,start:E,...v}=Object(o.k)(),{loading:x,start:k,...S}=Object(o.d)(),w=h||x,j=Object(n.useCallback)((()=>{d&&g&&f&&E({http:p})}),[p,d,E,g,f]),O=Object(n.useCallback)((()=>{d&&f&&b&&k({http:p})}),[k,p,d,f,b]);return Object(n.useEffect)((()=>{h||a||null!==e||j()}),[a,e,j,h]),Object(n.useEffect)((()=>{null!=v.result&&t(v.result.list_index&&v.result.list_item_index)}),[v.result]),Object(n.useEffect)((()=>{null!=S.result&&j()}),[S.result,j]),Object(n.useEffect)((()=>{const e=v.error;null!=e&&(Object(r.v)(e)&&404===e.body.status_code?t(!1):(s(e),m(e,{title:l})))}),[m,v.error]),Object(n.useEffect)((()=>{const e=S.error;null!=e&&(s(e),m(e,{title:c}))}),[m,S.error]),{createIndex:O,error:a,indexExists:e,loading:w}})(),{canManageIndex:d,canWriteIndex:p,loading:m}=y(),{lists:g}=Object(i.j)().services,f=null!=g,b=a||m,h=!1===t,E=!f||h&&(!1===d||!0===d&&null!=s);return Object(n.useEffect)((()=>{h&&d&&e()}),[d,e,h]),{canManageIndex:d,canWriteIndex:p,enabled:f,loading:b,needsConfiguration:E}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return T}));var n=a(2),i=a.n(n),r=a(1376),o=a.n(r),s=a(694),l=a(40),c=a(5),u=a(44),d=a(4);const p=({values:e})=>i.a.createElement(i.a.Fragment,null,e.map(((t,a)=>i.a.createElement(i.a.Fragment,{key:a},i.a.createElement(l.EuiCode,null,t),a<e.length-1?", ":""))));var m=a(664);const g=c.i18n.translate("xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.messageTitle",{defaultMessage:"Insufficient privileges"}),y=c.i18n.translate("xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditRules",{defaultMessage:"Without that privilege you cannot create or edit detection engine rules."}),f=c.i18n.translate("xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditLists",{defaultMessage:"Without these privileges, you cannot create or edit value lists."}),b=c.i18n.translate("xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditAlerts",{defaultMessage:"Without these privileges, you cannot view or change status of alerts."}),h=({indexPrivileges:e,featurePrivileges:t=[]})=>i.a.createElement(u.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.messageBody.messageDetail",defaultMessage:"{essence} {indexPrivileges} {featurePrivileges} Related documentation: {docs}",values:{essence:i.a.createElement("p",null,i.a.createElement(u.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.messageBody.essenceDescription",defaultMessage:"You need the following privileges to fully access this functionality. Contact your administrator for further assistance."})),indexPrivileges:e.length>0?i.a.createElement(i.a.Fragment,null,i.a.createElement(u.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.messageBody.indexPrivilegesTitle",defaultMessage:"Missing Elasticsearch index privileges:"}),i.a.createElement("ul",null,e.map((([e,t])=>i.a.createElement("li",{key:e},x(e,t)))))):null,featurePrivileges:t.length>0?i.a.createElement(i.a.Fragment,null,i.a.createElement(u.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.messageBody.featurePrivilegesTitle",defaultMessage:"Missing Kibana feature privileges:"}),i.a.createElement("ul",null,t.map((([e,t])=>i.a.createElement("li",{key:e},k(e,t)))))):null,docs:i.a.createElement("ul",null,i.a.createElement("li",null,i.a.createElement(m.b,null)),i.a.createElement("li",null,i.a.createElement(m.d,null)))}}),E={[d.qc]:{all:y},[d.S]:{write:b},[d.M]:{write:f},[d.L]:{write:f}},v=(e,t)=>{var a;const n=null===(a=Object.entries(E).find((([e])=>t.startsWith(e))))||void 0===a?void 0:a[1];return e.map((e=>null==n?void 0:n[e])).filter(Boolean).join(" ")},x=(e,t)=>i.a.createElement(u.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.messageBody.missingIndexPrivileges",defaultMessage:"Missing {privileges} privileges for the {index} index. {explanation}",values:{privileges:i.a.createElement(p,{values:t}),index:i.a.createElement(l.EuiCode,null,e),explanation:v(t,e)}}),k=(e,t)=>i.a.createElement(u.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.messageBody.missingFeaturePrivileges",defaultMessage:"Missing {privileges} privileges for the {index} feature. {explanation}",values:{privileges:i.a.createElement(p,{values:t}),index:i.a.createElement(l.EuiCode,null,e),explanation:v(t,e)}});var S=a(181),w=a(126);const j=["read","write","view_index_metadata","maintenance"],O=e=>{const t=(e=>{const[t]=Object.keys(e);return t})(e),a=e[t],n=j.filter((e=>!a[e]));if(n.length)return[t,n]},I=()=>{const e=(()=>{const{detectionEnginePrivileges:e,listPrivileges:t}=Object(w.a)(),[{canUserCRUD:a}]=Object(S.b)();return Object(n.useMemo)((()=>{const n=[],i=[];if(null==a||null==t.result||null==e.result)return{featurePrivileges:n,indexPrivileges:i};!1===a&&n.push([d.qc,["all"]]);const r=O(t.result.listItems.index);r&&i.push(r);const o=O(t.result.lists.index);o&&i.push(o);const s=O(e.result.index);return s&&i.push(s),{featurePrivileges:n,indexPrivileges:i}}),[a,t,e])})(),t=Object(n.useMemo)((()=>e.indexPrivileges.length>0||e.featurePrivileges.length>0?{type:"primary",id:`missing-user-privileges-${o()(e)}`,title:g,description:h(e)}:null),[e]);return t&&i.a.createElement(s.c,{namespace:"detections",condition:!0,message:t})},T=Object(n.memo)(I)},,,,,,,,,,,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return n}));const n={BULK_QUERY_STATUS_UPDATE:"Data table bulkQueryStatusUpdate",BULK_STATUS_UPDATE:"Data table bulkStatusUpdate",STATUS_UPDATE:"Data table statusUpdate"}},,,,,,,,,,function(e,t,a){"use strict";a.d(t,"T",(function(){return i})),a.d(t,"n",(function(){return r})),a.d(t,"L",(function(){return o})),a.d(t,"p",(function(){return s})),a.d(t,"a",(function(){return l})),a.d(t,"b",(function(){return c})),a.d(t,"ab",(function(){return u})),a.d(t,"M",(function(){return d})),a.d(t,"u",(function(){return p})),a.d(t,"s",(function(){return m})),a.d(t,"t",(function(){return g})),a.d(t,"r",(function(){return y})),a.d(t,"q",(function(){return f})),a.d(t,"cb",(function(){return b})),a.d(t,"Q",(function(){return h})),a.d(t,"bb",(function(){return E})),a.d(t,"O",(function(){return v})),a.d(t,"P",(function(){return x})),a.d(t,"eb",(function(){return k})),a.d(t,"v",(function(){return S})),a.d(t,"R",(function(){return w})),a.d(t,"X",(function(){return j})),a.d(t,"Z",(function(){return O})),a.d(t,"Y",(function(){return I})),a.d(t,"G",(function(){return T})),a.d(t,"H",(function(){return C})),a.d(t,"F",(function(){return M})),a.d(t,"J",(function(){return F})),a.d(t,"I",(function(){return D})),a.d(t,"E",(function(){return A})),a.d(t,"N",(function(){return _})),a.d(t,"c",(function(){return N})),a.d(t,"K",(function(){return R})),a.d(t,"S",(function(){return q})),a.d(t,"d",(function(){return P})),a.d(t,"m",(function(){return L})),a.d(t,"o",(function(){return B})),a.d(t,"g",(function(){return z})),a.d(t,"f",(function(){return $})),a.d(t,"l",(function(){return V})),a.d(t,"j",(function(){return G})),a.d(t,"k",(function(){return U})),a.d(t,"h",(function(){return H})),a.d(t,"i",(function(){return W})),a.d(t,"e",(function(){return Q})),a.d(t,"db",(function(){return Y})),a.d(t,"W",(function(){return K})),a.d(t,"U",(function(){return Z})),a.d(t,"V",(function(){return J})),a.d(t,"w",(function(){return X})),a.d(t,"C",(function(){return ee})),a.d(t,"A",(function(){return te})),a.d(t,"z",(function(){return ae})),a.d(t,"B",(function(){return ne})),a.d(t,"D",(function(){return ie})),a.d(t,"x",(function(){return re})),a.d(t,"y",(function(){return oe}));var n=a(5);n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.idTitle",{defaultMessage:"List ID"}),n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.listName",{defaultMessage:"Name"}),n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.actionsTitle",{defaultMessage:"Actions"});const i=e=>n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.showingExceptionLists",{values:{totalLists:e},defaultMessage:"Showing {totalLists} {totalLists, plural, =1 {list} other {lists}}"}),r=(n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.rulesAssignedTitle",{defaultMessage:"Rules assigned to"}),n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.dateCreatedTitle",{defaultMessage:"Date created"}),n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.dateUpdatedTitle",{defaultMessage:"Last edited"}),n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.errorFetching",{defaultMessage:"Error fetching exception lists"})),o=n.i18n.translate("xpack.securitySolution.detectionEngine.rules.allExceptionLists.filters.noExceptionsTitle",{defaultMessage:"No exception lists found"}),s=n.i18n.translate("xpack.securitySolution.detectionEngine.rules.allExceptionLists.search.placeholder",{defaultMessage:"Search exception lists"}),l=n.i18n.translate("xpack.securitySolution.detectionEngine.rules.allExceptions.tableTitle",{defaultMessage:"Shared Exception Lists"}),c=n.i18n.translate("xpack.securitySolution.detectionEngine.rules.allExceptions.tableSubtitle",{defaultMessage:"To view rule specific exceptions navigate to that rule's details page."}),u=e=>n.i18n.translate("xpack.securitySolution.exceptions.allExceptionsRowPerPage",{defaultMessage:"Rows per page: {rowSize}",values:{rowSize:e}}),d=n.i18n.translate("xpack.securitySolution.detectionEngine.rules.allExceptions.filters.noListsBody",{defaultMessage:"We weren't able to find any exception lists."}),p=e=>n.i18n.translate("xpack.securitySolution.exceptions.list.export_success",{values:{listName:e},defaultMessage:'Exception list "{listName}" exported successfully'}),m=n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.exportError",{defaultMessage:"Exception list export error"}),g=e=>n.i18n.translate("xpack.securitySolution.exceptions.list.duplicate_success",{values:{listName:e},defaultMessage:'Exception list "{listName}" duplicated successfully'}),y=n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.duplicateError",{defaultMessage:"Exception list duplication error"}),f=n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.deleteError",{defaultMessage:"Error occurred deleting exception list"}),b=e=>n.i18n.translate("xpack.securitySolution.exceptions.referenceModalSuccessDescription",{defaultMessage:"Exception list - {listId} - deleted successfully.",values:{listId:e}}),h=n.i18n.translate("xpack.securitySolution.exceptions.referenceModalTitle",{defaultMessage:"Remove exception list"}),E=e=>n.i18n.translate("xpack.securitySolution.exceptions.referenceModalDefaultDescription",{defaultMessage:"Are you sure you wish to DELETE exception list with the name {listName}?",values:{listName:e}}),v=n.i18n.translate("xpack.securitySolution.exceptions.referenceModalCancelButton",{defaultMessage:"Cancel"}),x=n.i18n.translate("xpack.securitySolution.exceptions.referenceModalDeleteButton",{defaultMessage:"Remove exception list"}),k=e=>n.i18n.translate("xpack.securitySolution.exceptions.referenceModalDescription",{defaultMessage:"This exception list is associated with ({referenceCount}) {referenceCount, plural, =1 {rule} other {rules}}. Removing this exception list will also remove its reference from the associated rules.",values:{referenceCount:e}}),S=n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.searchPlaceholder",{defaultMessage:"Search by name or list_id:id"}),w=n.i18n.translate("xpack.securitySolution.detectionEngine.rules.all.exceptions.refresh",{defaultMessage:"Refresh"}),j=n.i18n.translate("xpack.securitySolution.exceptions.exceptionListsImportButton",{defaultMessage:"Import list"}),O=n.i18n.translate("xpack.securitySolution.lists.exceptionListImportSuccessTitle",{defaultMessage:"Exception list imported"}),I=n.i18n.translate("xpack.securitySolution.lists.exceptionListUploadError",{defaultMessage:"There was an error uploading the exception list."}),T=n.i18n.translate("xpack.securitySolution.exceptions.manageExceptions.importExceptionList",{defaultMessage:"Import exception list"}),C=n.i18n.translate("xpack.securitySolution.exceptionsTable.importExceptionListFlyoutHeader",{defaultMessage:"Import shared exception list"}),M=n.i18n.translate("xpack.securitySolution.exceptionsTable.importExceptionListFlyoutBody",{defaultMessage:"Select shared exception lists to import"}),F=n.i18n.translate("xpack.securitySolution.exceptionsTable.importExceptionListWarning",{defaultMessage:"We found a pre-existing list with that id"}),D=n.i18n.translate("xpack.securitySolution.exceptionsTable.importExceptionListOverwrite",{defaultMessage:"Overwrite the existing list"}),A=n.i18n.translate("xpack.securitySolution.exceptionsTable.importExceptionListAsNewList",{defaultMessage:"Create new list"}),_=n.i18n.translate("xpack.securitySolution.exceptions.badge.readOnly.tooltip",{defaultMessage:"Unable to create, edit or delete exceptions"}),N=n.i18n.translate("xpack.securitySolution.exceptions.exceptionListsCloseImportFlyout",{defaultMessage:"Close"}),R=n.i18n.translate("xpack.securitySolution.exceptions.exceptionListsFilePickerPrompt",{defaultMessage:"Select or drag and drop multiple files"}),q=n.i18n.translate("xpack.securitySolution.exceptionsTable.rulesCountLabel",{defaultMessage:"Rules"}),P=n.i18n.translate("xpack.securitySolution.exceptionsTable.createdBy",{defaultMessage:"Created By"}),L=n.i18n.translate("xpack.securitySolution.exceptionsTable.createdAt",{defaultMessage:"Date created"}),B=n.i18n.translate("xpack.securitySolution.exceptionsTable.exceptionsCountLabel",{defaultMessage:"Exceptions"}),z=n.i18n.translate("xpack.securitySolution.exceptions.manageExceptions.createSharedListButton",{defaultMessage:"Create shared list"}),$=n.i18n.translate("xpack.securitySolution.exceptions.manageExceptions.createItemButton",{defaultMessage:"Create exception item"}),V=n.i18n.translate("xpack.securitySolution.exceptions.createSharedExceptionListTitle",{defaultMessage:"Create shared exception list"}),G=n.i18n.translate("xpack.securitySolution.exceptions.createSharedExceptionListFlyoutNameField",{defaultMessage:"Shared exception list name"}),U=n.i18n.translate("xpack.securitySolution.exceptions.createSharedExceptionListFlyoutNameFieldPlaceholder",{defaultMessage:"New exception list"}),H=n.i18n.translate("xpack.securitySolution.exceptions.createSharedExceptionListFlyoutDescription",{defaultMessage:"Description (optional)"}),W=n.i18n.translate("xpack.securitySolution.exceptions.createSharedExceptionListFlyoutDescriptionPlaceholder",{defaultMessage:"New exception list description"}),Q=n.i18n.translate("xpack.securitySolution.exceptions.createSharedExceptionListFlyoutCreateButton",{defaultMessage:"Create shared exception list"}),Y=e=>n.i18n.translate("xpack.securitySolution.exceptions.createSharedExceptionListSuccessDescription",{defaultMessage:"List with name {listName} was created!",values:{listName:e}}),K=n.i18n.translate("xpack.securitySolution.exceptions.createSharedExceptionListSuccessTitle",{defaultMessage:"Created list"}),Z=n.i18n.translate("xpack.securitySolution.exceptions.sortBy",{defaultMessage:"Sort by:"}),J=n.i18n.translate("xpack.securitySolution.exceptions.sortByCreateAt",{defaultMessage:"Created At"}),X=n.i18n.translate("xpack.securitySolution.exceptions.expiredExceptionModalCancelButton",{defaultMessage:"Cancel"}),ee=n.i18n.translate("xpack.securitySolution.exceptions.expiredExceptionModalExportTitle",{defaultMessage:"Export exception list?"}),te=n.i18n.translate("xpack.securitySolution.exceptions.expiredExceptionModalDuplicateTitle",{defaultMessage:"Duplicate exception list?"}),ae=n.i18n.translate("xpack.securitySolution.exceptions.expiredExceptionModalIncludeDuplicateDescription",{defaultMessage:"You’re duplicating an exception list. Switch the toggle off to exclude expired exceptions."}),ne=n.i18n.translate("xpack.securitySolution.exceptions.expiredExceptionModalIncludeExportDescription",{defaultMessage:"You’re exporting an exception list. Switch the toggle off to exclude expired exceptions."}),ie=n.i18n.translate("xpack.securitySolution.exceptions.expiredExceptionModalIncludeSwitchLabel",{defaultMessage:"Include expired exceptions"}),re=n.i18n.translate("xpack.securitySolution.exceptions.expiredExceptionModalConfirmDuplicateButton",{defaultMessage:"Duplicate"}),oe=n.i18n.translate("xpack.securitySolution.exceptions.expiredExceptionModalConfirmExportButton",{defaultMessage:"Export"})},function(e,t,a){"use strict";a.d(t,"b",(function(){return o})),a.d(t,"a",(function(){return s}));var n=a(42),i=a(176),r=a(190);const o=(e,t)=>e?e.map((e=>{const a=e.id.split("."),i=a.length>1?a[0]:(({browserFields:e,field:t})=>Object(n.has)(`base.fields.${t}`,e)?"base":t)({field:e.id,browserFields:t});return{...e,...Object(n.get)([i,"fields",e.id],t)}})):[],s=(e,t)=>{var a;return{columnHeaderType:r.a,id:e,initialWidth:i.a,...null!==(a=t.find((t=>t.id===e)))&&void 0!==a?a:{}}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(2),i=a(102),r=a(245);const o=(e=[])=>{const{getAppUrl:t}=Object(i.c)();return Object(n.useMemo)((()=>e.reduce(((e,a)=>{var n;const i=a.id,o=Object(r.j)(i);return e[i]={href:t({path:o}),children:null!==(n=a.name)&&void 0!==n?n:i,target:"_blank"},e}),{})),[t,e])}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(45),i=a(2),r=a(8),o=a(290);const s=()=>{const e=Object(n.useLocation)(),t=Object(n.useHistory)(),{toUrlParams:a,urlParams:s}=Object(o.a)();return Object(i.useCallback)(((n,i=!1)=>{t.push({...e,search:a(i?n:Object(r.pickBy)({...s,...n},(e=>void 0!==e)))})}),[s,t,e,a])}},,function(e,t,a){"use strict";a.d(t,"a",(function(){return x})),a.d(t,"b",(function(){return k}));var n=a(40),i=a(2),r=a.n(i),o=a(42),s=a(119),l=a(17),c=a(105),u=a(382),d=a(291),p=a(272),m=a(199),g=a(188),y=a(116),f=a(946),b=a(682),h=a(4),E=a(183),v=a(328);const x=e=>{var t,a,s,l,c,u;const{columnId:y,rowIndex:h,scopeId:E}=e,v=Object(i.useMemo)((()=>y===g.n&&Object(p.c)(E)&&0===h&&!e.isDetails),[y,e.isDetails,h,E]),x=null===(t=e.ecsData)||void 0===t||null===(a=t.kibana)||void 0===a||null===(s=a.alert.suppression)||void 0===s||null===(l=s.docs_count)||void 0===l?void 0:l[0],k=null===(c=Object(o.find)({field:"kibana.alert.suppression.docs_count"},e.data))||void 0===c||null===(u=c.value)||void 0===u?void 0:u[0],S=x?parseInt(x,10):k,w=r.a.createElement(d.a,{isTourAnchor:v,step:m.a.pointToAlertName,tourId:m.b.alertsCases},r.a.createElement(f.a,e));return y===g.n&&S&&S>0?r.a.createElement(n.EuiFlexGroup,{gutterSize:"xs"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiToolTip,{position:"top",content:Object(b.c)(S)},r.a.createElement(n.EuiIcon,{type:"layers"}))),r.a.createElement(n.EuiFlexItem,{grow:!1},w)):w},k=({scopeId:e,tableId:t})=>()=>{var a;const{browserFields:n}=Object(y.d)(e),d=Object(i.useMemo)((()=>Object(E.a)(n)),[n]),p=Object(i.useMemo)((()=>s.j.getTableByIdSelector()),[]),m=Object(l.b)(),g=(null!==(a=Object(c.b)((e=>{var a;return(null!==(a=p(e,t))&&void 0!==a?a:s.q).viewMode})))&&void 0!==a?a:s.q.viewMode)===h.Jc.gridView?Object(v.b)(m):v.a;return Object(i.useCallback)((({columnId:e,colIndex:a,data:i,ecsData:s,eventId:l,header:c,isDetails:p=!1,isDraggable:m=!1,isExpandable:y,isExpanded:f,rowIndex:b,rowRenderers:h,setCellProps:E,linkValues:v,truncate:k=!0})=>{var S;const w=null!=c?c:{id:e,...d[e]},j=i.map((e=>{let t=e;if(["_id","_index"].includes(e.field)){var a;const n=null!==(a=e.value)&&void 0!==a?a:"";t={field:e.field,value:Array.isArray(n)?n:[n]}}return t})),O=g.find((t=>t.id===e)),I=Object(o.getOr)([],null!==(S=null==O?void 0:O.linkField)&&void 0!==S?S:"",s);return r.a.createElement(x,{browserFields:n,columnId:e,data:j,ecsData:s,eventId:l,header:w,isDetails:p,isDraggable:m,isExpandable:y,isExpanded:f,linkValues:null!=v?v:I,rowIndex:b,colIndex:a,rowRenderers:null!=h?h:u.b,setCellProps:E,scopeId:t,truncate:k,asPlainText:!1})}),[d,n,g])}},function(e,t,a){"use strict";var n;a.d(t,"a",(function(){return i})),function(e){e.GROUP_TOGGLED="alerts_table_toggled_",e.GROUPED_ALERTS="alerts_table_group_by_"}(n||(n={}));const i={groupToggled:({isOpen:e,groupingId:t,groupNumber:a})=>`${n.GROUP_TOGGLED}${e?"on":"off"}_${t}_group-${a}`,groupChanged:({groupingId:e,selected:t})=>`${n.GROUPED_ALERTS}${e}_${t}`}},function(e,t,a){"use strict";a.d(t,"d",(function(){return i})),a.d(t,"e",(function(){return r})),a.d(t,"i",(function(){return o})),a.d(t,"j",(function(){return s})),a.d(t,"b",(function(){return l})),a.d(t,"c",(function(){return c})),a.d(t,"a",(function(){return u})),a.d(t,"h",(function(){return d})),a.d(t,"g",(function(){return p})),a.d(t,"f",(function(){return m}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.detectionEngine.relatedIntegrations.installedTitle",{defaultMessage:"Installed"}),r=n.i18n.translate("xpack.securitySolution.detectionEngine.relatedIntegrations.installedTooltip",{defaultMessage:"Integration is installed. Configure an integration policy and ensure Elastic Agents are assigned this policy to ingest compatible events."}),o=n.i18n.translate("xpack.securitySolution.detectionEngine.relatedIntegrations.uninstalledTitle",{defaultMessage:"Not installed"}),s=n.i18n.translate("xpack.securitySolution.detectionEngine.relatedIntegrations.uninstalledTooltip",{defaultMessage:"Integration is not installed. Follow the integration link to install and configure the integration."}),l=n.i18n.translate("xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTitle",{defaultMessage:"Installed: enabled"}),c=n.i18n.translate("xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTooltip",{defaultMessage:"Integration is installed and an integration policy with the required configuration exists. Ensure Elastic Agents are assigned this policy to ingest compatible events."}),u=n.i18n.translate("xpack.securitySolution.detectionEngine.relatedIntegrations.badgeTitle",{defaultMessage:"integrations"}),d=e=>n.i18n.translate("xpack.securitySolution.detectionEngine.relatedIntegrations.popoverTitle",{values:{integrationsCount:e},defaultMessage:"[{integrationsCount}] Related {integrationsCount, plural, =1 {integration} other {integrations}} available"}),p=e=>n.i18n.translate("xpack.securitySolution.detectionEngine.relatedIntegrations.popoverDescription",{values:{integrationsCount:e},defaultMessage:"Install and configure {integrationsCount, plural, =1 {the below integration} other {one or more of the below integrations}} to ingest the necessary data for this detection rule:"}),m=(e,t)=>n.i18n.translate("xpack.securitySolution.detectionEngine.relatedIntegrations.popoverDescriptionInstalledVersionTooltip",{values:{installedVersion:e,requiredVersion:t},defaultMessage:"Version mismatch -- please resolve! Installed version `{installedVersion}` when required version `{requiredVersion}`"})},function(e,t,a){"use strict";a.d(t,"d",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"a",(function(){return o})),a.d(t,"e",(function(){return s})),a.d(t,"c",(function(){return l}));var n=a(238);const i=({group:e,id:t,action_type_id:a,params:n,uuid:i,frequency:r,alerts_filter:o})=>({group:e,id:t,params:n,actionTypeId:a,...o&&{alertsFilter:o},...i&&{uuid:i},...r&&{frequency:r}}),r=({group:e,id:t,actionTypeId:a,params:n,uuid:i,frequency:r,alertsFilter:o})=>({group:e,id:t,params:n,action_type_id:a,...o&&{alerts_filter:o},...i&&{uuid:i},...r&&{frequency:r}}),o=({group:e,id:t,params:a,frequency:n,alertsFilter:i})=>({group:e,id:t,params:a,...i&&{alerts_filter:i},...n&&{frequency:n}}),s=({action_type_id:e,params:t})=>{if(e===n.a.OSQUERY){const{saved_query_id:a,ecs_mapping:n,pack_id:i,...r}=t;return{params:{...r,savedQueryId:a,ecsMapping:n,packId:i},actionTypeId:e}}return{params:t,actionTypeId:e}},l=({actionTypeId:e,params:t})=>{if(e===n.a.OSQUERY){const{savedQueryId:a,ecsMapping:n,packId:i,...r}=t;return{params:{...r,saved_query_id:a,ecs_mapping:n,pack_id:i},action_type_id:e}}return{params:t,action_type_id:e}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s})),a.d(t,"b",(function(){return l})),a.d(t,"c",(function(){return c})),a.d(t,"d",(function(){return u})),a.d(t,"e",(function(){return d}));var n=a(43),i=a(112),r=a(600),o=a(262);let s;!function(e){e.Prebuilt="prebuilt",e.Custom="custom"}(s||(s={}));const l=n.partial({searchTerm:n.string,source:Object(i.u)("RuleSource",s),tags:n.array(n.string),enabled:n.boolean,ruleExecutionStatus:o.c}),c=n.partial({field:r.b.props.field,order:r.b.props.order}),u=n.partial({perPage:r.a.props.perPage}),d=n.partial({page:r.a.props.page,perPage:r.a.props.perPage})},function(e,t,a){"use strict";a.d(t,"c",(function(){return d})),a.d(t,"d",(function(){return p})),a.d(t,"b",(function(){return m})),a.d(t,"a",(function(){return g})),a.d(t,"g",(function(){return y})),a.d(t,"f",(function(){return f})),a.d(t,"e",(function(){return b})),a.d(t,"i",(function(){return h})),a.d(t,"h",(function(){return E}));var n=a(2),i=a.n(n),r=a(41),o=a.n(r),s=a(40),l=a(48),c=a(589);const u=o()(s.EuiHealth).withConfig({displayName:"StyledEuiHealth",componentId:"sc-1rr4lsj-0"})(["line-height:inherit;"]),d=l.euiLightVars.euiColorVis0,p=l.euiLightVars.euiColorVis5,m=l.euiLightVars.euiColorVis7,g=l.euiLightVars.euiColorVis9,y=47,f=73,b=99,h=[{value:"low",inputDisplay:i.a.createElement(u,{color:d},c.i)},{value:"medium",inputDisplay:i.a.createElement(u,{color:p},c.j)},{value:"high",inputDisplay:i.a.createElement(u,{color:m},c.h)},{value:"critical",inputDisplay:i.a.createElement(u,{color:g},c.f)}],E={low:21,medium:y,high:f,critical:b}},function(e,t,a){"use strict";a.d(t,"a",(function(){return g})),a.d(t,"b",(function(){return f}));var n=a(41),i=a.n(n),r=a(2),o=a.n(r),s=a(597),l=a(756),c=a(125),u=a(469),d=a(855);const p=i()(c.c).withConfig({displayName:"StyledForm",componentId:"sc-tp8win-0"})(["max-width:235px !important;"]),m=({isLoading:e,isUpdateView:t=!1,form:a})=>o.a.createElement(o.a.Fragment,null,o.a.createElement(u.a,{addPadding:!t},o.a.createElement(p,{form:a,"data-test-subj":"stepScheduleRule"},o.a.createElement(c.e,{path:"interval",component:l.a,componentProps:{idAria:"detectionEngineStepScheduleRuleInterval",isDisabled:e,dataTestSubj:"detectionEngineStepScheduleRuleInterval",minimumValue:1}}),o.a.createElement(c.e,{path:"from",component:l.a,componentProps:{idAria:"detectionEngineStepScheduleRuleFrom",isDisabled:e,dataTestSubj:"detectionEngineStepScheduleRuleFrom",minimumValue:1}})))),g=Object(r.memo)(m),y=({addPadding:e,defaultValues:t,descriptionColumns:a,isInPanelView:n=!1})=>o.a.createElement(u.a,{addPadding:e},o.a.createElement(s.a,{columns:a,schema:d.a,data:t,isInPanelView:n})),f=Object(r.memo)(y)},function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(2),i=a(46),r=a(495),o=a(108),s=a(137);const l=({savedQueryId:e,ruleType:t,onError:a})=>{var l;const c=Object(r.a)(),{addError:u}=Object(o.a)(),d=Object(i.useQuery)(["detectionEngine","rule","savedQuery",e],(async()=>e&&"saved_query"===t?c.getSavedQuery(e):null),{onError:null!=a?a:e=>{u(e,{title:s.Lc})},retry:!1,refetchOnWindowFocus:!1}),p=Object(n.useMemo)((()=>{var e;return d.data?{saved_id:d.data.id,filters:null!==(e=d.data.attributes.filters)&&void 0!==e?e:[],query:d.data.attributes.query,title:d.data.attributes.title}:null}),[d.data]);return{isSavedQueryLoading:!!e&&d.isLoading,savedQueryBar:p,savedQuery:null!==(l=d.data)&&void 0!==l?l:void 0}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(2),i=a(143);const r=({exceptionLists:e})=>{const[t,a]=Object(n.useState)(!0),[r,o]=Object(n.useState)([]),[s,l]=Object(n.useState)({}),c=Object(n.useCallback)((t=>{const a=e.reduce(((e,{id:t,...a})=>(e[t]={...a,id:t,rules:[]},e)),{});return t.reduce(((e,t)=>{const a=t.exceptions_list;return null!=a&&a.length>0&&a.forEach((a=>{const n=e[a.id];null!=n&&(e[a.id]={...n,rules:[...n.rules,t]})})),e}),a)}),[e]);return Object(n.useEffect)((()=>{let t=!0;const n=new AbortController;return(async()=>{if(0===e.length&&t)return a(!1),o([]),void l({});try{a(!0);const{data:e}=await Object(i.j)({pagination:{page:1,perPage:1e4},signal:n.signal}),r=c(e),s=Object.keys(r).map((e=>r[e]));o(s),l(r),t&&a(!1)}catch(e){t&&a(!1)}})(),()=>{t=!1,n.abort()}}),[e.length,c]),[t,r,s]}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s})),a.d(t,"b",(function(){return l}));var n=a(2),i=a.n(n),r=a(40),o=a(198);const s={DUPLICATE:"duplicate",EXPORT:"export"},l=Object(n.memo)((({handleCloseModal:e,onModalConfirm:t,action:a})=>{const[l,c]=Object(n.useState)(!0),u=Object(n.useCallback)((()=>{c(!l)}),[c,l]),d=Object(n.useCallback)((()=>{t(l),e()}),[l,e,t]);return i.a.createElement(r.EuiConfirmModal,{title:a===s.EXPORT?o.M:o.K,onCancel:e,onConfirm:d,cancelButtonText:o.G,confirmButtonText:a===s.EXPORT?o.I:o.H,defaultFocusedButton:"confirm","data-test-subj":"includeExpiredExceptionsConfirmationModal"},i.a.createElement(r.EuiText,null,a===s.EXPORT?o.L:o.J),i.a.createElement(r.EuiSpacer,{size:"s"}),i.a.createElement(r.EuiSwitch,{label:o.N,checked:l,onChange:u,"data-test-subj":"includeExpiredExceptionsConfirmationModalSwitch"}))}));l.displayName="IncludeExpiredExceptionsModal"},,function(e,t,a){"use strict";a.d(t,"a",(function(){return vt})),a.d(t,"b",(function(){return wt})),a.d(t,"c",(function(){return Ot}));var n=a(40),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(5),c=a(8),u=a(246),d=a.n(u),p=a(44),m=a(672),g=a(204),y=a(648),f=a(486),b=a(162),h=a(417),E=a(213),v=a(597),x=a(3),k=a(130),S=a.n(k),w=a(13),j=a(671),O=a(673),I=a(102),T=a(495),C=a(125);const M=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.importTimelineModalTitle",{defaultMessage:"Import query from saved timeline"}),F=["duplicate","createFrom"],D=e=>{var t;return{filters:null!==(t=e.attributes.filters)&&void 0!==t?t:[],query:e.attributes.query,saved_id:e.id,title:e.attributes.title}},A=({defaultSavedQuery:e,browserFields:t,dataTestSubj:a,field:o,idAria:s,indexPattern:l,isLoading:c=!1,onCloseTimelineSearch:u,openTimelineSearch:d=!1,resizeParentContainer:p,onValidityChange:m,isDisabled:g,resetToSavedQuery:y,onOpenTimeline:f,onSavedQueryError:b})=>{const{value:h,setValue:E}=o,[v,k]=Object(i.useState)(-1),[A,_]=Object(i.useState)(!1),[N,R]=Object(i.useState)(e),[q,P]=Object(i.useState)(!1),{isInvalid:L,errorMessage:B}=Object(C.i)(o),{uiSettings:z}=Object(I.j)().services,[$]=Object(i.useState)(new w.FilterManager(z)),V=Object(T.a)();Object(i.useEffect)((()=>{null!=m&&m(!L)}),[L,m]),Object(i.useEffect)((()=>{let e=!0;const t=new x.Subscription;return $.setFilters([]),t.add($.getUpdates$().subscribe({next:()=>{if(e){const e=$.getFilters(),{filters:t}=h;S()(t,e)||E({...h,filters:e})}}})),()=>{e=!1,t.unsubscribe()}}),[h,$,E]),Object(i.useEffect)((()=>{let e=!0;return async function(){const{filters:t,saved_id:a}=h;if(S()(t,$.getFilters())||$.setFilters(t),null!=a&&null!=N&&a!==N.id||null!=a&&null==N)try{const t=await V.getSavedQuery(a);e&&null!=t&&R(t),P(!1)}catch{R(void 0),P(!0)}else null==a&&null!=N&&R(void 0)}(),()=>{e=!1}}),[h,$,N,V,P,E]),Object(i.useEffect)((()=>{q&&(null==b||b())}),[b,q]),Object(i.useEffect)((()=>{if(y&&N){const e=D(N);E(e)}}),[y,N,E]);const G=Object(i.useCallback)((e=>{const{query:t}=h;S()(t,e)||E({...h,query:e})}),[h,E]),U=Object(i.useCallback)((e=>{const{query:t}=h;if(!S()(t,e)){const t=q?null:h.saved_id;E({...h,query:e,saved_id:t})}}),[h,E,q]),H=Object(i.useCallback)((e=>{if(null!=e){const{saved_id:t}=h;if(P(!1),R(e),e.id!==t){const t=D(e);E(t)}else E({filters:[],query:{query:"",language:"kuery"},saved_id:null})}}),[h,E,P]),W=Object(i.useCallback)((()=>{_(!0),u()}),[u]),Q=Object(i.useCallback)((e=>{_(!1),null==f||f(e)}),[f]);return r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiFormRow,{label:o.label,labelAppend:o.labelAppend,helpText:o.helpText,error:B,isInvalid:L,fullWidth:!0,"data-test-subj":a,describedByIds:s?[s]:void 0},r.a.createElement(n.EuiMutationObserver,{observerOptions:{subtree:!0,attributes:!0,childList:!0},onMutation:()=>{if(null!=p){const e=document.getElementById("kbnTypeahead__items");if(null!=e){const t=e.getBoundingClientRect(),a=document.getElementById("define-rule");if(null!=a){const e=a.getBoundingClientRect();(-1===v||e.height<v+t.height)&&p(v+t.height-100),-1===v&&k(e.height)}}else p(-1)}}},(e=>r.a.createElement("div",{ref:e},r.a.createElement(O.a,{indexPattern:l,isLoading:c||A,isRefreshPaused:!1,filterQuery:h.query,filterManager:$,filters:$.getFilters()||[],onChangedQuery:U,onSubmitQuery:G,savedQuery:N,onSavedQuery:H,hideSavedQuery:!1,displayStyle:"inPage",isDisabled:g}))))),d?r.a.createElement(j.a,{hideActions:F,modalTitle:M,onClose:W,onOpen:Q}):null)};var _=a(197);const N=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.eqlTypeTitle",{defaultMessage:"Event Correlation"}),R=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.eqlTypeDescription",{defaultMessage:"Use Event Query Language (EQL) to match events, generate sequences, and stack data"}),q=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.queryTypeTitle",{defaultMessage:"Custom query"}),P=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.queryTypeDescription",{defaultMessage:"Use KQL or Lucene to detect issues across indices."}),L=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.mlTypeTitle",{defaultMessage:"Machine Learning"}),B=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.mlTypeDescription",{defaultMessage:"Select ML job to detect anomalous activity."}),z=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.thresholdTypeTitle",{defaultMessage:"Threshold"}),$=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.thresholdTypeDescription",{defaultMessage:"Aggregate query results to detect when number of matches exceeds threshold."}),V=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.threatMatchTitle",{defaultMessage:"Indicator Match"}),G=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.threatMatchDescription",{defaultMessage:"Use indicators from intelligence sources to detect matching events and alerts."}),U=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.newTermsTitle",{defaultMessage:"New Terms"}),H=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.newTermsDescription",{defaultMessage:"Find documents with values appearing for the first time."}),W=s.a.span.withConfig({displayName:"SmallText",componentId:"sc-1i47q47-0"})(["font-size:",";"],(({theme:e})=>e.eui.euiFontSizeS)),Q=({hasValidLicense:e=!1})=>r.a.createElement(W,null,e?B:r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.mlTypeDisabledDescription",defaultMessage:"Access to ML requires a {subscriptionsLink}.",values:{subscriptionsLink:r.a.createElement(n.EuiLink,{href:"https://www.elastic.co/subscriptions",target:"_blank"},r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.components.stepDefineRule.ruleTypeField.subscriptionsLink",defaultMessage:"Platinum subscription"}))}}));Q.displayName="MlCardDescriptionComponent";const Y=r.a.memo(Q);Y.displayName="MlCardDescription";const K=Object(i.memo)((({describedByIds:e=[],field:t,isUpdateView:a,hasValidLicense:o,isMlAdmin:s})=>{const l=t.value,c=Object(i.useCallback)((e=>{t.setValue(e)}),[t]),u=Object(i.useCallback)((()=>c("eql")),[c]),d=Object(i.useCallback)((()=>c("machine_learning")),[c]),p=Object(i.useCallback)((()=>c("query")),[c]),m=Object(i.useCallback)((()=>c("threshold")),[c]),y=Object(i.useCallback)((()=>c("threat_match")),[c]),f=Object(i.useCallback)((()=>c("new_terms")),[c]),b=Object(i.useMemo)((()=>({onClick:u,isSelected:Object(_.b)(l)})),[l,u]),h=Object(i.useMemo)((()=>({onClick:p,isSelected:Object(_.e)(l)})),[l,p]),E=Object(i.useMemo)((()=>({isDisabled:!o||!s,onClick:d,isSelected:Object(g.d)(l)})),[l,d,o,s]),v=Object(i.useMemo)((()=>({onClick:m,isSelected:Object(_.g)(l)})),[l,m]),x=Object(i.useMemo)((()=>({onClick:y,isSelected:Object(_.f)(l)})),[l,y]),k=Object(i.useMemo)((()=>({onClick:f,isSelected:Object(_.d)(l)})),[l,f]);return r.a.createElement(n.EuiFormRow,{fullWidth:!0,"data-test-subj":"selectRuleType",describedByIds:e,label:t.label},r.a.createElement(n.EuiFlexGrid,{columns:3},(!a||h.isSelected)&&r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiCard,{"data-test-subj":"customRuleType",title:q,titleSize:"xs",description:P,icon:r.a.createElement(n.EuiIcon,{size:"xl",type:"search"}),selectable:h,layout:"horizontal"})),(!a||E.isSelected)&&r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiCard,{"data-test-subj":"machineLearningRuleType",title:L,titleSize:"xs",description:r.a.createElement(Y,{hasValidLicense:o}),icon:r.a.createElement(n.EuiIcon,{size:"l",type:"machineLearningApp"}),isDisabled:E.isDisabled&&!E.isSelected,selectable:E,layout:"horizontal"})),(!a||v.isSelected)&&r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiCard,{"data-test-subj":"thresholdRuleType",title:z,titleSize:"xs",description:$,icon:r.a.createElement(n.EuiIcon,{size:"l",type:"indexFlush"}),selectable:v,layout:"horizontal"})),(!a||b.isSelected)&&r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiCard,{"data-test-subj":"eqlRuleType",title:N,titleSize:"xs",description:R,icon:r.a.createElement(n.EuiIcon,{size:"l",type:"eql"}),selectable:b,layout:"horizontal"})),(!a||x.isSelected)&&r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiCard,{"data-test-subj":"threatMatchRuleType",title:V,titleSize:"xs",description:G,icon:r.a.createElement(n.EuiIcon,{size:"l",type:"list"}),selectable:x,layout:"horizontal"})),(!a||k.isSelected)&&r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiCard,{"data-test-subj":"newTermsRuleType",title:U,titleSize:"xs",description:H,icon:r.a.createElement(n.EuiIcon,{size:"l",type:"magnifyWithPlus"}),selectable:k,layout:"horizontal"}))))}));K.displayName="SelectRuleType";const Z=({describedByIds:e=[],field:t})=>{const a=t.value,o=Object(i.useCallback)((e=>{const a=Number(e.currentTarget.value);t.setValue(a)}),[t]);return r.a.createElement(n.EuiFormRow,{label:t.label,"data-test-subj":"anomalyThresholdSlider",describedByIds:e},r.a.createElement(n.EuiFlexGroup,null,r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiRange,{value:a,onChange:o,fullWidth:!0,showInput:!0,showRange:!0,showTicks:!0,tickInterval:25,min:0,max:100}))))};var J=a(474),X=a(471);const ee=s.a.div.withConfig({displayName:"HelpTextWarningContainer",componentId:"sc-1r7zcmv-0"})(["margin-top:10px;"]),te=({href:e,notRunningJobIds:t})=>r.a.createElement(r.a.Fragment,null,r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.machineLearningJobIdHelpText",defaultMessage:"We've provided a few common jobs to get you started. To add your own custom jobs, assign a group of 'security' to those jobs in the {machineLearning} application to make them appear here.",values:{machineLearning:r.a.createElement(n.EuiLink,{href:e,target:"_blank"},r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.components.mlJobSelect.machineLearningLink",defaultMessage:"Machine Learning"}))}}),t.length>0&&r.a.createElement(ee,{"data-test-subj":"ml-warning-not-running-jobs"},r.a.createElement(n.EuiText,{size:"xs"},r.a.createElement("span",null,1===t.length?r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.mlEnableJobSingle",defaultMessage:"The selected ML job, {jobName}, is not currently running. We will start {jobName} when you enable this rule.",values:{jobName:t[0]}}):r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.mlEnableJobMulti",defaultMessage:"The selected ML jobs, {jobNames}, are not currently running. We will start all of these jobs when you enable this rule.",values:{jobNames:t.reduce(((e,t,a,n)=>e+(a<n.length-1?", ":", and ")+t))}}))))),ae=r.a.memo(te),ne=l.i18n.translate("xpack.securitySolution.detectionEngine.mlSelectJob.createCustomJobButtonTitle",{defaultMessage:"Create custom job"}),ie=s.a.div.withConfig({displayName:"JobDisplayContainer",componentId:"sc-jfjxl-0"})(["width:100%;height:100%;display:flex;flex-direction:column;"]),re=s()(n.EuiFlexGroup).withConfig({displayName:"MlJobSelectEuiFlexGroup",componentId:"sc-jfjxl-1"})(["margin-bottom:5px;"]),oe=s()(n.EuiButton).withConfig({displayName:"MlJobEuiButton",componentId:"sc-jfjxl-2"})(["margin-top:20px;"]),se=({description:e,name:t,id:a})=>r.a.createElement(ie,null,r.a.createElement("strong",null,null!=t?t:a),r.a.createElement(n.EuiToolTip,{content:e},r.a.createElement(n.EuiText,{size:"xs",color:"subdued"},r.a.createElement("p",null,e)))),le=e=>{var t;return r.a.createElement(se,{id:e.value.id,description:e.value.description,name:null===(t=e.value)||void 0===t?void 0:t.name})},ce=({describedByIds:e=[],field:t})=>{const a=t.value,{isInvalid:o,errorMessage:s}=Object(C.i)(t),{loading:l,jobs:c}=Object(J.a)(),{getUrlForApp:u,navigateToApp:d}=Object(I.j)().services.application,p=u("ml"),m=Object(i.useCallback)((e=>{const a=e.map((e=>e.value.id));t.setValue(a)}),[t]),y=c.map((e=>{var t,a;return{value:{id:e.id,description:e.description,name:null===(t=e.customSettings)||void 0===t?void 0:t.security_app_display_name},label:`${null===(a=e.customSettings)||void 0===a?void 0:a.security_app_display_name} ${e.id}`}})),f=y.filter((e=>a.includes(e.value.id))).map((e=>{var t;return{...e,label:null!==(t=e.value.name)&&void 0!==t?t:e.value.id}})),b=Object(i.useMemo)((()=>c.filter((({id:e})=>a.includes(e))).reduce(((e,t)=>(Object(g.c)(t.jobState,t.datafeedState)||e.push(t.id),e)),[])),[c,a]);return r.a.createElement(re,{justifyContent:"flexStart"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiFormRow,{label:t.label,helpText:r.a.createElement(ae,{href:p,notRunningJobIds:b}),isInvalid:o,error:s,"data-test-subj":"mlJobSelect",describedByIds:e},r.a.createElement(n.EuiFlexGroup,null,r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiComboBox,{isLoading:l,onChange:m,options:y,placeholder:X.k,renderOption:le,rowHeight:50,selectedOptions:f}))))),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(oe,{iconType:"popout",iconSide:"right",onClick:()=>d("ml",{openInNewTab:!0})},ne)))};var ue=a(1131),de=a(469);const pe=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.thresholdField.thresholdFieldPlaceholderText",{defaultMessage:"All results"}),me=s()(n.EuiFlexItem).withConfig({displayName:"OperatorWrapper",componentId:"sc-1raxjfh-0"})(["align-self:center;"]),ge=["detectionEngineStepDefineRuleThresholdField"],ye=["detectionEngineStepDefineRuleThresholdValue"],fe=["detectionEngineStepDefineRuleThresholdCardinalityField"],be=["detectionEngineStepDefineRuleThresholdCardinalityValue"],he=({thresholdField:e,thresholdValue:t,browserFields:a,thresholdCardinalityField:o,thresholdCardinalityValue:s})=>{const l=Object(i.useMemo)((()=>({fullWidth:!0,noSuggestions:!1,options:a.map((e=>({label:e.name}))),placeholder:pe,onCreateOption:void 0,style:{width:"410px"}})),[a]),c=Object(i.useMemo)((()=>({fullWidth:!0,noSuggestions:!1,options:a.map((e=>({label:e.name}))),placeholder:pe,onCreateOption:void 0,style:{width:"410px"},singleSelection:{asPlainText:!0}})),[a]);return r.a.createElement(n.EuiFlexGroup,{direction:"column",style:{marginLeft:0}},r.a.createElement(n.EuiFlexGroup,null,r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(C.b,{field:e,idAria:ge[0],"data-test-subj":ge[0],describedByIds:ge,type:e.type,euiFieldProps:l})),r.a.createElement(me,{grow:!1},">="),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(C.b,{field:t,idAria:ye[0],"data-test-subj":ye[0],describedByIds:ye,type:t.type}))),r.a.createElement(n.EuiFlexGroup,null,r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(C.b,{field:o,idAria:fe[0],"data-test-subj":fe[0],describedByIds:fe,type:o.type,euiFieldProps:c})),r.a.createElement(me,{grow:!1},">="),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(C.b,{field:s,idAria:be[0],"data-test-subj":be[0],describedByIds:be,type:s.type}))))},Ee=r.a.memo(he),ve=()=>{const[e,t]=Object(i.useState)(!1),{docLinks:a}=Object(I.j)().services,o=r.a.createElement(n.EuiButtonIcon,{iconType:"questionInCircle",onClick:()=>t(!e),"aria-label":"Open help popover"});return r.a.createElement(n.EuiPopover,{button:o,isOpen:e,closePopover:()=>t(!1)},r.a.createElement(n.EuiText,{style:{width:320},size:"s"},r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.alertSuppressionMissingFieldsTooltipContent",defaultMessage:"Choose how to handle events with missing {suppressBy} fields. Either group events with missing fields together, or create a separate alert for each event. {learnMoreLink}",values:{suppressBy:r.a.createElement("strong",null,r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.alertSuppressionMissingFieldsTooltipSuppressByDescription",defaultMessage:"Suppress alerts by"})),learnMoreLink:r.a.createElement(n.EuiLink,{href:a.links.siem.configureAlertSuppression,target:"_blank"},r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.alertSuppressionMissingFieldsTooltipLink",defaultMessage:"Learn more"}))}})))},xe=r.a.memo(ve);xe.displayName="SuppressionInfoIcon";var ke=a(590),Se=a(1124);const we=l.i18n.translate("xpack.securitySolution.detectionEngine.stepDefineRule.pickDataView",{defaultMessage:"Select a Data View"}),je=l.i18n.translate("xpack.securitySolution.detectionEngine.stepDefineRule.dataViewNotFoundLabel",{defaultMessage:"Selected data view not found"}),Oe=l.i18n.translate("xpack.securitySolution.detectionEngine.stepDefineRule.dataViewIncludesAlertsIndexLabel",{defaultMessage:"Default Security data view"}),Ie=l.i18n.translate("xpack.securitySolution.detectionEngine.stepDefineRule.dataViewIncludesAlertsIndexDescription",{defaultMessage:"The default Security data view includes the alerts index. This could result in redundant alerts being generated from existing alerts."}),Te=({kibanaDataViews:e,field:t})=>{let a,o,s;if(null!=t){const e=Object(C.i)(t);a=e.isInvalid,o=e.errorMessage,s=t.value}const c=Object(i.useMemo)((()=>null!=e&&Object.keys(e).length>0),[e]),u=Object(i.useMemo)((()=>null!=s&&""!==s&&c&&!Object.hasOwn(e,s)),[c,s,e]),[d,p]=Object(i.useState)(u||null==s||""===s?[]:[{id:e[s].id,label:e[s].title}]),[m,g]=Object(i.useState)(!1);Object(i.useEffect)((()=>{if(!u&&s){const t=e[s].title,a=e[s].id;g("security-solution-default"===a),p([{id:a,label:t}])}else p([])}),[s,t,e,u,g]);const y=Object(i.useMemo)((()=>c?Object.values(e).map((e=>({label:e.title,id:e.id}))):[]),[c,e]);return r.a.createElement(r.a.Fragment,null,u&&null!=s&&r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiCallOut,{title:je,color:"warning",iconType:"help"},r.a.createElement("p",null,(f=s,l.i18n.translate("xpack.securitySolution.detectionEngine.stepDefineRule.dataViewNotFoundDescription",{values:{dataView:f},defaultMessage:'Your data view of "id": "{dataView}" was not found. It could be that it has since been deleted.'})))),r.a.createElement(n.EuiSpacer,{size:"s"})),m&&r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiCallOut,{title:Oe,color:"warning",iconType:"help","data-test-subj":"defaultSecurityDataViewWarning"},r.a.createElement("p",null,Ie)),r.a.createElement(n.EuiSpacer,{size:"s"})),r.a.createElement(n.EuiFormRow,{label:null==t?void 0:t.label,helpText:null==t?void 0:t.helpText,error:o,isInvalid:a,"data-test-subj":"pick-rule-data-source"},r.a.createElement(n.EuiComboBox,{isClearable:!0,singleSelection:{asPlainText:!0},onChange:e=>{const a=e;if(p(null!=a?a:[]),null!=a&&a.length>0&&null!=a[0].id){const e=a[0].id;null==t||t.setValue(e)}else null==t||t.setValue(void 0)},options:y,selectedOptions:d,"aria-label":we,placeholder:we,"data-test-subj":"detectionsDataViewSelectorDropdown"})));var f};var Ce=a(370),Me=a(316),Fe=a(522);const De=s()(n.EuiFlexItem).withConfig({displayName:"FlexItemWithLabel",componentId:"sc-17p8w56-0"})(["padding-top:20px;text-align:center;"]),Ae=s()(n.EuiFlexItem).withConfig({displayName:"FlexItemWithoutLabel",componentId:"sc-17p8w56-1"})(["text-align:center;"]),_e=({entry:e,indexPattern:t,threatIndexPatterns:a,showLabel:o,onChange:s})=>{const l=Object(i.useCallback)((([t])=>{const{updatedEntry:a,index:n}=Object(Ce.e)(e,t);s(a,n)}),[s,e]),c=Object(i.useCallback)((([t])=>{const{updatedEntry:a,index:n}=Object(Ce.f)(e,t);s(a,n)}),[s,e]),u=Object(i.useMemo)((()=>{const a=r.a.createElement(Me.b,{placeholder:Fe.c,indexPattern:t,selectedField:e.field,isClearable:!1,isLoading:!1,isDisabled:null==t,onChange:l,"data-test-subj":"entryField",fieldInputWidth:360});return o?r.a.createElement(n.EuiFormRow,{label:Fe.b,"data-test-subj":"entryItemFieldInputFormRow"},a):r.a.createElement(n.EuiFormRow,{label:"","data-test-subj":"entryItemFieldInputFormRow"},a)}),[l,t,e,o]),d=Object(i.useMemo)((()=>{const t=r.a.createElement(Me.b,{placeholder:Fe.c,indexPattern:a,selectedField:e.value,isClearable:!1,isLoading:!1,isDisabled:null==a,onChange:c,"data-test-subj":"threatEntryField",fieldInputWidth:360});return o?r.a.createElement(n.EuiFormRow,{label:Fe.f,"data-test-subj":"threatFieldInputFormRow"},t):r.a.createElement(n.EuiFormRow,{label:"","data-test-subj":"threatFieldInputFormRow"},t)}),[c,a,e,o]);return r.a.createElement(n.EuiFlexGroup,{direction:"row",gutterSize:"s",alignItems:"center",justifyContent:"spaceAround","data-test-subj":"itemEntryContainer"},r.a.createElement(n.EuiFlexItem,{grow:!1},u),r.a.createElement(n.EuiFlexItem,{grow:!0},r.a.createElement(n.EuiFlexGroup,{justifyContent:"spaceAround",alignItems:"center"},o?r.a.createElement(De,{grow:!0},Fe.d):r.a.createElement(Ae,{grow:!0},Fe.d))),r.a.createElement(n.EuiFlexItem,{grow:!1},d))};_e.displayName="EntryItem";const Ne=s()(n.EuiFlexItem).withConfig({displayName:"MyFirstRowContainer",componentId:"sc-12uv1nj-0"})(["padding-top:20px;"]),Re=r.a.memo((({entries:e,isOnlyItem:t,entryIndex:a,itemIndex:o,onDelete:s})=>{const l=t&&1===e.length&&0===o&&(null==e[0].field||""===e[0].field),c=Object(i.useCallback)((()=>{s(a)}),[s,a]),u=r.a.createElement(n.EuiButtonIcon,{color:"danger",iconType:"trash",onClick:c,isDisabled:l,"aria-label":"entryDeleteButton",className:"itemEntryDeleteButton","data-test-subj":"itemEntryDeleteButton"});return 0===a&&0===o?r.a.createElement(Ne,{grow:!1,"data-test-subj":"firstRowDeleteButton"},u):r.a.createElement(n.EuiFlexItem,{grow:!1,"data-test-subj":"deleteButton"},u)}));Re.displayName="EntryDeleteButton";var qe=a(603);const Pe=s()(n.EuiFlexItem).withConfig({displayName:"MyInvisibleAndBadge",componentId:"sc-80qzis-0"})(["visibility:hidden;"]),Le=s()(n.EuiFlexItem).withConfig({displayName:"MyFirstRowContainer",componentId:"sc-80qzis-1"})(["padding-top:20px;"]),Be=r.a.memo((({entriesLength:e,entryItemIndex:t})=>{const a=r.a.createElement(qe.a,{includeAntennas:!0,type:"and"});return e>1&&0===t?r.a.createElement(Le,{grow:!1,"data-test-subj":"entryItemEntryFirstRowAndBadge"},a):e<=1?r.a.createElement(Pe,{grow:!1,"data-test-subj":"entryItemEntryInvisibleAndBadge"},a):r.a.createElement(n.EuiFlexItem,{grow:!1,"data-test-subj":"entryItemEntryAndBadge"},a)}));Be.displayName="AndBadge";const ze=s()(n.EuiFlexItem).withConfig({displayName:"MyOverflowContainer",componentId:"sc-1omlazu-0"})(["overflow:hidden;width:100%;"]),$e=r.a.memo((({listItem:e,listItemIndex:t,indexPattern:a,threatIndexPatterns:o,isOnlyItem:s,andLogicIncluded:l,onDeleteEntryItem:c,onChangeEntryItem:u})=>{const d=Object(i.useCallback)(((a,n)=>{const i=[...e.entries.slice(0,n),{...a},...e.entries.slice(n+1)],r={...e,entries:i};u(r,t)}),[u,e,t]),p=Object(i.useCallback)((a=>{const n=Object(Ce.i)(e,a);c(n,t)}),[e,c,t]),m=Object(i.useMemo)((()=>null!=a&&e.entries.length>0?Object(Ce.g)(a,o,e.entries):[]),[e.entries,a,o]);return r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiFlexGroup,{gutterSize:"s","data-test-subj":"entriesContainer"},l&&r.a.createElement(Be,{entriesLength:e.entries.length,entryItemIndex:t}),r.a.createElement(ze,{grow:6},r.a.createElement(n.EuiFlexGroup,{gutterSize:"s",direction:"column"},m.map(((i,l)=>r.a.createElement(n.EuiFlexItem,{key:i.id,grow:1},r.a.createElement(n.EuiFlexGroup,{gutterSize:"xs",alignItems:"center",direction:"row"},r.a.createElement(ze,{grow:1},r.a.createElement(_e,{entry:i,threatIndexPatterns:o,indexPattern:a,showLabel:0===t&&0===l,onChange:d})),r.a.createElement(Re,{entries:e.entries,isOnlyItem:s,entryIndex:i.entryIndex,itemIndex:t,onDelete:p})))))))))}));$e.displayName="ListItem";const Ve=s()(n.EuiButton).withConfig({displayName:"MyEuiButton",componentId:"sc-gfoihj-0"})(["min-width:95px;"]),Ge=({isOrDisabled:e=!1,isAndDisabled:t=!1,onAndClicked:a,onOrClicked:i})=>r.a.createElement(n.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(Ve,{fill:!0,size:"s",iconType:"plusInCircle",onClick:a,"data-test-subj":"andButton",isDisabled:t},Fe.a)),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(Ve,{fill:!0,size:"s",iconType:"plusInCircle",onClick:i,isDisabled:e,"data-test-subj":"orButton"},Fe.e))),Ue=s()(n.EuiFlexItem).withConfig({displayName:"MyInvisibleAndBadge",componentId:"sc-a20478-0"})(["visibility:hidden;"]),He=s()(qe.a).withConfig({displayName:"MyAndBadge",componentId:"sc-a20478-1"})(["& > .euiFlexItem{margin:0;}"]),We=s()(n.EuiFlexItem).withConfig({displayName:"MyButtonsContainer",componentId:"sc-a20478-2"})(["margin:16px 0;"]),Qe={andLogicIncluded:!1,entries:[],entriesToDelete:[]},Ye=({listItems:e,indexPatterns:t,threatIndexPatterns:a,onChange:o})=>{const[{entries:s,entriesToDelete:l,andLogicIncluded:c},u]=Object(i.useReducer)(((e,t)=>{switch(t.type){case"setEntries":{const a=t.entries.filter((({entries:e})=>e.length>1)).length>0;return{...e,andLogicIncluded:a,entries:t.entries}}case"setDefault":return{...e,...t.initialState,entries:[{...t.lastEntry,entries:[Object(Ce.d)()]}]};default:return e}}),{...Qe}),d=Object(i.useCallback)((e=>{u({type:"setEntries",entries:e})}),[u]),p=Object(i.useCallback)((e=>{u({type:"setDefault",initialState:Qe,lastEntry:e})}),[u]),m=Object(i.useCallback)(((e,t)=>{const a=[...s.slice(0,t),{...e},...s.slice(t+1)];d(a)}),[d,s]),g=Object(i.useCallback)(((e,t)=>{0===e.entries.length?0===[...s.slice(0,t),...s.slice(t+1)].length?p(e):d([...s.slice(0,t),...s.slice(t+1)]):m(e,t)}),[m,d,s,p]),y=Object(i.useCallback)((()=>{const e=s[s.length-1],{entries:t}=e,a={...e,entries:[...t,Object(Ce.d)()]};d([...s.slice(0,s.length-1),{...a}])}),[d,s]),f=Object(i.useCallback)((()=>{const e=Object(Ce.h)();d([...s,{...e}])}),[d,s]),b=Object(i.useCallback)((()=>{y()}),[y]);return Object(i.useEffect)((()=>{o({entryItems:Object(Ce.c)(s),entriesToDelete:l})}),[o,l,s]),Object(i.useEffect)((()=>{(0===s.length||1===s.length&&null!=s[0].entries&&0===s[0].entries.length)&&f()}),[s,f]),Object(i.useEffect)((()=>{e.length>0&&d(e)}),[]),r.a.createElement(n.EuiFlexGroup,{gutterSize:"s",direction:"column"},s.map(((e,i)=>{var o;const l=null!==(o=e.id)&&void 0!==o?o:`${i}`;return r.a.createElement(n.EuiFlexItem,{grow:1,key:l},r.a.createElement(n.EuiFlexGroup,{gutterSize:"s",direction:"column"},0!==i&&(c?r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiFlexGroup,{gutterSize:"none",direction:"row"},r.a.createElement(Ue,{grow:!1},r.a.createElement(He,{includeAntennas:!0,type:"and"})),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(He,{type:"or"})))):r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(He,{type:"or"}))),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement($e,{key:l,listItem:e,indexPattern:t,threatIndexPatterns:a,listItemIndex:i,andLogicIncluded:c,isOnlyItem:1===s.length,onDeleteEntryItem:g,onChangeEntryItem:m}))))})),r.a.createElement(We,{"data-test-subj":"andOrOperatorButtons"},r.a.createElement(n.EuiFlexGroup,{gutterSize:"s"},c&&r.a.createElement(Ue,{grow:!1},r.a.createElement(qe.a,{includeAntennas:!0,type:"and"})),r.a.createElement(n.EuiFlexItem,{grow:1},r.a.createElement(Ge,{isOrDisabled:!1,isAndDisabled:!1,onOrClicked:f,onAndClicked:b})))))};Ye.displayName="ThreatMatch";const Ke=Object(C.j)({component:C.b}),Ze=({threatIndexModified:e,handleResetThreatIndices:t,threatMapping:a,indexPatterns:o,threatIndexPatterns:s,threatIndexPatternsLoading:l,threatBrowserFields:c,onValidityChange:u})=>{const{setValue:d,value:p}=a,{isInvalid:m,errorMessage:g}=Object(C.i)(a),[y,f]=Object(i.useState)(!1);Object(i.useEffect)((()=>{u&&u(!m&&y)}),[y,m,u]);const b=Object(i.useCallback)((({entryItems:e})=>{d(e)}),[d]);return r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSpacer,{size:"m"}),r.a.createElement(n.EuiFlexGroup,{direction:"column"},r.a.createElement(n.EuiFlexItem,{grow:!0},r.a.createElement(Ke,{path:"threatIndex",config:{...ke.a.threatIndex,labelAppend:e?r.a.createElement(vt,{onClick:t,iconType:"refresh"},X.m):null},componentProps:{idAria:"detectionEngineStepDefineRuleThreatMatchIndices","data-test-subj":"detectionEngineStepDefineRuleThreatMatchIndices",euiFieldProps:{fullWidth:!0,isDisabled:!1,placeholder:""}}})),r.a.createElement(n.EuiFlexItem,{grow:!0},r.a.createElement(C.e,{path:"threatQueryBar",config:{...ke.a.threatQueryBar,labelAppend:null},component:A,componentProps:{browserFields:c,idAria:"detectionEngineStepDefineThreatRuleQueryBar",indexPattern:s,isDisabled:!1,isLoading:l,dataTestSubj:"detectionEngineStepDefineThreatRuleQueryBar",openTimelineSearch:!1,onValidityChange:f}}))),r.a.createElement(n.EuiSpacer,{size:"m"}),r.a.createElement(n.EuiFormRow,{label:a.label,labelAppend:a.labelAppend,helpText:a.helpText,error:g,isInvalid:m,fullWidth:!0},r.a.createElement(Ye,{listItems:p,indexPatterns:o,threatIndexPatterns:s,"data-test-subj":"threatmatch-builder","id-aria":"threatmatch-builder",onChange:b})),r.a.createElement(n.EuiSpacer,{size:"m"}))},Je=r.a.memo(Ze);var Xe=a(183);const et=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.newTermsField.placeholderText",{defaultMessage:"Select a field"}),tt=({browserFields:e,field:t})=>{const a=Object(i.useMemo)((()=>({fullWidth:!0,noSuggestions:!1,options:e.map((e=>({label:e.name}))),placeholder:et,onCreateOption:void 0,style:{width:"410px"}})),[e]);return r.a.createElement(C.b,{field:t,idAria:"detectionEngineStepDefineRuleNewTermsField",euiFieldProps:a})},at=r.a.memo(tt);var nt=a(756),it=a(895),rt=a(1049),ot=a(894),st=a(17),lt=a(207),ct=a(104),ut=a.n(ct);const dt=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.secondsOptionDescription",{defaultMessage:"Seconds"}),pt=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.minutesOptionDescription",{defaultMessage:"Minutes"}),mt=l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.hoursOptionDescription",{defaultMessage:"Hours"}),gt=(l.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.daysOptionDescription",{defaultMessage:"Days"}),s()(n.EuiFormRow).withConfig({displayName:"StyledEuiFormRow",componentId:"sc-tpunic-0"})(["max-width:none;.euiFormControlLayout{max-width:235px;width:auto;}.euiFormControlLayout__childrenWrapper > *:first-child{box-shadow:none;height:38px;width:100%;}.euiFormControlLayout__childrenWrapper > select{background-color:",";color:",";}.euiFormControlLayout--group .euiFormControlLayout{min-width:100px;}.euiFormControlLayoutIcons{color:",";}.euiFormControlLayout:not(:first-child){border-left:1px solid ",";}"],(({theme:e})=>Object(n.transparentize)(e.eui.euiColorPrimary,.1)),(({theme:e})=>e.eui.euiColorPrimary),(({theme:e})=>e.eui.euiColorPrimary),(({theme:e})=>e.eui.euiColorLightShade))),yt=s()(n.EuiSelect).withConfig({displayName:"MyEuiSelect",componentId:"sc-tpunic-1"})(["width:auto;"]),ft=({durationValueField:e,durationUnitField:t,minimumValue:a=0,isDisabled:o,durationUnitOptions:s=[{value:"s",text:dt},{value:"m",text:pt},{value:"h",text:mt}]})=>{const{isInvalid:l,errorMessage:c}=Object(C.i)(e),{value:u,setValue:d}=e,{value:p,setValue:m}=t,g=Object(i.useCallback)((e=>{m(e.target.value)}),[m]),y=Object(i.useCallback)((e=>{const t=((e,t=0)=>{const a=parseInt(e,10);return Number.isNaN(a)?t:Math.max(t,Math.min(a,Number.MAX_SAFE_INTEGER))})(e.target.value,a);d(t)}),[a,d]),f={disabled:o};return r.a.createElement(gt,{error:c,isInvalid:l},r.a.createElement(n.EuiFormControlLayout,{append:r.a.createElement(yt,ut()({fullWidth:!1,options:s,onChange:g,value:p,"data-test-subj":"timeType"},f))},r.a.createElement(n.EuiFieldNumber,ut()({fullWidth:!1,min:a,max:Number.MAX_SAFE_INTEGER,onChange:y,value:u,"data-test-subj":"interval"},f))))},bt=r.a.memo(ft),ht=Object(C.j)({component:C.b}),Et=s.a.div.withConfig({displayName:"StyledVisibleContainer",componentId:"sc-1pj0rui-0"})(["display:",";"],(e=>e.isVisible?"block":"none")),vt=s()(n.EuiButtonEmpty).withConfig({displayName:"MyLabelButton",componentId:"sc-1pj0rui-1"})(["height:18px;font-size:12px;.euiIcon{width:14px;height:14px;}"]);vt.defaultProps={flush:"right"};const xt=s()(n.EuiFormRow).attrs((({$isVisible:e})=>({style:{display:e?"flex":"none"}}))).withConfig({displayName:"RuleTypeEuiFormRow",componentId:"sc-1pj0rui-2"})([""]),kt=s()(xt).withConfig({displayName:"IntendedRuleTypeEuiFormRow",componentId:"sc-1pj0rui-3"})(["",""],(({theme:e})=>`padding-left: ${e.eui.euiSizeXL};`)),St=({isLoading:e,isUpdateView:t=!1,kibanaDataViews:a,indicesConfig:o,threatIndicesConfig:s,defaultSavedQuery:u,form:h,optionsSelected:v,setOptionsSelected:x,indexPattern:k,isIndexPatternLoading:S,browserFields:w,isQueryBarValid:j,setIsQueryBarValid:O,setIsThreatQueryBarValid:I,ruleType:T,index:M,threatIndex:F,groupByFields:D,dataSourceType:N,shouldLoadQueryDynamically:R,queryBarTitle:q,queryBarSavedId:P})=>{const L=Object(b.a)(),[B,z]=Object(i.useState)(!1),[$,V]=Object(i.useState)(!1),[G,U]=Object(i.useState)(!1),H=Object(st.b)(),{getFields:W,reset:Q,setFieldValue:Y}=h,J=(({field:e,setFieldValue:t,value:a})=>{const n=Object(i.useRef)(!1),r=Object(i.useRef)(),[o,s]=Object(i.useState)((()=>null));return Object(i.useEffect)((()=>{n.current&&a===r.current&&(n.current=!1,r.current=void 0,o())}),[a,o]),Object(i.useCallback)(((a,i)=>{t(e,a),s((()=>i)),r.current=a,n.current=!0}),[e,t])})({field:"ruleType",value:T,setFieldValue:Y}),ee=Object(i.useCallback)((({index:e,queryBar:t,eqlOptions:a})=>{const n=()=>{Y("index",e),Y("queryBar",t)};"eql"===t.query.language?(J("eql",n),x((e=>({...e,...null!=a?a:{}})))):n()}),[Y,J,x]),{onOpenTimeline:te,loading:ae}=Object(m.c)(ee),ne=d()(T),ie=Object(i.useCallback)((e=>{h.setFieldValue("dataSourceType",e),h.getFields().index.reset({resetValue:!1}),h.getFields().dataViewId.reset({resetValue:!1})}),[h]),[re,oe]=Object(i.useState)([]);Object(i.useEffect)((()=>{const{fields:e}=k;oe(function(e){return e.filter((e=>!0===e.aggregatable))}(e))}),[k]);const se=Object(i.useMemo)((()=>(e=>{const t=new Set(["string","number","ip","boolean"]);return e.filter((e=>!0===e.aggregatable&&t.has(e.type)))})(re)),[re]),[le,{browserFields:pe,indexPatterns:me}]=Object(Xe.b)(F);Object(i.useEffect)((()=>{Q({resetValues:!1})}),[Q,T]),Object(i.useEffect)((()=>{V(!Object(c.isEqual)(M,o))}),[M,o]),Object(i.useEffect)((()=>{U(!Object(c.isEqual)(F,s))}),[F,s]),Object(i.useEffect)((()=>{const{queryBar:e}=W();null!=e&&(Object(_.f)(T)&&!Object(_.f)(ne)&&Object(c.isEqual)(e.value,rt.a.forNormalRules)?e.reset({defaultValue:rt.a.forThreatMatchRules}):!Object(_.f)(T)&&Object(_.f)(ne)&&Object(c.isEqual)(e.value,rt.a.forThreatMatchRules)&&e.reset({defaultValue:rt.a.forNormalRules}))}),[T,ne,W]);const ge=Object(i.useCallback)((()=>{j||h.setFieldValue("shouldLoadQueryDynamically",!1)}),[j,h]),ye=Object(i.useCallback)((()=>{W().index.setValue(o)}),[W,o]),fe=Object(i.useCallback)((()=>{W().threatIndex.setValue(s)}),[W,s]),be=Object(i.useCallback)((()=>{z(!0)}),[]),he=Object(i.useCallback)((()=>{z(!1)}),[]),ve=Object(i.useCallback)((({thresholdField:e,thresholdValue:t,thresholdCardinalityField:a,thresholdCardinalityValue:n})=>r.a.createElement(Ee,{browserFields:re,thresholdField:e,thresholdValue:t,thresholdCardinalityField:a,thresholdCardinalityValue:n})),[re]),we=Object(i.useCallback)((({threatMapping:e})=>r.a.createElement(Je,{handleResetThreatIndices:fe,indexPatterns:k,threatBrowserFields:pe,threatIndexModified:G,threatIndexPatterns:me,threatIndexPatternsLoading:le,threatMapping:e,onValidityChange:I})),[fe,k,I,pe,G,me,le]),je=Object(i.useCallback)((({groupByRadioSelection:e,groupByDurationUnit:t,groupByDurationValue:a})=>r.a.createElement(n.EuiRadioGroup,{disabled:!H.isAtLeast(lt.ab)||null==D||0===D.length,idSelected:e.value,options:[{id:E.b.PerRuleExecution,label:"Per rule execution"},{id:E.b.PerTimePeriod,label:r.a.createElement(r.a.Fragment,null,"Per time period",r.a.createElement(bt,{durationValueField:a,durationUnitField:t,isDisabled:!H.isAtLeast(lt.ab)||0===(null==D?void 0:D.length)||e.value!==E.b.PerTimePeriod,minimumValue:1}))}],onChange:t=>{e.setValue(t)},"data-test-subj":"groupByDurationOptions"})),[H,D]),Oe=Object(i.useCallback)((({suppressionMissingFields:e})=>r.a.createElement(n.EuiRadioGroup,{disabled:!H.isAtLeast(lt.ab)||null==D||0===D.length,idSelected:e.value,options:[{id:lt.b.Suppress,label:X.c},{id:lt.b.DoNotSuppress,label:X.a}],onChange:t=>{e.setValue(t)},"data-test-subj":"suppressionMissingFieldsOptions"})),[H,D]),Ie=Object(i.useMemo)((()=>[{id:E.a.IndexPatterns,label:l.i18n.translate("xpack.securitySolution.ruleDefine.indexTypeSelect.indexPattern",{defaultMessage:"Index Patterns"}),iconType:N===E.a.IndexPatterns?"checkInCircleFilled":"empty","data-test-subj":`rule-index-toggle-${E.a.IndexPatterns}`},{id:E.a.DataView,label:l.i18n.translate("xpack.securitySolution.ruleDefine.indexTypeSelect.dataView",{defaultMessage:"Data View"}),iconType:N===E.a.DataView?"checkInCircleFilled":"empty","data-test-subj":`rule-index-toggle-${E.a.DataView}`}]),[N]),Ce=Object(i.useMemo)((()=>null==a||0===Object.keys(a).length?r.a.createElement(n.EuiLoadingSpinner,{size:"l"}):r.a.createElement(C.e,{key:"DataViewSelector",path:"dataViewId",component:Te,componentProps:{kibanaDataViews:a}})),[a]),Me=Object(i.useMemo)((()=>r.a.createElement(xt,{label:X.o,$isVisible:!0,fullWidth:!0},r.a.createElement(n.EuiFlexGroup,{direction:"column",gutterSize:"s","data-test-subj":"dataViewIndexPatternButtonGroupFlexGroup"},r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiText,{size:"xs"},r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.dataViewSelectorText1",defaultMessage:"Use Kibana "}),r.a.createElement(it.a,{guidePath:"kibana",docPath:"data-views.html",linkText:"Data Views"}),r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.dataViewSelectorText2",defaultMessage:" or specify individual "}),r.a.createElement(it.a,{guidePath:"kibana",docPath:"index-patterns-api-create.html",linkText:"index patterns"}),r.a.createElement(p.FormattedMessage,{id:"xpack.securitySolution.dataViewSelectorText3",defaultMessage:" as your rule's data source to be searched."}))),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(xt,{$isVisible:!0},r.a.createElement(n.EuiButtonGroup,{isFullWidth:!0,legend:"Rule index pattern or data view selector","data-test-subj":"dataViewIndexPatternButtonGroup",idSelected:N,onChange:ie,options:Ie,color:"primary"}))),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(Et,{isVisible:N===E.a.DataView},Ce),r.a.createElement(Et,{isVisible:N===E.a.IndexPatterns},r.a.createElement(ht,{path:"index",config:{...Object(c.omit)(ke.a.index,"label"),labelAppend:$?r.a.createElement(vt,{onClick:ye,iconType:"refresh"},X.m):null},componentProps:{idAria:"detectionEngineStepDefineRuleIndices","data-test-subj":"detectionEngineStepDefineRuleIndices",euiFieldProps:{fullWidth:!0,placeholder:"",isDisabled:ae,isLoading:ae}}})))))),[ae,N,ie,Ie,Ce,$,ye]),Fe=Object(i.useMemo)((()=>r.a.createElement(C.e,{key:"QueryBarDefineRule",path:"queryBar",config:{...ke.a.queryBar,label:X.l,labelAppend:r.a.createElement(vt,{"data-test-subj":"importQueryFromSavedTimeline",onClick:be,disabled:R},X.h)},component:A,componentProps:{browserFields:w,idAria:"detectionEngineStepDefineRuleQueryBar",indexPattern:k,isDisabled:e||R||ae,resetToSavedQuery:R,isLoading:S||ae,dataTestSubj:"detectionEngineStepDefineRuleQueryBar",openTimelineSearch:B,onValidityChange:O,onCloseTimelineSearch:he,onSavedQueryError:ge,defaultSavedQuery:u,onOpenTimeline:te}})),[be,R,w,k,e,ae,S,B,O,he,ge,u,te]),De=Object(i.useCallback)(((e,t)=>{x((a=>({...a,[e]:t})))}),[x]),Ae=Object(i.useMemo)((()=>Object(c.isEmpty)(k.fields)?{keywordFields:[],dateFields:[],nonDateFields:[]}:{keywordFields:k.fields.filter((e=>{var t;return null===(t=e.esTypes)||void 0===t?void 0:t.includes("keyword")})).map((e=>({label:e.name}))),dateFields:k.fields.filter((e=>"date"===e.type)).map((e=>({label:e.name}))),nonDateFields:k.fields.filter((e=>"date"!==e.type)).map((e=>({label:e.name})))}),[k]),_e=Object(i.useMemo)((()=>({describedByIds:["detectionEngineStepDefineRuleType"],isUpdateView:t,hasValidLicense:Object(f.a)(L),isMlAdmin:Object(y.a)(L)})),[t,L]);return r.a.createElement(r.a.Fragment,null,r.a.createElement(de.a,{addPadding:!t},r.a.createElement(C.c,{form:h,"data-test-subj":"stepDefineRule"},r.a.createElement(Et,{isVisible:!1},r.a.createElement(C.e,{path:"dataSourceType",componentProps:{euiFieldProps:{fullWidth:!0,placeholder:""}}})),r.a.createElement(C.e,{path:"ruleType",component:K,componentProps:_e}),r.a.createElement(xt,{$isVisible:!Object(g.d)(T),fullWidth:!0},r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSpacer,{size:"s"}),Me,r.a.createElement(n.EuiSpacer,{size:"s"}),Object(_.b)(T)?r.a.createElement(C.e,{key:"EqlQueryBar",path:"queryBar",component:Se.a,componentProps:{optionsData:Ae,optionsSelected:v,isSizeOptionDisabled:!0,onOptionsChange:De,onValidityChange:O,idAria:"detectionEngineStepDefineRuleEqlQueryBar",isDisabled:e,isLoading:S,indexPattern:k,showFilterBar:!0,dataTestSubj:"detectionEngineStepDefineRuleEqlQueryBar"},config:{...ke.a.queryBar,label:X.e}}):Fe)),Object(_.e)(T)&&r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSpacer,{size:"s"}),r.a.createElement(xt,{label:X.n,$isVisible:Boolean(P),fullWidth:!0},r.a.createElement(ht,{path:"shouldLoadQueryDynamically",componentProps:{idAria:"detectionEngineStepDefineRuleShouldLoadQueryDynamically","data-test-subj":"detectionEngineStepDefineRuleShouldLoadQueryDynamically",euiFieldProps:{disabled:e,label:q?X.s(q):X.t()}}}))),r.a.createElement(xt,{$isVisible:Object(_.e)(T),"data-test-subj":"alertSuppressionInput"},r.a.createElement(C.e,{path:"groupByFields",component:ot.a,componentProps:{browserFields:se,disabledText:X.g,isDisabled:!H.isAtLeast(lt.ab)&&0===(null==D?void 0:D.length)}})),r.a.createElement(kt,{$isVisible:Object(_.e)(T),"data-test-subj":"alertSuppressionDuration"},r.a.createElement(C.f,{fields:{groupByRadioSelection:{path:"groupByRadioSelection"},groupByDurationValue:{path:"groupByDuration.value"},groupByDurationUnit:{path:"groupByDuration.unit"}}},je)),r.a.createElement(kt,{$isVisible:Object(_.e)(T),"data-test-subj":"alertSuppressionMissingFields",label:r.a.createElement("span",null,X.b," ",r.a.createElement(xe,null)),fullWidth:!0},r.a.createElement(C.f,{fields:{suppressionMissingFields:{path:"suppressionMissingFields"}}},Oe)),r.a.createElement(xt,{$isVisible:Object(g.d)(T),fullWidth:!0},r.a.createElement(r.a.Fragment,null,r.a.createElement(C.e,{path:"machineLearningJobId",component:ce,componentProps:{describedByIds:["detectionEngineStepDefineRulemachineLearningJobId"]}}),r.a.createElement(C.e,{path:"anomalyThreshold",component:Z,componentProps:{describedByIds:["detectionEngineStepDefineRuleAnomalyThreshold"]}}))),r.a.createElement(xt,{$isVisible:Object(_.g)(T),"data-test-subj":"thresholdInput",fullWidth:!0},r.a.createElement(r.a.Fragment,null,r.a.createElement(C.f,{fields:{thresholdField:{path:"threshold.field"},thresholdValue:{path:"threshold.value"},thresholdCardinalityField:{path:"threshold.cardinality.field"},thresholdCardinalityValue:{path:"threshold.cardinality.value"}}},ve))),r.a.createElement(xt,{$isVisible:Object(_.f)(T),"data-test-subj":"threatMatchInput",fullWidth:!0},r.a.createElement(r.a.Fragment,null,r.a.createElement(C.f,{fields:{threatMapping:{path:"threatMapping"}}},we))),r.a.createElement(xt,{$isVisible:Object(_.d)(T),"data-test-subj":"newTermsInput",fullWidth:!0},r.a.createElement(r.a.Fragment,null,r.a.createElement(C.e,{path:"newTermsFields",component:at,componentProps:{browserFields:se}}),r.a.createElement(C.e,{path:"historyWindowSize",component:nt.a,componentProps:{idAria:"detectionEngineStepDefineRuleHistoryWindowSize",dataTestSubj:"detectionEngineStepDefineRuleHistoryWindowSize",timeTypes:["m","h","d"]}}))),r.a.createElement(C.e,{path:"timeline",component:ue.a,componentProps:{idAria:"detectionEngineStepDefineRuleTimeline",isDisabled:e,dataTestSubj:"detectionEngineStepDefineRuleTimeline"}}))))},wt=Object(i.memo)(St),jt=({addPadding:e,defaultValues:t,descriptionColumns:a,indexPattern:n,isInPanelView:i=!1})=>{const o=Object(h.e)(t);return r.a.createElement(de.a,{"data-test-subj":"definitionRule",addPadding:e},r.a.createElement(v.a,{columns:a,schema:Object(h.b)(ke.a,t.ruleType),data:Object(h.b)(o,t.ruleType),indexPatterns:n,isInPanelView:i}))},Ot=Object(i.memo)(jt)},function(e,t,a){"use strict";a.d(t,"a",(function(){return fe})),a.d(t,"b",(function(){return he}));var n=a(40),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(197),c=a(104),u=a.n(c),d=a(42),p=a(137),m=a(125);const g=s()(n.EuiFormRow).withConfig({displayName:"MyEuiFormRow",componentId:"sc-7izzbw-0"})([".euiFormRow__labelWrapper{.euiText{padding-right:32px;}}"]),y=s()(n.EuiButtonEmpty).withConfig({displayName:"MyAddItemButton",componentId:"sc-7izzbw-1"})(["margin:4px 0px;font-size:12px;.euiIcon{width:12px;height:12px;}"]);y.defaultProps={flush:"left",iconType:"plusInCircle",size:"s"};const f=({addText:e,dataTestSubj:t,field:a,idAria:o,isDisabled:s,validate:l})=>{const[c,f]=Object(i.useState)(!1),{isInvalid:b,errorMessage:h}=Object(m.i)(a),[E,v]=Object(i.useState)(-1),x=Object(i.useRef)([]),k=Object(i.useCallback)((e=>{const t=a.value,n=[...t.slice(0,e),...t.slice(e+1)];a.setValue(0===n.length?[""]:n),x.current=[...x.current.slice(0,e),...x.current.slice(e+1)],x.current=x.current.map(((t,a)=>(a>=e&&null!=x.current[e]&&(t.value="re-render"),t)))}),[a]),S=Object(i.useCallback)((()=>{const e=a.value;a.setValue([...e,""])}),[a]),w=Object(i.useCallback)(((e,t)=>{const n=a.value,i=e.target.value;a.setValue([...n.slice(0,t),i,...n.slice(t+1)])}),[a]),j=Object(i.useCallback)(((e,t)=>{null!=t&&(x.current=[...x.current.slice(0,e),t,...x.current.slice(e+1)])}),[x]);Object(i.useEffect)((()=>{-1===E||Object(d.isEmpty)(x.current)||null==x.current[E]||(x.current[E].focus(),v(-1))}),[E,x.current]);const O=a.value;return r.a.createElement(g,{label:a.label,labelAppend:a.labelAppend,error:c?h:null,isInvalid:c&&b,fullWidth:!0,"data-test-subj":t,describedByIds:o?[o]:void 0},r.a.createElement(r.a.Fragment,null,O.map(((e,t)=>{const a={disabled:s,...t===O.length-1?{inputRef:j.bind(null,t)}:{},value:e,isInvalid:null!=l&&c&&l(e)};return r.a.createElement("div",{key:t},r.a.createElement(n.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},r.a.createElement(n.EuiFlexItem,{grow:!0},r.a.createElement(n.EuiFieldText,u()({onBlur:()=>f(!0),onChange:e=>w(e,t),fullWidth:!0},a))),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiButtonIcon,{color:"danger",iconType:"trash",isDisabled:s||Object(d.isEmpty)(e)&&1===O.length,onClick:()=>k(t),"aria-label":p.ub}))),O.length-1!==t&&r.a.createElement(n.EuiSpacer,{size:"s"}))})),r.a.createElement(y,{onClick:S,isDisabled:s},e)))};var b=a(597),h=a(8),E=a(334);const v=[{framework:"MITRE ATT&CK",tactic:{id:"none",name:"none",reference:"none"},technique:[]}];Object(E.c)([]);var x=a(5);const k=x.i18n.translate("xpack.securitySolution.detectionEngine.mitreAttack.threatsDescription",{defaultMessage:"threats"}),S=x.i18n.translate("xpack.securitySolution.detectionEngine.mitreAttack.tacticsDescription",{defaultMessage:"tactic"}),w=x.i18n.translate("xpack.securitySolution.detectionEngine.mitreAttack.techniquesDescription",{defaultMessage:"technique"}),j=x.i18n.translate("xpack.securitySolution.detectionEngine.mitreAttack.subtechniquesDescription",{defaultMessage:"subtechnique"}),O=x.i18n.translate("xpack.securitySolution.detectionEngine.mitreAttack.addTacticTitle",{defaultMessage:"Add tactic"}),I=x.i18n.translate("xpack.securitySolution.detectionEngine.mitreAttack.addTechniqueTitle",{defaultMessage:"Add technique"}),T=x.i18n.translate("xpack.securitySolution.detectionEngine.mitreAttack.addSubtechniqueTitle",{defaultMessage:"Add subtechnique"}),C=x.i18n.translate("xpack.securitySolution.detectionEngine.mitreAttack.tacticPlaceHolderDescription",{defaultMessage:"Select a tactic ..."}),M=x.i18n.translate("xpack.securitySolution.detectionEngine.mitreAttack.techniquePlaceHolderDescription",{defaultMessage:"Select a technique ..."}),F=x.i18n.translate("xpack.securitySolution.detectionEngine.mitreAttack.subtechniquePlaceHolderDescription",{defaultMessage:"Select a subtechnique ..."}),D=s.a.div.withConfig({displayName:"SubtechniqueContainer",componentId:"sc-1wna1kp-0"})(["margin-left:48px;"]),A=({field:e,idAria:t,isDisabled:o,threatIndex:s,techniqueIndex:l,onFieldChange:c})=>{const u=e.value,[m,g]=Object(i.useState)([]);Object(i.useEffect)((()=>{!async function(){const e=await a.e(19).then(a.bind(null,1443));g(e.subtechniques)}()}),[]);const f=Object(i.useMemo)((()=>{var e;return[...null!==(e=u[s].technique)&&void 0!==e?e:[]]}),[u,s]),b=Object(i.useCallback)((t=>{var a;const n=[...e.value],i=null!==(a=f[l].subtechnique)&&void 0!==a?a:[];null!=i&&(i.splice(t,1),f[l]={...f[l],subtechnique:i},n[s].technique=f,c(n))}),[e,c,l,f,s]),h=Object(i.useCallback)((()=>{const t=[...e.value],a=f[l].subtechnique;f[l]=null!=a?{...f[l],subtechnique:[...a,{id:"none",name:"none",reference:"none"}]}:{...f[l],subtechnique:[{id:"none",name:"none",reference:"none"}]},t[s].technique=f,c(t)}),[e,c,l,f,s]),E=Object(i.useCallback)(((t,a)=>{const n=[...e.value],{id:i,reference:r,name:o}=m.find((e=>e.value===a))||{id:"",name:"",reference:""},u=f[l].subtechnique;null!=u&&c([...n.slice(0,s),{...n[s],technique:[...f.slice(0,l),{...f[l],subtechnique:[...u.slice(0,t),{id:i,reference:r,name:o},...u.slice(t+1)]},...f.slice(l+1)]},...n.slice(s+1)])}),[e.value,m,f,l,c,s]),v=Object(i.useCallback)(((t,a,i)=>{const o=m.filter((e=>e.techniqueId===f[l].id));return r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSuperSelect,{id:"mitreAttackSubtechnique",options:[..."none"===i.name?[{inputDisplay:r.a.createElement(r.a.Fragment,null,F),value:"none",disabled:a}]:[],...o.map((e=>({inputDisplay:r.a.createElement(r.a.Fragment,null,e.label),value:e.value,disabled:a})))],prepend:`${e.label} ${j}`,"aria-label":"",onChange:E.bind(null,t),fullWidth:!0,valueOfSelected:Object(d.camelCase)(i.name),"data-test-subj":"mitreAttackSubtechnique",disabled:a,placeholder:F}))}),[m,e.label,E,f,l]),x=Object(i.useMemo)((()=>f[l].subtechnique),[f,l]);return r.a.createElement(D,null,null!=x&&x.map(((e,a)=>r.a.createElement("div",{key:a},r.a.createElement(n.EuiSpacer,{size:"s"}),r.a.createElement(n.EuiFormRow,{fullWidth:!0,describedByIds:t?[`${t} ${j}`]:void 0},r.a.createElement(n.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},r.a.createElement(n.EuiFlexItem,{grow:!0},v(a,o,e)),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiButtonIcon,{color:"danger",iconType:"trash",isDisabled:o,onClick:()=>b(a),"aria-label":p.ub}))))))),r.a.createElement(y,{"data-test-subj":"addMitreAttackSubtechnique",onClick:h,isDisabled:o},T))},_=(e,t)=>e.some((e=>e.techniqueId===t.id)),N=s.a.div.withConfig({displayName:"TechniqueContainer",componentId:"sc-1e8h3t0-0"})(["",""],(({theme:e})=>Object(o.css)(["margin-left:24px;padding-left:24px;border-left:2px solid ",";"],e.eui.euiColorLightestShade))),R=({field:e,idAria:t,isDisabled:o,threatIndex:s,onFieldChange:l})=>{var c;const u=e.value,[m,g]=Object(i.useState)([]),[f,b]=Object(i.useState)([]);Object(i.useEffect)((()=>{!async function(){const e=await a.e(19).then(a.bind(null,1443));g(e.techniques),b(e.subtechniques)}()}),[]);const h=Object(i.useCallback)((t=>{var a;const n=[...e.value],i=null!==(a=n[s].technique)&&void 0!==a?a:[];i.splice(t,1),n[s]={...n[s],technique:i},l(n)}),[e,s,l]),E=Object(i.useCallback)((()=>{var t;const a=[...e.value];a[s]={...a[s],technique:[...null!==(t=a[s].technique)&&void 0!==t?t:[],{id:"none",name:"none",reference:"none",subtechnique:[]}]},l(a)}),[e,s,l]),v=Object(i.useCallback)(((t,a)=>{var n;const i=[...e.value],{id:r,reference:o,name:c}=m.find((e=>e.value===a))||{id:"",name:"",reference:""},u=null!==(n=i[s].technique)&&void 0!==n?n:[];l([...i.slice(0,s),{...i[s],technique:[...u.slice(0,t),{id:r,reference:o,name:c,subtechnique:[]},...u.slice(t+1)]},...i.slice(s+1)])}),[e.value,m,s,l]),x=Object(i.useCallback)(((t,a,i,o)=>{const s=m.filter((e=>e.tactics.includes(Object(d.kebabCase)(t))));return r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSuperSelect,{id:"mitreAttackTechnique",options:[..."none"===o.name?[{inputDisplay:r.a.createElement(r.a.Fragment,null,M),value:"none",disabled:i}]:[],...s.map((e=>({inputDisplay:r.a.createElement(r.a.Fragment,null,e.label),value:e.value,disabled:i})))],prepend:`${e.label} ${w}`,"aria-label":"",onChange:v.bind(null,a),fullWidth:!0,valueOfSelected:Object(d.camelCase)(o.name),"data-test-subj":"mitreAttackTechnique",disabled:i,placeholder:M}))}),[e.label,m,v]),k=null!==(c=u[s].technique)&&void 0!==c?c:[];return r.a.createElement(N,null,k.map(((a,i)=>r.a.createElement("div",{key:i},r.a.createElement(n.EuiSpacer,{size:"s"}),r.a.createElement(n.EuiFormRow,{fullWidth:!0,describedByIds:t?[`${t} ${w}`]:void 0},r.a.createElement(n.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},r.a.createElement(n.EuiFlexItem,{grow:!0},x(u[s].tactic.name,i,o,a)),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiButtonIcon,{color:"danger",iconType:"trash",isDisabled:o,onClick:()=>h(i),"aria-label":p.ub})))),r.a.createElement(A,{field:e,idAria:t,isDisabled:o||"none"===a.name||!1===_(f,a),threatIndex:s,techniqueIndex:i,onFieldChange:l})))),r.a.createElement(y,{"data-test-subj":"addMitreAttackTechnique",onClick:E,isDisabled:o},I))},q=s.a.div.withConfig({displayName:"MitreAttackContainer",componentId:"sc-17z3rkk-0"})(["margin-top:16px;"]),P=s()(n.EuiFormRow).withConfig({displayName:"InitialMitreAttackFormRow",componentId:"sc-17z3rkk-1"})([".euiFormRow__labelWrapper{.euiText{padding-right:32px;}}"]),L=Object(i.memo)((({field:e,idAria:t,isDisabled:o})=>{const s=Object(i.useCallback)((t=>{const a=[...e.value];a.splice(t,1),Object(d.isEmpty)(a)?e.setValue(v):e.setValue(a)}),[e]),l=Object(i.useCallback)((()=>{const t=[...e.value];Object(d.isEmpty)(t[t.length-1])?e.setValue([{tactic:{id:"none",name:"none",reference:"none"},technique:[]}]):e.setValue([...t,{tactic:{id:"none",name:"none",reference:"none"},technique:[]}])}),[e]),[c,u]=Object(i.useState)([]);Object(i.useEffect)((()=>{!async function(){const e=await a.e(19).then(a.bind(null,1443));u(e.tactics)}()}),[]);const m=Object(i.useCallback)(((t,a)=>{const n=[...e.value],{id:i,reference:r,name:o}=c.find((e=>e.value===a))||{id:"",name:"",reference:""};n.splice(t,1,{...n[t],tactic:{id:i,reference:r,name:o},technique:[]}),e.setValue([...n])}),[e,c]),g=Object(i.useMemo)((()=>[...e.value]),[e]),f=Object(i.useCallback)(((t,a,i)=>{const l=t.tactic.name;return r.a.createElement(n.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},r.a.createElement(n.EuiFlexItem,{grow:!0},r.a.createElement(n.EuiSuperSelect,{id:"mitreAttackTactic",options:[..."none"===l?[{inputDisplay:r.a.createElement(r.a.Fragment,null,C),value:"none",disabled:i}]:[],...c.map((e=>({inputDisplay:r.a.createElement(r.a.Fragment,null,e.label),value:e.value,disabled:i})))],prepend:`${e.label} ${S}`,"aria-label":"",onChange:m.bind(null,a),fullWidth:!0,valueOfSelected:Object(d.camelCase)(l),"data-test-subj":"mitreAttackTactic",placeholder:C})),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiButtonIcon,{color:"danger",iconType:"trash",isDisabled:o||Object(h.isEqual)(g,v),onClick:()=>s(a),"aria-label":p.ub})))}),[e.label,o,s,c,m,g]),b=Object(i.useCallback)((t=>{e.setValue(t)}),[e]);return r.a.createElement(q,null,g.map(((a,i)=>r.a.createElement("div",{key:i},0===i?r.a.createElement(P,{fullWidth:!0,label:`${e.label} ${k}`,labelAppend:e.labelAppend,describedByIds:t?[`${t} ${S}`]:void 0},r.a.createElement(r.a.Fragment,null,f(a,i,o))):r.a.createElement(n.EuiFormRow,{fullWidth:!0,describedByIds:t?[`${t} ${S}`]:void 0},f(a,i,o)),r.a.createElement(R,{field:e,threatIndex:i,isDisabled:o||"none"===a.tactic.name,idAria:t,onFieldChange:b})))),r.a.createElement(y,{"data-test-subj":"addMitreAttackTactic",onClick:l,isDisabled:o},O))}));var B=a(739),z=a(228),$=a(893),V=a(589),G=a(469),U=a(481),H=a(316),W=a(102),Q=a(810);const Y=s.a.div.withConfig({displayName:"NestedContent",componentId:"sc-1dv52ek-0"})(["margin-left:24px;"]),K=s()(n.EuiFlexItem).withConfig({displayName:"EuiFlexItemComboBoxColumn",componentId:"sc-1dv52ek-1"})(["max-width:376px;"]),Z=s()(n.EuiFlexItem).withConfig({displayName:"EuiFlexItemIconColumn",componentId:"sc-1dv52ek-2"})(["width:20px;"]),J=s()(n.EuiFlexItem).withConfig({displayName:"EuiFlexItemSeverityColumn",componentId:"sc-1dv52ek-3"})(["width:80px;"]),X=({dataTestSubj:e,field:t,idAria:a,indices:o,isDisabled:s,options:l,setRiskScore:c})=>{const{services:u}=Object(W.j)(),{value:p,isMappingChecked:m,mapping:g}=t.value,{setValue:y}=t,f=Object(i.useCallback)(((e,t)=>{y({value:p,isMappingChecked:m,mapping:[...g.slice(0,t),...e,...g.slice(t+1)]})}),[p,m,g,y]),b=Object(i.useCallback)(((e,t,[a])=>{var n;const i=[{...g[e],field:null!==(n=null==a?void 0:a.name)&&void 0!==n?n:"",value:null!=a?g[e].value:"",operator:"equals",severity:t}];f(i,e)}),[g,f]),h=Object(i.useCallback)((e=>{y({value:e,isMappingChecked:m,mapping:g}),c(e)}),[m,g,y,c]),E=Object(i.useCallback)(((e,t,a)=>{const n=[{...g[e],field:g[e].field,value:null!=g[e].field&&""!==g[e].field?a:"",operator:"equals",severity:t}];f(n,e)}),[g,f]),v=Object(i.useCallback)((()=>{y({value:p,mapping:[...g],isMappingChecked:!m})}),[m,g,p,y]),x=Object(i.useMemo)((()=>r.a.createElement("div",null,r.a.createElement(n.EuiFlexGroup,{gutterSize:"s"},r.a.createElement(n.EuiFlexItem,null,Q.b)),r.a.createElement(n.EuiSpacer,{size:"xs"}),r.a.createElement(n.EuiText,{size:"xs"},Q.c))),[]),k=Object(i.useMemo)((()=>r.a.createElement("div",null,r.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s",onClick:s?d.noop:v},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiCheckbox,{id:"severity-mapping-override",checked:m,disabled:s,onChange:v})),r.a.createElement(n.EuiFlexItem,null,Q.d)),r.a.createElement(n.EuiSpacer,{size:"xs"}),r.a.createElement(Y,null,r.a.createElement(n.EuiText,{size:"xs"},Q.e)))),[v,s,m]);return r.a.createElement(n.EuiFlexGroup,{direction:"column"},r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiFormRow,{label:x,labelAppend:t.labelAppend,helpText:t.helpText,error:"errorMessage",isInvalid:!1,fullWidth:!0,"data-test-subj":"detectionEngineStepAboutRuleSeverity",describedByIds:["detectionEngineStepAboutRuleSeverity"]},r.a.createElement(n.EuiSuperSelect,{fullWidth:!1,disabled:!1,valueOfSelected:p,onChange:h,options:l,"data-test-subj":"select"}))),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiFormRow,{label:k,labelAppend:t.labelAppend,helpText:m?r.a.createElement(Y,null,Q.f):"",error:"errorMessage",isInvalid:!1,fullWidth:!0,"data-test-subj":`${e}-severityOverride`,describedByIds:a?[a]:void 0},r.a.createElement(Y,null,r.a.createElement(n.EuiSpacer,{size:"s"}),m&&r.a.createElement(n.EuiFlexGroup,{direction:"column",gutterSize:"s"},r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s"},r.a.createElement(K,null,r.a.createElement(n.EuiFormLabel,null,Q.g)),r.a.createElement(K,null,r.a.createElement(n.EuiFormLabel,null,Q.h)),r.a.createElement(Z,{grow:!1}),r.a.createElement(J,{grow:!1},r.a.createElement(n.EuiFormLabel,null,Q.a)))),g.map(((e,t)=>{var a;return r.a.createElement(n.EuiFlexItem,{key:`${e.severity}-${t}`},r.a.createElement(n.EuiFlexGroup,{"data-test-subj":"severityOverrideRow",alignItems:"center",gutterSize:"s"},r.a.createElement(K,null,r.a.createElement(H.b,{placeholder:"",selectedField:ee(e,o),isLoading:!1,isDisabled:s,isClearable:!1,indexPattern:o,onChange:b.bind(null,t,e.severity),"data-test-subj":`detectionEngineStepAboutRuleSeverityMappingField-${e.severity}-${t}`,"aria-label":`detectionEngineStepAboutRuleSeverityMappingField-${e.severity}-${t}`})),r.a.createElement(K,null,r.a.createElement(H.a,{autocompleteService:u.unifiedSearch.autocomplete,placeholder:"",selectedField:ee(e,o),selectedValue:e.value,isClearable:!1,isDisabled:s,isLoading:!1,indexPattern:o,onChange:E.bind(null,t,e.severity),"data-test-subj":`detectionEngineStepAboutRuleSeverityMappingValue-${e.severity}-${t}`,"aria-label":`detectionEngineStepAboutRuleSeverityMappingValue-${e.severity}-${t}`})),r.a.createElement(Z,{grow:!1},r.a.createElement(n.EuiIcon,{type:"sortRight"})),r.a.createElement(J,{grow:!1},null===(a=l.find((t=>t.value===e.severity)))||void 0===a?void 0:a.inputDisplay)))})))))))},ee=(e,t)=>{const{field:a}=e,[n]=t.fields.filter((({name:e})=>a===e));return null!=n?n:{name:a,type:"string"}};var te=a(811);const ae=s.a.div.withConfig({displayName:"NestedContent",componentId:"sc-1udkauk-0"})(["margin-left:24px;"]),ne=s()(n.EuiFlexItem).withConfig({displayName:"EuiFlexItemComboBoxColumn",componentId:"sc-1udkauk-1"})(["max-width:376px;"]),ie=s()(n.EuiFlexItem).withConfig({displayName:"EuiFlexItemIconColumn",componentId:"sc-1udkauk-2"})(["width:20px;"]),re=s()(n.EuiFlexItem).withConfig({displayName:"EuiFlexItemRiskScoreColumn",componentId:"sc-1udkauk-3"})(["width:160px;"]),oe=({dataTestSubj:e,field:t,idAria:a,indices:o,isDisabled:s,placeholder:l})=>{const{value:c,isMappingChecked:u,mapping:p}=t.value,{setValue:m}=t,g=Object(i.useMemo)((()=>["number"]),[]),y=Object(i.useMemo)((()=>se(p,o)),[p,o]),f=Object(i.useCallback)((e=>{const t=e.target.value;m({value:Number(t.trim()),isMappingChecked:u,mapping:p})}),[m,u,p]),b=Object(i.useCallback)((([e])=>{var t;m({value:c,isMappingChecked:u,mapping:[{field:null!==(t=null==e?void 0:e.name)&&void 0!==t?t:"",operator:"equals",value:"",risk_score:void 0}]})}),[m,c,u]),h=Object(i.useCallback)((()=>{m({value:c,isMappingChecked:!u,mapping:[...p]})}),[m,c,u,p]),E=Object(i.useMemo)((()=>r.a.createElement("div",null,r.a.createElement(n.EuiFlexGroup,{gutterSize:"s"},r.a.createElement(n.EuiFlexItem,null,te.a)),r.a.createElement(n.EuiSpacer,{size:"xs"}),r.a.createElement(n.EuiText,{size:"xs"},te.c))),[]),v=Object(i.useMemo)((()=>r.a.createElement("div",null,r.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s",onClick:s?d.noop:h},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiCheckbox,{id:"risk_score-mapping-override",checked:u,disabled:s,onChange:h})),r.a.createElement(n.EuiFlexItem,null,te.e)),r.a.createElement(n.EuiSpacer,{size:"xs"}),r.a.createElement(ae,null,r.a.createElement(n.EuiText,{size:"xs"},te.f)))),[u,h,s]);return r.a.createElement(n.EuiFlexGroup,{direction:"column"},r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiFormRow,{label:E,labelAppend:t.labelAppend,helpText:t.helpText,error:"errorMessage",isInvalid:!1,fullWidth:!0,"data-test-subj":`${e}-defaultRisk`,describedByIds:a?[a]:void 0},r.a.createElement(n.EuiRange,{value:c,onChange:f,max:100,min:0,showRange:!0,showInput:!0,fullWidth:!1,showTicks:!0,tickInterval:25,"data-test-subj":`${e}-defaultRiskRange`}))),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiFormRow,{label:v,labelAppend:t.labelAppend,helpText:u?r.a.createElement(ae,null,te.g):"",error:"errorMessage",isInvalid:!1,fullWidth:!0,"data-test-subj":`${e}-riskOverride`,describedByIds:a?[a]:void 0},r.a.createElement(ae,null,r.a.createElement(n.EuiSpacer,{size:"s"}),u&&r.a.createElement(n.EuiFlexGroup,{direction:"column",gutterSize:"s"},r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s"},r.a.createElement(ne,null,r.a.createElement(n.EuiFormLabel,null,te.h)),r.a.createElement(ie,{grow:!1}),r.a.createElement(re,{grow:!1},r.a.createElement(n.EuiFormLabel,null,te.a)))),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s"},r.a.createElement(ne,null,r.a.createElement(H.b,{placeholder:null!=l?l:"",indexPattern:o,selectedField:y,fieldTypeFilter:g,isLoading:!1,isClearable:!1,isDisabled:s,onChange:b,"data-test-subj":e,"aria-label":a})),r.a.createElement(ie,{grow:!1},r.a.createElement(n.EuiIcon,{type:"sortRight"})),r.a.createElement(re,{grow:!1},r.a.createElement(n.EuiText,{size:"s"},te.d)))))))))},se=(e,t)=>{var a,n;const i=null!==(a=null==e||null===(n=e[0])||void 0===n?void 0:n.field)&&void 0!==a?a:"",[r]=t.fields.filter((({name:e})=>null!=i&&i===e));return null!=r?r:{name:i,type:"number"}},le=({dataTestSubj:e,field:t,idAria:a,indices:o,isDisabled:s,fieldType:l,placeholder:c})=>{const u=Object(i.useCallback)((([e])=>{var a;t.setValue(null!==(a=null==e?void 0:e.name)&&void 0!==a?a:"")}),[t]),d=Object(i.useMemo)((()=>{var e;const a=null!==(e=t.value)&&void 0!==e?e:"",[n]=o.fields.filter((({name:e})=>null!=a&&a===e));return n}),[t.value,o]),p=Object(i.useMemo)((()=>[l]),[l]);return r.a.createElement(n.EuiFormRow,{"data-test-subj":e,describedByIds:a?[a]:void 0,fullWidth:!0,helpText:t.helpText,label:t.label,labelAppend:t.labelAppend},r.a.createElement(H.b,{placeholder:null!=c?c:"",indexPattern:o,selectedField:d,fieldTypeFilter:p,isLoading:!1,isDisabled:s,isClearable:!1,onChange:u,"data-test-subj":e,"aria-label":a,fieldInputWidth:500}))};var ce=a(183),ue=a(4),de=a(881),pe=a(894);const me=Object(m.j)({component:m.b});s.a.div.withConfig({displayName:"ThreeQuartersContainer",componentId:"sc-1uryycj-0"})(["max-width:740px;"]).displayName="ThreeQuartersContainer";const ge=s.a.div.withConfig({displayName:"TagContainer",componentId:"sc-1uryycj-1"})(["margin-top:16px;"]);ge.displayName="TagContainer";const ye=({ruleType:e,machineLearningJobId:t,index:a,dataViewId:o,timestampOverride:s,isActive:c=!1,isUpdateView:u=!1,isLoading:d,form:p})=>{const{data:g}=Object(W.j)().services,y=Object(i.useMemo)((()=>Object(l.f)(e)),[e]),{ruleIndices:b}=Object(de.a)(t,a),[h,{indexPatterns:E}]=Object(ce.b)(b),[v,x]=Object(i.useState)(E);Object(i.useEffect)((()=>{null==a||""!==o&&null!=o||x(E)}),[o,a,E]),Object(i.useEffect)((()=>{(async()=>{if(null!=o&&""!==o){const e=await g.dataViews.get(o);x(e)}})()}),[g.dataViews,o,E,x]);const{getFields:k}=p,S=Object(i.useCallback)((e=>{const t=B.h[e];if(null!=t){const e=k().riskScore;e.setValue({...e.value,value:t})}}),[k]);return r.a.createElement(r.a.Fragment,null,r.a.createElement(G.a,{addPadding:!u},r.a.createElement(m.c,{form:p},r.a.createElement(me,{path:"name",componentProps:{idAria:"detectionEngineStepAboutRuleName","data-test-subj":"detectionEngineStepAboutRuleName",euiFieldProps:{fullWidth:!0,disabled:d}}}),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(me,{path:"description",componentProps:{idAria:"detectionEngineStepAboutRuleDescription","data-test-subj":"detectionEngineStepAboutRuleDescription",euiFieldProps:{disabled:d,compressed:!0,fullWidth:!0}}}),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(m.e,{path:"severity",component:X,componentProps:{dataTestSubj:"detectionEngineStepAboutRuleSeverityField",idAria:"detectionEngineStepAboutRuleSeverityField",isDisabled:d||h,options:B.i,indices:v,setRiskScore:S}})),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(me,{path:"riskScore",component:oe,componentProps:{dataTestSubj:"detectionEngineStepAboutRuleRiskScore",idAria:"detectionEngineStepAboutRuleRiskScore",isDisabled:d||h,indices:v}})),r.a.createElement(ge,null,r.a.createElement(me,{path:"tags",componentProps:{idAria:"detectionEngineStepAboutRuleTags","data-test-subj":"detectionEngineStepAboutRuleTags",euiFieldProps:{fullWidth:!0,isDisabled:d||h,placeholder:""}}})),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(n.EuiAccordion,{"data-test-subj":"advancedSettings",id:"advancedSettingsAccordion",buttonContent:V.d},r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(m.e,{path:"references",component:f,componentProps:{addText:V.b,idAria:"detectionEngineStepAboutRuleReferenceUrls",isDisabled:d,dataTestSubj:"detectionEngineStepAboutRuleReferenceUrls",validate:z.c}}),r.a.createElement(m.e,{path:"falsePositives",component:f,componentProps:{addText:V.a,idAria:"detectionEngineStepAboutRuleFalsePositives",isDisabled:d,dataTestSubj:"detectionEngineStepAboutRuleFalsePositives"}}),r.a.createElement(m.e,{path:"threat",component:L,componentProps:{idAria:"detectionEngineStepAboutRuleMitreThreat",isDisabled:d,dataTestSubj:"detectionEngineStepAboutRuleMitreThreat"}}),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(m.e,{path:"investigationFields",component:pe.a,componentProps:{browserFields:v.fields,isDisabled:d||h,fullWidth:!0}}),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(m.e,{path:"note",component:U.a,componentProps:{idAria:"detectionEngineStepAboutRuleNote",isDisabled:d,dataTestSubj:"detectionEngineStepAboutRuleNote",placeholder:V.c}}),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(me,{path:"author",componentProps:{idAria:"detectionEngineStepAboutRuleAuthor","data-test-subj":"detectionEngineStepAboutRuleAuthor",euiFieldProps:{fullWidth:!0,isDisabled:d,placeholder:""}}}),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(me,{path:"license",componentProps:{idAria:"detectionEngineStepAboutRuleLicense","data-test-subj":"detectionEngineStepAboutRuleLicense",euiFieldProps:{fullWidth:!0,disabled:d,placeholder:""}}}),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(n.EuiFormRow,{label:V.g,fullWidth:!0},r.a.createElement(me,{path:"isAssociatedToEndpointList",componentProps:{idAria:"detectionEngineStepAboutRuleAssociatedToEndpointList","data-test-subj":"detectionEngineStepAboutRuleAssociatedToEndpointList",euiFieldProps:{disabled:d}}})),r.a.createElement(n.EuiFormRow,{label:V.e,fullWidth:!0},r.a.createElement(me,{path:"isBuildingBlock",componentProps:{idAria:"detectionEngineStepAboutRuleBuildingBlock","data-test-subj":"detectionEngineStepAboutRuleBuildingBlock",euiFieldProps:{disabled:d}}})),r.a.createElement(n.EuiSpacer,{size:"l"}),y&&r.a.createElement(r.a.Fragment,null,r.a.createElement(me,{path:"threatIndicatorPath",componentProps:{idAria:"detectionEngineStepAboutThreatIndicatorPath","data-test-subj":"detectionEngineStepAboutThreatIndicatorPath",euiFieldProps:{fullWidth:!0,disabled:d,placeholder:ue.I}}})),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(m.e,{path:"ruleNameOverride",component:le,componentProps:{dataTestSubj:"detectionEngineStepAboutRuleRuleNameOverride",fieldType:"string",idAria:"detectionEngineStepAboutRuleRuleNameOverride",indices:v,isDisabled:d||h,placeholder:""}}),r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(m.e,{path:"timestampOverride",component:le,componentProps:{dataTestSubj:"detectionEngineStepAboutRuleTimestampOverride",fieldType:"date",idAria:"detectionEngineStepAboutRuleTimestampOverride",indices:v,isDisabled:d||h,placeholder:""}}),!!s&&"@timestamp"!==s&&r.a.createElement(r.a.Fragment,null,r.a.createElement(me,{path:"timestampOverrideFallbackDisabled",componentProps:{idAria:"detectionTimestampOverrideFallbackDisabled","data-test-subj":"detectionTimestampOverrideFallbackDisabled",euiFieldProps:{disabled:d}}}))))))},fe=Object(i.memo)(ye),be=({addPadding:e,defaultValues:t,descriptionColumns:a,isInPanelView:n=!1})=>r.a.createElement(G.a,{"data-test-subj":"aboutStep",addPadding:e},r.a.createElement(b.a,{columns:a,schema:$.a,data:t,isInPanelView:n})),he=Object(i.memo)(be)},,function(e,t,a){"use strict";a.d(t,"a",(function(){return f}));var n=a(2),i=a.n(n),r=a(42),o=a(822),s=a(40),l=a(44),c=a(108),u=a(375),d=a(239),p=a(461),m=a(399);const g=i.a.memo((({endpointId:e,hostName:t,casesInfo:a,cancelCallback:r,successCallback:o})=>{const[g,y]=Object(n.useState)(""),[f,b]=Object(n.useState)(!1),h=a.map((e=>e.id)),{loading:E,isolateHost:v}=(({endpointId:e,comment:t,caseIds:a})=>{const[i,r]=Object(n.useState)(!1),{addError:o}=Object(c.a)();return{loading:i,isolateHost:Object(n.useCallback)((async()=>{try{r(!0);const n=await Object(d.b)({endpointId:e,comment:t,caseIds:a&&a.length>0?a:void 0});return r(!1),!!n.action}catch(e){return r(!1),o(e.message,{title:u.b}),!1}}),[e,t,a,o])}})({endpointId:e,comment:g,caseIds:h}),x=Object(n.useCallback)((async()=>{const e=await v();b(e),e&&o&&o()}),[v,o]),k=Object(n.useCallback)((()=>r()),[r]),S=Object(n.useCallback)((({comment:e})=>y(e)),[]),w=Object(n.useMemo)((()=>a.length),[a]),j=Object(n.useMemo)((()=>i.a.createElement(m.a,{onClick:k,buttonText:p.c})),[k]),O=Object(n.useMemo)((()=>i.a.createElement(i.a.Fragment,null,i.a.createElement(s.EuiSpacer,{size:"m"}),i.a.createElement(m.b,{hostName:t,onCancel:k,onConfirm:x,onChange:S,comment:g,isLoading:E,messageAppend:i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.detections.hostIsolation.impactedCases",defaultMessage:"This action will be added to {cases}.",values:{cases:i.a.createElement("b",null,Object(p.a)(w))}})}))),[t,k,x,S,g,E,w]);return f?j:O}));g.displayName="IsolateHost";const y=i.a.memo((({endpointId:e,hostName:t,casesInfo:a,cancelCallback:r,successCallback:o})=>{const[g,y]=Object(n.useState)(""),[f,b]=Object(n.useState)(!1),h=a.map((e=>e.id)),{loading:E,unIsolateHost:v}=(({endpointId:e,comment:t,caseIds:a})=>{const[i,r]=Object(n.useState)(!1),{addError:o}=Object(c.a)();return{loading:i,unIsolateHost:Object(n.useCallback)((async()=>{try{r(!0);const n=await Object(d.c)({endpointId:e,comment:t,caseIds:a&&a.length>0?a:void 0});return r(!1),!!n.action}catch(e){return r(!1),o(e.message,{title:u.b}),!1}}),[e,t,a,o])}})({endpointId:e,comment:g,caseIds:h}),x=Object(n.useCallback)((async()=>{const e=await v();b(e),e&&o&&o()}),[o,v]),k=Object(n.useCallback)((()=>r()),[r]),S=Object(n.useCallback)((({comment:e})=>y(e)),[]),w=Object(n.useMemo)((()=>a.length),[a]),j=Object(n.useMemo)((()=>i.a.createElement(m.a,{onClick:k,buttonText:p.c})),[k]),O=Object(n.useMemo)((()=>i.a.createElement(i.a.Fragment,null,i.a.createElement(s.EuiSpacer,{size:"m"}),i.a.createElement(m.d,{hostName:t,onCancel:k,onConfirm:x,onChange:S,comment:g,isLoading:E,messageAppend:i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.detections.hostIsolation.impactedCases",defaultMessage:"This action will be added to {cases}.",values:{cases:i.a.createElement("b",null,Object(p.a)(w))}})}))),[t,k,x,S,g,E,w]);return f?j:O}));y.displayName="UnisolateHost";const f=i.a.memo((({details:e,cancelCallback:t,successCallback:a,isolateAction:s})=>{const l=Object(n.useMemo)((()=>{var t;const a=null===(t=Object(r.find)({category:"agent",field:"agent.id"},e))||void 0===t?void 0:t.values;return a?a[0]:""}),[e]),c=Object(n.useMemo)((()=>{var t;const a=null===(t=Object(r.find)({category:"host",field:"host.name"},e))||void 0===t?void 0:t.values;return a?a[0]:""}),[e]),u=Object(n.useMemo)((()=>{var t;const a=null===(t=Object(r.find)({category:"_id",field:"_id"},e))||void 0===t?void 0:t.values;return a?a[0]:""}),[e]),{casesInfo:d}=Object(o.a)({alertId:u});return"isolateHost"===s?i.a.createElement(g,{endpointId:l,hostName:c,casesInfo:d,cancelCallback:t,successCallback:a}):i.a.createElement(y,{endpointId:l,hostName:c,casesInfo:d,cancelCallback:t,successCallback:a})}));f.displayName="HostIsolationContent"},,function(e,t,a){"use strict";a.d(t,"a",(function(){return g})),a.d(t,"b",(function(){return y})),a.d(t,"c",(function(){return f}));var n=a(8),i=a(197),r=a(102),o=a(213),s=a(3),l=a(51);const c=e=>"parsing_exception"===e||"verification_exception"===e||"mapping_exception"===e,u=e=>Object(n.has)(e,"error.type"),d=e=>e.error.root_cause.filter((e=>c(e.type))).map((e=>e.reason));var p=a(371);let m;!function(e){e.FAILED_REQUEST="ERR_FAILED_REQUEST",e.INVALID_EQL="ERR_INVALID_EQL"}(m||(m={}));const g=(e,t)=>{let a,n=[];return(...i)=>(a&&clearTimeout(a),a=setTimeout((()=>{const t=e(...i);n.forEach((e=>e(t))),n=[]}),t),new Promise((e=>n.push(e))))},y=async(...e)=>{const[{value:t,formData:a}]=e,{query:g}=t,y=g.query,{dataViewId:f,index:b,ruleType:h}=a;if(void 0===h&&!Object(n.isEmpty)(y)||Object(i.b)(h)&&!Object(n.isEmpty)(y))try{const{data:e}=r.b.get();let t=null==b?void 0:b.join(),i={};if(null!=f&&""!==f&&a.dataSourceType===o.a.DataView){const a=await e.dataViews.get(f);t=a.title,i=a.getRuntimeMappings()}const p=(new AbortController).signal,g=await(async({data:e,dataViewTitle:t,query:a,signal:i,runtimeMappings:r})=>{const{rawResponse:o}=await Object(s.firstValueFrom)(e.search.search({params:{index:t,body:{query:a,runtime_mappings:r,size:0}},options:{ignore:[400]}},{strategy:l.EQL_SEARCH_STRATEGY,abortSignal:i}));if((e=>u(e)&&c(Object(n.get)(e,"error.type")))(o.body))return{valid:!1,errors:d(o.body)};if(u(o.body))throw new Error(JSON.stringify(o.body));return{valid:!0,errors:[]}})({data:e,query:y,signal:p,dataViewTitle:t,runtimeMappings:i});if(!1===(null==g?void 0:g.valid))return{code:m.INVALID_EQL,message:"",messages:g.errors}}catch(e){return{code:m.FAILED_REQUEST,message:p.m,error:e}}},f=e=>{const t=e.errors.length>0,a=!e.isChangingValue&&!t;if(t){const[t]=e.errors,n=t.message;return t.code===m.INVALID_EQL?{isValid:a,message:n,messages:t.messages}:{isValid:a,message:n,error:t.error}}return{isValid:a,message:""}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(104),i=a.n(n),r=(a(2),a(53)),o=a.n(r),s=a(40),l=a(21);const c={iconType:"questionInCircle",color:"gray"},u={binary:{iconType:"tokenBinary"},boolean:{iconType:"tokenBoolean"},conflict:{iconType:"warning",color:"euiColorVis9",shape:"square"},date:{iconType:"tokenDate"},date_range:{iconType:"tokenDate"},dense_vector:{iconType:"tokenDenseVector"},geo_point:{iconType:"tokenGeo"},geo_shape:{iconType:"tokenGeo"},ip:{iconType:"tokenIP"},ip_range:{iconType:"tokenIP"},flattened:{iconType:"tokenFlattened"},match_only_text:{iconType:"tokenString"},murmur3:{iconType:"tokenSearchType"},number:{iconType:"tokenNumber"},number_range:{iconType:"tokenNumber"},rank_feature:{iconType:"tokenRankFeature"},rank_features:{iconType:"tokenRankFeatures"},histogram:{iconType:"tokenHistogram"},_source:{iconType:"editorCodeBlock",color:"gray"},point:{iconType:"tokenShape"},shape:{iconType:"tokenShape"},string:{iconType:"tokenString"},text:{iconType:"tokenString"},keyword:{iconType:"tokenKeyword"},gauge:{iconType:"tokenMetricGauge"},counter:{iconType:"tokenMetricCounter"},nested:{iconType:"tokenNested"},version:{iconType:"tokenTag"}};function d({type:e,label:t,size:a="s",scripted:n,className:r,...d}){const p=u[e]||c;return Object(l.jsx)(s.EuiToken,i()({},p,{className:o()("kbnFieldIcon",r),"aria-label":t||e,title:t||e,size:a,fill:n?"dark":void 0},d))}a(1269);Object.keys({xs:"kbnFieldButton--xs",s:"kbnFieldButton--s"})},function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(2),i=a.n(n),r=a(181),o=a(333),s=a(102),l=a(470),c=a(265);const u=a(5).i18n.translate("xpack.securitySolution.detectionEngine.rulesSnoozeBadge.error.unableToFetch",{defaultMessage:"Unable to fetch snooze settings"});function d({ruleId:e,showTooltipInline:t=!1}){const a=Object(s.j)().services.triggersActionsUi.getRulesListNotifyBadge,{snoozeSettings:n,error:d}=function(e){var t,a;const{state:{rulesSnoozeSettings:n}}=null!==(t=Object(c.c)())&&void 0!==t?t:{state:{}},{data:i,isFetching:r,isError:o}=Object(l.a)([e],{enabled:!(null!=n&&n.data[e]||null!=n&&n.isFetching)}),s=null!==(a=null==n?void 0:n.data[e])&&void 0!==a?a:null==i?void 0:i[e],d=(null==n?void 0:n.isFetching)||r;return{snoozeSettings:s,error:(null==n?void 0:n.isError)||o||!s&&!d?u:void 0}}(e),[{canUserCRUD:p}]=Object(r.b)(),m=Object(o.c)(p),g=Object(l.b)();return i.a.createElement(a,{ruleId:e,snoozeSettings:n,loading:!n&&!d,disabled:!m||d,showTooltipInline:t,onRuleChanged:g})}},,,function(e,t,a){"use strict";a.d(t,"a",(function(){return E})),a.d(t,"b",(function(){return x}));var n=a(2),i=a.n(n),r=a(5),o=a(40),s=a(141),l=a(290),c=a(829),u=a(107),d=a(732),p=a(794),m=a(102),g=a(368),y=a(827),f=a(126),b=a(487),h=a(381);const E=Object.freeze({flyoutEditTitle:r.i18n.translate("xpack.securitySolution.artifactListPage.flyoutEditTitle",{defaultMessage:"Add artifact"}),flyoutCreateTitle:r.i18n.translate("xpack.securitySolution.artifactListPage.flyoutCreateTitle",{defaultMessage:"Create artifact"}),flyoutCancelButtonLabel:r.i18n.translate("xpack.securitySolution.artifactListPage.flyoutCancelButtonLabel",{defaultMessage:"Cancel"}),flyoutCreateSubmitButtonLabel:r.i18n.translate("xpack.securitySolution.artifactListPage.flyoutCreateSubmitButtonLabel",{defaultMessage:"Add"}),flyoutEditSubmitButtonLabel:r.i18n.translate("xpack.securitySolution.artifactListPage.flyoutEditSubmitButtonLabel",{defaultMessage:"Save"}),flyoutDowngradedLicenseTitle:r.i18n.translate("xpack.securitySolution.artifactListPage.expiredLicenseTitle",{defaultMessage:"Expired License"}),flyoutDowngradedLicenseInfo:r.i18n.translate("xpack.securitySolution.artifactListPage.flyoutDowngradedLicenseInfo",{defaultMessage:"Your Kibana license has been downgraded. Future policy configurations will now be globally assigned to all policies."}),flyoutDowngradedLicenseDocsInfo:e=>r.i18n.translate("xpack.securitySolution.artifactListPage.flyoutDowngradedLicenseDocsInfo",{defaultMessage:"For more information, see our documentation."}),flyoutEditItemLoadFailure:e=>r.i18n.translate("xpack.securitySolution.artifactListPage.flyoutEditItemLoadFailure",{defaultMessage:"Failed to retrieve item for edit. Reason: {errorMessage}",values:{errorMessage:e}}),flyoutCreateSubmitSuccess:({name:e})=>r.i18n.translate("xpack.securitySolution.some_page.flyoutCreateSubmitSuccess",{defaultMessage:'"{name}" has been added.',values:{name:e}}),flyoutEditSubmitSuccess:({name:e})=>r.i18n.translate("xpack.securitySolution.artifactListPage.flyoutEditSubmitSuccess",{defaultMessage:'"{name}" has been updated.',values:{name:e}})}),v=(e,t)=>({isValid:!1,item:null!=t?t:Object(g.a)(e)}),x=Object(n.memo)((({apiClient:e,item:t,policies:a,policiesIsLoading:r,FormComponent:g,onSuccess:x,onClose:k,submitHandler:S,labels:w={},"data-test-subj":j,size:O="m"})=>{var I,T;const{docLinks:{links:{securitySolution:C}}}=Object(m.j)().services,M=Object(u.a)(j),F=Object(m.n)(),D=Object(c.a)(),A=Object(d.a)(),{urlParams:_}=Object(l.a)(),N=Object(s.b)(),R=Object(n.useMemo)((()=>({...E,...w})),[w]),[q,P]=Object(n.useState)(!1),[L,B]=Object(n.useState)(void 0),z="edit"===_.show,$=z?"edit":"create",{isLoading:V,mutateAsync:G,error:U}=Object(y.a)(e,$),H=Object(n.useMemo)((()=>S?q:V),[q,V,S]),W=Object(n.useMemo)((()=>S?L:U),[L,U,S]),{isRefetching:Q,error:Y,refetch:K}=Object(h.d)(e,null!==(I=_.itemId)&&void 0!==I?I:"",void 0,{enabled:!1}),[Z,J]=Object(n.useState)(v.bind(null,e.listId,t)),X=((e,t)=>{const a=Object(f.a)().endpointPrivileges;return Object(n.useMemo)((()=>"edit"===t&&!a.canCreateArtifactsByPolicy&&Object(b.d)(e)),[a.canCreateArtifactsByPolicy,e,t])})({tags:null!==(T=Z.item.tags)&&void 0!==T?T:[]},$),ee=Object(n.useMemo)((()=>!!t||!!Z.item.item_id),[Z.item.item_id,t]),te=Object(n.useMemo)((()=>z&&!ee),[ee,z]),ae=Object(n.useCallback)((()=>{H||(A({..._,itemId:void 0,show:void 0},!0),k())}),[H,k,A,_]),ne=Object(n.useCallback)((({item:e,isValid:t})=>{N()&&J({item:e,isValid:t})}),[N]),ie=Object(n.useCallback)((e=>{F.addSuccess(z?R.flyoutEditSubmitSuccess(e):R.flyoutCreateSubmitSuccess(e)),N()&&(A({..._,itemId:void 0,show:void 0},!0),x())}),[z,N,R,x,A,F,_]),re=Object(n.useCallback)((()=>{S?(P(!0),S(Z.item,$).then(ie).catch((e=>{N()&&B(e)})).finally((()=>{N()&&P(!1)}))):G(Z.item).then(ie)}),[$,Z.item,ie,N,G,S]);return Object(n.useEffect)((()=>{!z||ee||Y||!te||Q||K().then((({data:t})=>{t&&N()&&J(v(e.listId,t))}))}),[e.listId,Y,K,z,te,Q,ee,N]),Object(n.useEffect)((()=>{var e;z&&Y&&(F.addWarning(R.flyoutEditItemLoadFailure((null==Y||null===(e=Y.body)||void 0===e?void 0:e.message)||Y.message)),A({itemId:void 0,show:void 0}))}),[Y,z,R,A,F,_.itemId]),!D||Y?null:i.a.createElement(o.EuiFlyout,{size:O,onClose:ae,"data-test-subj":j},i.a.createElement(o.EuiFlyoutHeader,{hasBorder:!0},i.a.createElement(o.EuiTitle,{size:"m"},i.a.createElement("h2",null,z?R.flyoutEditTitle:R.flyoutCreateTitle))),!te&&X&&i.a.createElement(o.EuiCallOut,{title:R.flyoutDowngradedLicenseTitle,color:"warning",iconType:"help","data-test-subj":M("expiredLicenseCallout")},R.flyoutDowngradedLicenseInfo," ",R.flyoutDowngradedLicenseDocsInfo(C)),i.a.createElement(o.EuiFlyoutBody,null,te&&i.a.createElement(p.a,{"data-test-subj":M("loader")}),!te&&i.a.createElement(g,{onChange:ne,disabled:H,item:Z.item,error:null!=W?W:void 0,mode:$,policies:a,policiesIsLoading:r})),!te&&i.a.createElement(o.EuiFlyoutFooter,null,i.a.createElement(o.EuiFlexGroup,{justifyContent:"spaceBetween"},i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(o.EuiButtonEmpty,{"data-test-subj":M("cancelButton"),onClick:ae,disabled:H},R.flyoutCancelButtonLabel)),i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(o.EuiButton,{"data-test-subj":M("submitButton"),fill:!0,disabled:!Z.isValid||H,onClick:re,isLoading:H},z?R.flyoutEditSubmitButtonLabel:R.flyoutCreateSubmitButtonLabel)))))}));x.displayName="ArtifactFlyout"},function(e,t,a){"use strict";a.d(t,"a",(function(){return b}));var n=a(104),i=a.n(n),r=a(40),o=a(42),s=a(2),l=a.n(s),c=a(41),u=a.n(c),d=a(125),p=a(5);const m=[{value:"s",text:p.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.secondsOptionDescription",{defaultMessage:"Seconds"})},{value:"m",text:p.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.minutesOptionDescription",{defaultMessage:"Minutes"})},{value:"h",text:p.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.hoursOptionDescription",{defaultMessage:"Hours"})},{value:"d",text:p.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.daysOptionDescription",{defaultMessage:"Days"})}],g=u()(r.EuiFlexItem).withConfig({displayName:"StyledLabelAppend",componentId:"sc-gbwqm5-0"})(["&.euiFlexItem{margin-left:31px;}"]),y=u()(r.EuiFormRow).withConfig({displayName:"StyledEuiFormRow",componentId:"sc-gbwqm5-1"})(["max-width:none;.euiFormControlLayout{max-width:auto;width:auto;}.euiFormControlLayout__childrenWrapper > *:first-child{box-shadow:none;height:38px;width:100%;}.euiFormControlLayout__childrenWrapper > select{background-color:",";color:",";}.euiFormControlLayout--group .euiFormControlLayout{min-width:100px;}.euiFormControlLayoutIcons{color:",";}.euiFormControlLayout:not(:first-child){border-left:1px solid ",";}"],(({theme:e})=>Object(r.transparentize)(e.eui.euiColorPrimary,.1)),(({theme:e})=>e.eui.euiColorPrimary),(({theme:e})=>e.eui.euiColorPrimary),(({theme:e})=>e.eui.euiColorLightShade)),f=u()(r.EuiSelect).withConfig({displayName:"MyEuiSelect",componentId:"sc-gbwqm5-2"})(["width:auto;"]),b=({dataTestSubj:e,field:t,idAria:a,isDisabled:n,minimumValue:c=0,timeTypes:u=["s","m","h"],fullWidth:p=!1})=>{const[b,h]=Object(s.useState)(u[0]),[E,v]=Object(s.useState)(0),{isInvalid:x,errorMessage:k}=Object(d.i)(t),{value:S,setValue:w}=t,j=Object(s.useCallback)((e=>{h(e.target.value),w(`${E}${e.target.value}`)}),[w,E]),O=Object(s.useCallback)((e=>{const t=((e,t=0)=>{const a=parseInt(e,10);return Number.isNaN(a)?t:Math.max(t,Math.min(a,Number.MAX_SAFE_INTEGER))})(e.target.value,c);v(t),w(`${t}${b}`)}),[c,w,b]);Object(s.useEffect)((()=>{if(S!==`${E}${b}`){const e=S.match(/\d+/g),t=S.match(/[a-zA-Z]+/g);Object(o.isEmpty)(e)||null==e||isNaN(Number(e[0]))||Number(e[0])===Number(E)||v(Number(e[0])),!Object(o.isEmpty)(t)&&null!=t&&u.includes(t[0])&&t[0]!==b&&h(t[0])}}),[b,u,E,S]);const I={disabled:n},T=Object(s.useMemo)((()=>l.a.createElement(r.EuiFlexGroup,{gutterSize:"s",justifyContent:"flexStart",alignItems:"center"},l.a.createElement(r.EuiFlexItem,{grow:!1,component:"span"},t.label),l.a.createElement(g,{grow:!1,component:"span"},t.labelAppend))),[t.label,t.labelAppend]);return l.a.createElement(y,{label:T,helpText:t.helpText,error:k,isInvalid:x,fullWidth:p,"data-test-subj":e,describedByIds:a?[a]:void 0},l.a.createElement(r.EuiFormControlLayout,{append:l.a.createElement(f,i()({fullWidth:!1,options:m.filter((e=>u.includes(e.value))),onChange:j,value:b,"aria-label":t.label,"data-test-subj":"timeType"},I))},l.a.createElement(r.EuiFieldNumber,i()({fullWidth:!0,min:c,max:Number.MAX_SAFE_INTEGER,onChange:O,value:E,"data-test-subj":"interval"},I))))}},function(e,t,a){"use strict";a.d(t,"b",(function(){return n.a})),a.d(t,"a",(function(){return b})),a(742),a(566),a(592),a(594);var n=a(593),i=(a(595),a(2)),r=a(244),o=a(214),s=a(8),l=a(226),c=a(181),u=a(4),d=a(102),p=a(605),m=a(900),g=a(198),y=a(353);const f={contentText:"",rulesReferences:[],isLoading:!1,listId:"",listNamespaceType:"single"},b=e=>{const t=Object(d.n)(),{services:a}=Object(d.j)(),{http:n,notifications:b}=a,{navigateToApp:h}=a.application,{exportExceptionList:E,deleteExceptionList:v,duplicateExceptionList:x}=Object(o.c)(n),[{loading:k,canUserCRUD:S,canUserREAD:w}]=Object(c.b)(),[j,O]=Object(i.useState)(),[I,T]=Object(i.useState)(!1),[C,M]=Object(i.useState)(),[F,D]=Object(i.useState)(!1),[A,_]=Object(i.useState)([]),[N,R]=Object(i.useState)([]),[q,P]=Object(i.useState)(!0),[L,B]=Object(i.useState)(""),[z,$]=Object(i.useState)(),[V,G]=Object(i.useState)(!1),[U,H]=Object(i.useState)(f),[W,Q]=Object(i.useState)(!0),[Y,K]=Object(i.useState)(!1),Z=Object(y.b)(),J=Object(i.useMemo)((()=>({pageId:u.wc.exceptions,path:"",onNavigate:()=>{h(u.l,{deepLinkId:u.wc.exceptions,path:""})}})),[h]),X=Object(i.useCallback)(((e,a,n,i)=>{null==t||t.addError(e,{title:null!=n?n:"",toastMessage:null!=i?i:""}),B(null!=a?a:"")}),[t]),ee=Object(i.useCallback)((async e=>{const t=await Object(p.e)(e.list_id);_(t)}),[]),te=Object(i.useCallback)((async()=>{try{if(l.a.includes(e))return D(!0);O(!0);const t=await Object(p.d)({id:e,http:n});if(!t||!Object(m.b)(t))return O(!1),D(!0);if(M(t),await ee(t),O(!1),D(!1),Object(m.a)(t))return P(!1)}catch(e){X(e,r.i.ERROR,g.q,g.p)}}),[e,n,ee,X]);Object(i.useEffect)((()=>{te()}),[te]);const[ae,ne]=Object(i.useState)(!1),ie=Object(i.useCallback)((async t=>{try{var a;C&&await Object(p.i)({http:n,list:{id:C.id,list_id:e,type:C.type,name:t.name,description:null!==(a=t.description)&&void 0!==a?a:"",namespace_type:C.namespace_type}})}catch(e){X(e)}}),[e,X,n,C]),re=Object(i.useCallback)((async e=>{try{if(!C)return;await E({id:C.id,listId:C.list_id,includeExpiredExceptions:e,namespaceType:C.namespace_type,onError:e=>X(e),onSuccess:e=>{$(e),null==t||t.addSuccess(g.C(C.name))}})}catch(e){X(e,void 0,g.r,g.s)}}),[C,E,X,t]),oe=Object(i.useCallback)((async e=>{try{if(!C)return;await x({listId:C.list_id,includeExpiredExceptions:e,namespaceType:C.namespace_type,onError:e=>X(e),onSuccess:e=>{null==t||t.addSuccess(g.v(C.name)),h(u.l,{deepLinkId:u.wc.exceptions,path:`/details/${e.list_id}`})}})}catch(e){X(e,void 0,g.n,g.o)}}),[C,x,X,t,h]),se=Object(i.useCallback)((()=>{$(void 0)}),[]),le=Object(i.useCallback)((e=>()=>{b.toasts.addSuccess({title:g.nb(null!=e?e:U.listId)})}),[b.toasts,U.listId]),ce=Object(i.useCallback)((e=>{X(e)}),[X]),ue=Object(i.useCallback)((async()=>{try{if(!C)return;await v({id:C.id,namespaceType:C.namespace_type,onError:ce,onSuccess:le})}catch(e){X(e)}finally{H(f),G(!1),h(u.l,{deepLinkId:u.wc.exceptions,path:""})}}),[C,v,ce,le,X,h]),de=Object(i.useCallback)((()=>{try{if(!C)return;H({contentText:A.length?g.pb(A.length):g.mb(C.name),rulesReferences:A.map((({name:e})=>e)),isLoading:!0,listId:C.list_id,listNamespaceType:C.namespace_type}),G(!0)}catch(e){X(e)}}),[X,A,C]),pe=Object(i.useCallback)((()=>{G(!1),H({contentText:"",rulesReferences:[],isLoading:!1,listId:"",listNamespaceType:"single"})}),[]),me=Object(i.useCallback)((async()=>{try{await Object(p.h)({rules:A,listId:e}),ue()}catch(e){X(e)}}),[e,A,X,ue]),ge=Object(i.useCallback)((()=>{_(N),R(N),ne(!1),T(!1),Q(!0)}),[N]),ye=Object(i.useCallback)((()=>{ne(!0)}),[]),fe=Object(i.useCallback)((()=>N.filter((e=>!A.includes(e)))),[A,N]),be=Object(i.useCallback)((()=>A.filter((e=>!N.includes(e)))),[A,N]),he=Object(i.useCallback)((e=>{R(e),Q(!1)}),[]),Ee=Object(i.useCallback)((async()=>{try{if(!C)return ne(!1);T(!0);const t=fe(),a=be();if(!t.length&&!a.length||Object(s.isEqual)(t,a))return ge();Promise.all([Object(p.h)({rules:a,listId:e}),Object(p.f)({rules:t,listId:e,id:C.id,listType:C.type,listNamespaceType:C.namespace_type})]).then((()=>{K(!0),ge()})).then((()=>K(!1))).then((()=>Z())).catch((e=>{X(e,void 0,g.E,g.F),T(!1)})).finally((()=>{te()}))}catch(e){X(e)}}),[C,fe,be,ge,e,Z,X,te]),ve=Object(i.useCallback)((()=>{ne(!1)}),[]);return{isLoading:j||k,invalidListId:F,isReadOnly:!(S||!w),list:C,listName:null==C?void 0:C.name,listDescription:null==C?void 0:C.description,listId:e,canUserEditList:q,linkedRules:A,exportedList:z,handleOnDownload:se,viewerStatus:L,showManageRulesFlyout:ae,headerBackOptions:J,referenceModalState:U,showReferenceErrorModal:V,showManageButtonLoader:I,refreshExceptions:Y,disableManageButton:W,handleDelete:de,onDuplicateList:oe,onEditListDetails:ie,onExportList:re,onDeleteList:ue,onManageRules:ye,onSaveManageRules:Ee,onCancelManageRules:ve,onRuleSelectionChange:he,handleCloseReferenceErrorModal:pe,handleReferenceDelete:me}}},,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return M}));var n=a(40),i=a(48),r=a(42),o=a(2),s=a.n(o),l=a(41),c=a.n(l),u=a(134),d=a(113),p=a(4),m=a(102),g=a(117),y=a(224),f=a(393),b=a(149),h=a(274),E=a(123),v=a(231),x=a(162),k=a(473),S=a(168),w=a(925),j=a(330),O=a(284),I=a(212),T=a(492);const C=c()(n.EuiFlexGroup).withConfig({displayName:"UserRiskOverviewWrapper",componentId:"sc-1f042fn-0"})(["padding-top:",";width:",";"],(({theme:e})=>e.eui.euiSizeM),(({$width:e})=>e)),M=s.a.memo((({anomaliesData:e,contextID:t,sourcererScopeId:a,data:l,id:c,isDraggable:M=!1,isInDetailsSidePanel:F=!1,isLoadingAnomaliesData:D,loading:A,narrowDateRange:_,startDate:N,endDate:R,userName:q,indexPatterns:P,jobNameById:L})=>{const B=Object(x.a)(),z=Object(v.a)(B),[$]=Object(m.p)(p.B),V=Object(o.useMemo)((()=>q?Object(d.E)([q]):void 0),[q]),{from:G,to:U}=Object(u.a)(),H=Object(o.useMemo)((()=>({from:G,to:U})),[G,U]),{data:W,isAuthorized:Q}=Object(O.c)({filterQuery:V,skip:null==q,timerange:H,riskEntity:d.w.user}),Y=Object(o.useCallback)(((e,n)=>s.a.createElement(y.a,{rowItems:Object(r.getOr)([],e,n),attrName:e,idPrefix:t?`user-overview-${t}`:"user-overview",isDraggable:M,sourcererScopeId:a})),[t,M,a]),[K,Z]=Object(o.useMemo)((()=>{const e=W&&W.length>0?W[0]:void 0;return[{title:s.a.createElement(T.a,{title:w.k,riskScoreEntity:d.w.user}),description:s.a.createElement(s.a.Fragment,null,e?Math.round(e.user.risk.calculated_score_norm):Object(g.d)())},{title:s.a.createElement(T.a,{title:w.j,riskScoreEntity:d.w.host}),description:s.a.createElement(s.a.Fragment,null,e?s.a.createElement(I.b,{severity:e.user.risk.calculated_level,hideBackgroundColor:!0}):Object(g.d)())}]}),[W]),J=Object(o.useMemo)((()=>[{title:w.i,description:l&&l.user?Y("user.id",l):Object(g.d)()},{title:w.h,description:l&&l.user?Y("user.domain",l):Object(g.d)()}]),[l,Y]),X=Object(o.useMemo)((()=>z?[...J,{title:w.g,description:s.a.createElement(k.a,{anomalies:e,startDate:N,endDate:R,isLoading:D,narrowDateRange:_,jobNameById:L})}]:J),[e,J,R,D,_,N,z,L]),ee=Object(o.useMemo)((()=>[X,[{title:w.a,description:s.a.createElement(f.a,{indexPatterns:P,field:"user.name",value:q,type:f.b.FIRST_SEEN})},{title:w.f,description:s.a.createElement(f.a,{indexPatterns:P,field:"user.name",value:q,type:f.b.LAST_SEEN})}],[{title:w.d,description:Y("host.os.name",l)},{title:w.b,description:Y("host.os.family",l)},{title:w.c,description:s.a.createElement(y.a,{rowItems:Object(r.getOr)([],"host.ip",l),attrName:"host.ip",idPrefix:t?`user-overview-${t}`:"user-overview",sourcererScopeId:a,isDraggable:M,render:e=>null!=e?s.a.createElement(E.h,{ip:e}):Object(g.d)()})}]]),[l,P,Y,t,a,M,q,X]);return s.a.createElement(s.a.Fragment,null,s.a.createElement(b.c,null,s.a.createElement(S.g,{direction:F?"column":"row","data-test-subj":"user-overview"},!F&&s.a.createElement(b.b,{queryId:c,title:w.e,inspectIndex:0}),ee.map(((e,t)=>s.a.createElement(j.a,{descriptionList:e,key:t}))),A&&s.a.createElement(h.a,{overlay:!0,overlayBackground:$?i.euiDarkVars.euiPageBackgroundColor:i.euiLightVars.euiPageBackgroundColor,size:"xl"}))),Q&&s.a.createElement(C,{gutterSize:F?"m":"none",direction:F?"column":"row","data-test-subj":"user-risk-overview",$width:F?"100%":"66.6%"},s.a.createElement(n.EuiFlexItem,null,s.a.createElement(S.d,{listItems:[K]})),s.a.createElement(n.EuiFlexItem,null,s.a.createElement(S.d,{listItems:[Z]}))))}));M.displayName="UserOverview"},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(2),i=a.n(n),r=a(40);const o=e=>String(Math.ceil(e));i.a.memo((({score:e})=>{const t=o(e),a=s(e);return i.a.createElement(r.EuiHealth,{color:a},t)})).displayName="ScoreHealth";const s=e=>e>=75?"#fe5050":e>=50?"#fba740":e>=25?"#fdec25":e>=3?"#8bc8fb":e>=0?"#d2e9f7":"#ffffff"},function(e,t,a){"use strict";a.d(t,"a",(function(){return n}));const n=e=>{const t=Object.entries(e);if(Array.isArray(t[0])){const[[e,a]]=t;return[e,a]}return[null,null]}},function(e,t,a){"use strict";a.d(t,"d",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"f",(function(){return o})),a.d(t,"a",(function(){return s})),a.d(t,"e",(function(){return l})),a.d(t,"c",(function(){return c}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.entityAnalytics.totalLabel",{defaultMessage:"Total"}),r=n.i18n.translate("xpack.securitySolution.entityAnalytics.hostsRiskDashboard.title",{defaultMessage:"Host Risk Scores"}),o=n.i18n.translate("xpack.securitySolution.entityAnalytics.usersRiskDashboard.title",{defaultMessage:"User Risk Scores"}),s=n.i18n.translate("xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip",{defaultMessage:"The host risk table is not affected by the time range. This table shows the latest recorded risk score for each host."}),l=n.i18n.translate("xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip",{defaultMessage:"The user risk table is not affected by the time range. This table shows the latest recorded risk score for each user."}),c=n.i18n.translate("xpack.securitySolution.entityAnalytics.riskDashboard.tableTooltipTitle",{defaultMessage:"In Technical Preview"})},function(e,t,a){"use strict";(function(e,t){a(1264);var n=a(1265),i=a.n(n);a(82),a(8),a(1266),i.a.resolve(i.a.join(e,"..")),"\n/*\n * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one\n * or more contributor license agreements. Licensed under the Elastic License\n * 2.0 and the Server Side Public License, v 1; you may not use this file except\n * in compliance with, at your election, the Elastic License 2.0 or the Server\n * Side Public License, v 1.\n */\n// ---------------------------------- WARNING ----------------------------------\n// this file was generated, and should not be edited by hand\n// ---------------------------------- WARNING ----------------------------------\nimport * as rt from 'io-ts';\nimport { Either } from 'fp-ts/lib/Either';\n%%IMPORTS%%\nconst ISO_DATE_PATTERN = /^d{4}-d{2}-d{2}Td{2}:d{2}:d{2}.d{3}Z$/;\nexport const IsoDateString = new rt.Type<string, string, unknown>(\n  'IsoDateString',\n  rt.string.is,\n  (input, context): Either<rt.Errors, string> => {\n    if (typeof input === 'string' && ISO_DATE_PATTERN.test(input)) {\n      return rt.success(input);\n    } else {\n      return rt.failure(input, context);\n    }\n  },\n  rt.identity\n);\nexport type IsoDateStringC = typeof IsoDateString;\nexport const schemaDate = IsoDateString;\nexport const schemaDateArray = rt.array(IsoDateString);\nexport const schemaDateRange = rt.partial({\n  gte: schemaDate,\n  lte: schemaDate,\n});\nexport const schemaDateRangeArray = rt.array(schemaDateRange);\nexport const schemaUnknown = rt.unknown;\nexport const schemaUnknownArray = rt.array(rt.unknown);\nexport const schemaString = rt.string;\nexport const schemaStringArray = rt.array(schemaString);\nexport const schemaNumber = rt.number;\nexport const schemaNumberArray = rt.array(schemaNumber);\nexport const schemaStringOrNumber = rt.union([schemaString, schemaNumber]);\nexport const schemaStringOrNumberArray = rt.array(schemaStringOrNumber);\nexport const schemaBoolean = rt.boolean;\nexport const schemaBooleanArray = rt.array(schemaBoolean);\nconst schemaGeoPointCoords = rt.type({\n  type: schemaString,\n  coordinates: schemaNumberArray,\n});\nconst schemaGeoPointString = schemaString;\nconst schemaGeoPointLatLon = rt.type({\n  lat: schemaNumber,\n  lon: schemaNumber,\n});\nconst schemaGeoPointLocation = rt.type({\n  location: schemaNumberArray,\n});\nconst schemaGeoPointLocationString = rt.type({\n  location: schemaString,\n});\nexport const schemaGeoPoint = rt.union([\n  schemaGeoPointCoords,\n  schemaGeoPointString,\n  schemaGeoPointLatLon,\n  schemaGeoPointLocation,\n  schemaGeoPointLocationString,\n]);\nexport const schemaGeoPointArray = rt.array(schemaGeoPoint);\n// prettier-ignore\nconst %%schemaPrefix%%Required = %%REQUIRED_FIELDS%%;\nconst %%schemaPrefix%%Optional = %%OPTIONAL_FIELDS%%;\n\n// prettier-ignore\nexport const %%schemaPrefix%%Schema = rt.intersection([%%schemaPrefix%%Required, %%schemaPrefix%%Optional%%INCLUDED_SCHEMAS%%]);\n// prettier-ignore\nexport type %%schemaPrefix%% = rt.TypeOf<typeof %%schemaPrefix%%Schema>;\n\n".trim()}).call(this,"/",a(404))},function(e,t,a){"use strict";a.d(t,"a",(function(){return n}));const n=e=>e?e[0]:void 0},function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(2),i=a.n(n),r=a(40),o=a(170),s=a(422);const l=({width:e=s.b,dataTestSubj:t,content:a,ariaLabel:n,iconType:l="",isDisabled:c=!1,onClick:u,children:d,buttonType:p="icon"})=>i.a.createElement(i.a.Fragment,null,"icon"===p&&i.a.createElement("div",null,i.a.createElement(o.l,{textAlign:"center",width:e},null!=d?d:i.a.createElement(r.EuiToolTip,{"data-test-subj":`${t}-tool-tip`,content:a},i.a.createElement(r.EuiButtonIcon,{"aria-label":n,"data-test-subj":`${t}-button`,iconType:l,isDisabled:c,onClick:u,size:"s"})))),"text"===p&&i.a.createElement(r.EuiContextMenuItem,{"aria-label":n,"data-test-subj":`${t}-button-menu-item`,disabled:c,onClick:u,color:"text",size:"s"},i.a.createElement(r.EuiText,{"data-test-subj":`${t}-button`,size:"m"},a)),"emptyButton"===p&&i.a.createElement(r.EuiButtonEmpty,{onClick:u,iconType:"timeline",flush:"right",size:"xs","data-test-subj":t},a));l.displayName="ActionIconItemComponent";const c=i.a.memo(l)},function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(40),i=a(42),r=a(2),o=a.n(r),s=a(106),l=a(389);const c=e=>e?"pinFilled":"pin",u=o.a.memo((({ariaLabel:e,allowUnpinning:t,isAlert:a,isDisabled:r,onClick:u=i.noop,pinned:d,timelineType:p})=>{const m=p===s.l.template,g=(({isAlert:e,isTemplate:t,isPinned:a})=>t?l.b(e):a?l.c(e):l.g(e))({isAlert:a,isTemplate:m,isPinned:d}),y=null!=e?e:g;return o.a.createElement(n.EuiButtonIcon,{"aria-label":y,"data-test-subj":"pin",iconType:c(d),onClick:u,isDisabled:r||m||!t,size:"s"})}));u.displayName="Pin"},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(677);const i=({handleClick:e})=>({key:"osquery-action-item","data-test-subj":"osquery-action-item",onClick:e,size:"s",name:n.a})},function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(2),i=a(108),r=a(102),o=a(183),s=a(513),l=a(881);const c=e=>{const{data:t,spaces:a}=Object(r.j)().services,{addWarning:c}=Object(i.a)(),[u,d]=Object(n.useState)(!1),[p,m]=Object(n.useState)(""),g=Object(n.useMemo)((()=>null!=e&&1===e.length),[e]),y=Object(n.useMemo)((()=>null!=e&&g&&"machine_learning"===e[0].type),[g,e]);Object(n.useEffect)((()=>{(async()=>{if(a){const e=await a.getActiveSpace();m(e.id)}})()}),[a]);const f=Object(n.useMemo)((()=>null!=e&&g?e[0].data_view_id||null:`security-solution-${p}`),[g,e,p]),b=Object(n.useMemo)((()=>!f&&null!=e&&g&&null!=e[0].index?e[0].index:[]),[f,g,e]),h=Object(n.useMemo)((()=>{var t;return y&&g&&null!=e&&null!==(t=e[0].machine_learning_job_id)&&void 0!==t?t:[]}),[y,g,e]),{mlJobLoading:E,ruleIndices:v}=Object(l.a)(h),x=Object(n.useMemo)((()=>y&&v.length>0?v:null!=f?[]:b),[y,f,b,v]),[k,{indexPatterns:S,dataView:w}]=Object(o.b)(x,!1,"indexFields"),[j,O]=Object(n.useState)(null),[I,T]=Object(n.useState)(null);Object(n.useEffect)((()=>{(async()=>{if(""!==p&&f){d(!0);const e=await t.dataViews.get(f);d(!1),O(e),T(e.toSpec())}})()}),[f,t.dataViews,O,p]);const C=Object(n.useCallback)((async e=>{let a=[];const n=null!=I?I:w;if(!n)return a;try{a=await t.dataViews.getFieldsForIndexPattern(n,{pattern:"",includeUnmapped:!0,fields:e})}catch(e){c(e,{title:s.b})}return a}),[c,t.dataViews,I,w]);return{isLoading:k||E||u,indexPatterns:Object(n.useMemo)((()=>f&&null!=j?j:S),[f,j,S]),getExtendedFields:C}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a(143),r=a(102),o=a(458);const s=()=>{const e=Object(r.n)(),[t,a]=Object(n.useState)(!0),[s,l]=Object(n.useState)(!1),[c,u]=Object(n.useState)(null),d=Object(n.useRef)(null);return Object(n.useEffect)((()=>{let t=!0;const n=new AbortController;return d.current=async r=>{try{a(!0);const{references:e}=await Object(i.l)({lists:r,signal:n.signal}),o=e.reduce(((e,t)=>{const[[a,n]]=Object.entries(t);return e[a]=n,e}),{});t&&(a(!1),l(!1),u(o))}catch(n){t&&(l(!0),a(!1),e.addError(n,{title:o.c}))}},()=>{t=!1,n.abort()}}),[e]),[t,s,c,d.current]}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a(214),r=a(281),o=a(102);const s=()=>{const{services:{http:e}}=Object(o.j)(),[t,a]=Object(n.useState)(!1),s=Object(n.useRef)(null),{addExceptionListItem:l,updateExceptionListItem:c}=Object(i.c)(e);return Object(n.useEffect)((()=>{const e=new AbortController;return s.current=async e=>{a(!0);const t=await Promise.all(e.map((e=>{if("id"in e&&null!=e.id){const t=Object(r.i)(e);return c({listItem:t})}return l({listItem:e})})));return a(!1),t},()=>{a(!1),e.abort()}}),[c,e,l]),[t,s.current]}},function(e,t,a){"use strict";a.d(t,"c",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"a",(function(){return o}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.osquery.action.shortEmptyTitle",{defaultMessage:"Osquery is not available"}),r=n.i18n.translate("xpack.securitySolution.osquery.action.permissionDenied",{defaultMessage:"Permission denied"}),o=n.i18n.translate("xpack.securitySolution.osquery.action.unavailable",{defaultMessage:"The Osquery Manager integration is not added to the agent policy. To run queries on the host, add the Osquery Manager integration to the agent policy in Fleet."})},function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"a",(function(){return r})),a.d(t,"g",(function(){return o})),a.d(t,"h",(function(){return s})),a.d(t,"d",(function(){return l})),a.d(t,"c",(function(){return c})),a.d(t,"e",(function(){return u})),a.d(t,"f",(function(){return d}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.alerts.severityMapping.severityTitle",{defaultMessage:"Default severity"}),r=n.i18n.translate("xpack.securitySolution.alerts.severityMapping.defaultSeverityTitle",{defaultMessage:"Severity"}),o=n.i18n.translate("xpack.securitySolution.alerts.severityMapping.sourceFieldTitle",{defaultMessage:"Source field"}),s=n.i18n.translate("xpack.securitySolution.alerts.severityMapping.sourceValueTitle",{defaultMessage:"Source value"}),l=n.i18n.translate("xpack.securitySolution.alerts.severityMapping.severityMappingTitle",{defaultMessage:"Severity override"}),c=n.i18n.translate("xpack.securitySolution.alerts.severityMapping.defaultDescriptionLabel",{defaultMessage:"Select a severity level for all alerts generated by this rule."}),u=n.i18n.translate("xpack.securitySolution.alerts.severityMapping.mappingDescriptionLabel",{defaultMessage:"Use source event values to override the default severity."}),d=n.i18n.translate("xpack.securitySolution.alerts.severityMapping.mappingDetailsLabel",{defaultMessage:"For multiple matches the highest severity match will apply. If no match is found, the default severity will be used."})},function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"a",(function(){return r})),a.d(t,"d",(function(){return o})),a.d(t,"h",(function(){return s})),a.d(t,"e",(function(){return l})),a.d(t,"c",(function(){return c})),a.d(t,"f",(function(){return u})),a.d(t,"g",(function(){return d}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.alerts.riskScoreMapping.riskScoreTitle",{defaultMessage:"Risk score"}),r=n.i18n.translate("xpack.securitySolution.alerts.riskScoreMapping.defaultRiskScoreTitle",{defaultMessage:"Default risk score"}),o=n.i18n.translate("xpack.securitySolution.alerts.riskScoreMapping.riskScoreFieldTitle",{defaultMessage:"kibana.alert.risk_score"}),s=n.i18n.translate("xpack.securitySolution.alerts.riskScoreMapping.sourceFieldTitle",{defaultMessage:"Source field"}),l=n.i18n.translate("xpack.securitySolution.alerts.riskScoreMapping.riskScoreMappingTitle",{defaultMessage:"Risk score override"}),c=n.i18n.translate("xpack.securitySolution.alerts.riskScoreMapping.defaultDescriptionLabel",{defaultMessage:"Select a risk score for all alerts generated by this rule."}),u=n.i18n.translate("xpack.securitySolution.alerts.riskScoreMapping.mappingDescriptionLabel",{defaultMessage:"Use a source event value to override the default risk score."}),d=n.i18n.translate("xpack.securitySolution.alerts.riskScoreMapping.mappingDetailsLabel",{defaultMessage:"If value is out of bounds, or field is not present, the default risk score will be used."})},function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(2),i=a.n(n),r=a(40),o=a(331),s=a(337),l=a(188);const c=i.a.memo((({contextId:e,data:t,eventId:a,fieldFromBrowserField:n,getLinkValue:c,isDraggable:u=!1,linkValue:d,style:p,values:m})=>i.a.createElement(r.EuiFlexGroup,{alignItems:"flexStart","data-test-subj":`event-field-${t.field}`,direction:"column",gutterSize:"none",style:p},null!=m&&m.map(((p,m)=>{var g;return null==n?i.a.createElement(r.EuiFlexItem,{grow:!1,key:`${m}-${p}`},i.a.createElement(r.EuiText,{size:"xs",key:`${m}-${p}`},p)):i.a.createElement(r.EuiFlexItem,{className:"eventFieldsTable__fieldValue",grow:!1,key:`${m}-${p}`},t.field===l.i?i.a.createElement(o.a,{value:p}):i.a.createElement(s.a,{contextId:`${e}-${a}-${t.field}-${m}-${p}`,eventId:a,fieldFormat:t.format,fieldName:t.field,fieldType:t.type,isAggregatable:n.aggregatable,isDraggable:u,isObjectArray:t.isObjectArray,value:p,linkValue:null!==(g=c&&c(t.field))&&void 0!==g?g:d,truncate:!1}))})))));c.displayName="FieldValueCell"},function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(40),i=a(2),r=a.n(i),o=a(113),s=a(4),l=a(814);const c=({riskScoreEntity:e,title:t})=>{const a=e===o.w.user?s.Zb:s.Xb;return r.a.createElement(n.EuiLink,{target:"_blank",rel:"noopener nofollow noreferrer",href:a},t||l.f)},u=r.a.memo(c);u.displayName="RiskScoreDocLink"},function(e,t,a){"use strict";a.d(t,"d",(function(){return r})),a.d(t,"b",(function(){return o})),a.d(t,"i",(function(){return s})),a.d(t,"f",(function(){return l})),a.d(t,"e",(function(){return c})),a.d(t,"h",(function(){return u}));var n=a(5),i=a(225);a.d(t,"a",(function(){return i.a})),a.d(t,"c",(function(){return i.b})),a.d(t,"g",(function(){return i.c})),a.d(t,"j",(function(){return i.d}));const r=e=>n.i18n.translate("xpack.securitySolution.entityAnalytics.riskDashboard.riskToolTip",{defaultMessage:"{riskEntity} risk classification is determined by {riskEntityLowercase} risk score. {riskEntity}s classified as Critical or High are indicated as risky.",values:{riskEntity:Object(i.d)(e),riskEntityLowercase:Object(i.d)(e,!0)}}),o=e=>n.i18n.translate("xpack.securitySolution.entityAnalytics.riskDashboard.nameTitle",{defaultMessage:"{riskEntity} Name",values:{riskEntity:Object(i.d)(e)}}),s=n.i18n.translate("xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel",{defaultMessage:"View all"}),l=n.i18n.translate("xpack.securitySolution.entityAnalytics.riskDashboard.learnMore",{defaultMessage:"Learn more"}),c=n.i18n.translate("xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip",{defaultMessage:"The Host Risk Score panel displays the list of risky hosts and their latest risk score. You may filter this list using global filters in the KQL search bar. The time-range picker filter will display Alerts within the selected time range only and does not filter the list of risky hosts."}),u=n.i18n.translate("xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip",{defaultMessage:"The User Risk Score panel displays the list of risky users and their latest risk score. You may filter this list using global filters in the KQL search bar. The time-range picker filter will display Alerts within the selected time range only and does not filter the list of risky users."})},function(e,t,a){"use strict";a.d(t,"a",(function(){return n}));const n=a(5).i18n.translate("xpack.securitySolution.source.destination.packetsLabel",{defaultMessage:"pkts"})},function(e,t,a){!function(e){"use strict";function t(e,t){return e<t?-1:e>t?1:e>=t?0:NaN}function a(e){let a=e,n=e;function i(e,t,a,i){for(null==a&&(a=0),null==i&&(i=e.length);a<i;){const r=a+i>>>1;n(e[r],t)<0?a=r+1:i=r}return a}return 1===e.length&&(a=(t,a)=>e(t)-a,n=function(e){return(a,n)=>t(e(a),n)}(e)),{left:i,center:function(e,t,n,r){null==n&&(n=0),null==r&&(r=e.length);const o=i(e,t,n,r-1);return o>n&&a(e[o-1],t)>-a(e[o],t)?o-1:o},right:function(e,t,a,i){for(null==a&&(a=0),null==i&&(i=e.length);a<i;){const r=a+i>>>1;n(e[r],t)>0?i=r:a=r+1}return a}}}function n(e){return null===e?NaN:+e}const i=a(t),r=i.right,o=i.left,s=a(n).center;function l(e,t){let a=0;if(void 0===t)for(let t of e)null!=t&&(t=+t)>=t&&++a;else{let n=-1;for(let i of e)null!=(i=t(i,++n,e))&&(i=+i)>=i&&++a}return a}function c(e){return 0|e.length}function u(e){return!(e>0)}function d(e){return"object"!=typeof e||"length"in e?e:Array.from(e)}function p(e,t){let a,n=0,i=0,r=0;if(void 0===t)for(let t of e)null!=t&&(t=+t)>=t&&(a=t-i,i+=a/++n,r+=a*(t-i));else{let o=-1;for(let s of e)null!=(s=t(s,++o,e))&&(s=+s)>=s&&(a=s-i,i+=a/++n,r+=a*(s-i))}if(n>1)return r/(n-1)}function m(e,t){const a=p(e,t);return a?Math.sqrt(a):a}function g(e,t){let a,n;if(void 0===t)for(const t of e)null!=t&&(void 0===a?t>=t&&(a=n=t):(a>t&&(a=t),n<t&&(n=t)));else{let i=-1;for(let r of e)null!=(r=t(r,++i,e))&&(void 0===a?r>=r&&(a=n=r):(a>r&&(a=r),n<r&&(n=r)))}return[a,n]}class Adder{constructor(){this._partials=new Float64Array(32),this._n=0}add(e){const t=this._partials;let a=0;for(let n=0;n<this._n&&n<32;n++){const i=t[n],r=e+i,o=Math.abs(e)<Math.abs(i)?e-(r-i):i-(r-e);o&&(t[a++]=o),e=r}return t[a]=e,this._n=a+1,this}valueOf(){const e=this._partials;let t,a,n,i=this._n,r=0;if(i>0){for(r=e[--i];i>0&&(t=r,a=e[--i],r=t+a,n=a-(r-t),!n););i>0&&(n<0&&e[i-1]<0||n>0&&e[i-1]>0)&&(a=2*n,t=r+a,a==t-r&&(r=t))}return r}}class InternMap extends Map{constructor(e,t=h){if(super(),Object.defineProperties(this,{_intern:{value:new Map},_key:{value:t}}),null!=e)for(const[t,a]of e)this.set(t,a)}get(e){return super.get(y(this,e))}has(e){return super.has(y(this,e))}set(e,t){return super.set(f(this,e),t)}delete(e){return super.delete(b(this,e))}}class InternSet extends Set{constructor(e,t=h){if(super(),Object.defineProperties(this,{_intern:{value:new Map},_key:{value:t}}),null!=e)for(const t of e)this.add(t)}has(e){return super.has(y(this,e))}add(e){return super.add(f(this,e))}delete(e){return super.delete(b(this,e))}}function y({_intern:e,_key:t},a){const n=t(a);return e.has(n)?e.get(n):a}function f({_intern:e,_key:t},a){const n=t(a);return e.has(n)?e.get(n):(e.set(n,a),a)}function b({_intern:e,_key:t},a){const n=t(a);return e.has(n)&&(a=e.get(a),e.delete(n)),a}function h(e){return null!==e&&"object"==typeof e?e.valueOf():e}function E(e){return e}function v(e,...t){return S(e,E,E,t)}function x(e,t,...a){return S(e,E,t,a)}function k(e){if(1!==e.length)throw new Error("duplicate key");return e[0]}function S(e,t,a,n){return function e(i,r){if(r>=n.length)return a(i);const o=new InternMap,s=n[r++];let l=-1;for(const e of i){const t=s(e,++l,i),a=o.get(t);a?a.push(e):o.set(t,[e])}for(const[t,a]of o)o.set(t,e(a,r));return t(o)}(e,0)}function w(e,t){return Array.from(t,(t=>e[t]))}function j(e,...a){if("function"!=typeof e[Symbol.iterator])throw new TypeError("values is not iterable");e=Array.from(e);let[n=t]=a;if(1===n.length||a.length>1){const i=Uint32Array.from(e,((e,t)=>t));return a.length>1?(a=a.map((t=>e.map(t))),i.sort(((e,n)=>{for(const i of a){const a=t(i[e],i[n]);if(a)return a}}))):(n=e.map(n),i.sort(((e,a)=>t(n[e],n[a])))),w(e,i)}return e.sort(n)}var O=Array.prototype.slice;function I(e){return function(){return e}}var T=Math.sqrt(50),C=Math.sqrt(10),M=Math.sqrt(2);function F(e,t,a){var n,i,r,o,s=-1;if(a=+a,(e=+e)==(t=+t)&&a>0)return[e];if((n=t<e)&&(i=e,e=t,t=i),0===(o=D(e,t,a))||!isFinite(o))return[];if(o>0){let a=Math.round(e/o),n=Math.round(t/o);for(a*o<e&&++a,n*o>t&&--n,r=new Array(i=n-a+1);++s<i;)r[s]=(a+s)*o}else{o=-o;let a=Math.round(e*o),n=Math.round(t*o);for(a/o<e&&++a,n/o>t&&--n,r=new Array(i=n-a+1);++s<i;)r[s]=(a+s)/o}return n&&r.reverse(),r}function D(e,t,a){var n=(t-e)/Math.max(0,a),i=Math.floor(Math.log(n)/Math.LN10),r=n/Math.pow(10,i);return i>=0?(r>=T?10:r>=C?5:r>=M?2:1)*Math.pow(10,i):-Math.pow(10,-i)/(r>=T?10:r>=C?5:r>=M?2:1)}function A(e,t,a){let n;for(;;){const i=D(e,t,a);if(i===n||0===i||!isFinite(i))return[e,t];i>0?(e=Math.floor(e/i)*i,t=Math.ceil(t/i)*i):i<0&&(e=Math.ceil(e*i)/i,t=Math.floor(t*i)/i),n=i}}function _(e){return Math.ceil(Math.log(l(e))/Math.LN2)+1}function N(){var e=E,t=g,a=_;function n(n){Array.isArray(n)||(n=Array.from(n));var i,o,s=n.length,l=new Array(s);for(i=0;i<s;++i)l[i]=e(n[i],i,n);var c=t(l),u=c[0],d=c[1],p=a(l,u,d);if(!Array.isArray(p)){const e=d,a=+p;if(t===g&&([u,d]=A(u,d,a)),(p=F(u,d,a))[p.length-1]>=d)if(e>=d&&t===g){const e=D(u,d,a);isFinite(e)&&(e>0?d=(Math.floor(d/e)+1)*e:e<0&&(d=(Math.ceil(d*-e)+1)/-e))}else p.pop()}for(var m=p.length;p[0]<=u;)p.shift(),--m;for(;p[m-1]>d;)p.pop(),--m;var y,f=new Array(m+1);for(i=0;i<=m;++i)(y=f[i]=[]).x0=i>0?p[i-1]:u,y.x1=i<m?p[i]:d;for(i=0;i<s;++i)u<=(o=l[i])&&o<=d&&f[r(p,o,0,m)].push(n[i]);return f}return n.value=function(t){return arguments.length?(e="function"==typeof t?t:I(t),n):e},n.domain=function(e){return arguments.length?(t="function"==typeof e?e:I([e[0],e[1]]),n):t},n.thresholds=function(e){return arguments.length?(a="function"==typeof e?e:Array.isArray(e)?I(O.call(e)):I(e),n):a},n}function R(e,t){let a;if(void 0===t)for(const t of e)null!=t&&(a<t||void 0===a&&t>=t)&&(a=t);else{let n=-1;for(let i of e)null!=(i=t(i,++n,e))&&(a<i||void 0===a&&i>=i)&&(a=i)}return a}function q(e,t){let a;if(void 0===t)for(const t of e)null!=t&&(a>t||void 0===a&&t>=t)&&(a=t);else{let n=-1;for(let i of e)null!=(i=t(i,++n,e))&&(a>i||void 0===a&&i>=i)&&(a=i)}return a}function P(e,a,n=0,i=e.length-1,r=t){for(;i>n;){if(i-n>600){const t=i-n+1,o=a-n+1,s=Math.log(t),l=.5*Math.exp(2*s/3),c=.5*Math.sqrt(s*l*(t-l)/t)*(o-t/2<0?-1:1);P(e,a,Math.max(n,Math.floor(a-o*l/t+c)),Math.min(i,Math.floor(a+(t-o)*l/t+c)),r)}const t=e[a];let o=n,s=i;for(L(e,n,a),r(e[i],t)>0&&L(e,n,i);o<s;){for(L(e,o,s),++o,--s;r(e[o],t)<0;)++o;for(;r(e[s],t)>0;)--s}0===r(e[n],t)?L(e,n,s):(++s,L(e,s,i)),s<=a&&(n=s+1),a<=s&&(i=s-1)}return e}function L(e,t,a){const n=e[t];e[t]=e[a],e[a]=n}function B(e,t,a){if(n=(e=Float64Array.from(function*(e,t){if(void 0===t)for(let t of e)null!=t&&(t=+t)>=t&&(yield t);else{let a=-1;for(let n of e)null!=(n=t(n,++a,e))&&(n=+n)>=n&&(yield n)}}(e,a))).length){if((t=+t)<=0||n<2)return q(e);if(t>=1)return R(e);var n,i=(n-1)*t,r=Math.floor(i),o=R(P(e,r).subarray(0,r+1));return o+(q(e.subarray(r+1))-o)*(i-r)}}function z(e,t){let a,n=-1,i=-1;if(void 0===t)for(const t of e)++i,null!=t&&(a<t||void 0===a&&t>=t)&&(a=t,n=i);else for(let r of e)null!=(r=t(r,++i,e))&&(a<r||void 0===a&&r>=r)&&(a=r,n=i);return n}function $(e,t){let a,n=-1,i=-1;if(void 0===t)for(const t of e)++i,null!=t&&(a>t||void 0===a&&t>=t)&&(a=t,n=i);else for(let r of e)null!=(r=t(r,++i,e))&&(a>r||void 0===a&&r>=r)&&(a=r,n=i);return n}function V(e,t){return[e,t]}function G(e,a=t){if(1===a.length)return $(e,a);let n,i=-1,r=-1;for(const t of e)++r,(i<0?0===a(t,t):a(t,n)<0)&&(n=t,i=r);return i}var U=H(Math.random);function H(e){return function(t,a=0,n=t.length){let i=n-(a=+a);for(;i;){const n=e()*i--|0,r=t[i+a];t[i+a]=t[n+a],t[n+a]=r}return t}}function W(e){if(!(i=e.length))return[];for(var t=-1,a=q(e,Q),n=new Array(a);++t<a;)for(var i,r=-1,o=n[t]=new Array(i);++r<i;)o[r]=e[r][t];return n}function Q(e){return e.length}function Y(e){return e instanceof Set?e:new Set(e)}function K(e,t){const a=e[Symbol.iterator](),n=new Set;for(const e of t){if(n.has(e))continue;let t,i;for(;({value:t,done:i}=a.next());){if(i)return!1;if(n.add(t),Object.is(e,t))break}}return!0}e.Adder=Adder,e.InternMap=InternMap,e.InternSet=InternSet,e.ascending=t,e.bin=N,e.bisect=r,e.bisectCenter=s,e.bisectLeft=o,e.bisectRight=r,e.bisector=a,e.count=l,e.cross=function(...e){const t="function"==typeof e[e.length-1]&&function(e){return t=>e(...t)}(e.pop()),a=(e=e.map(d)).map(c),n=e.length-1,i=new Array(n+1).fill(0),r=[];if(n<0||a.some(u))return r;for(;;){r.push(i.map(((t,a)=>e[a][t])));let o=n;for(;++i[o]===a[o];){if(0===o)return t?r.map(t):r;i[o--]=0}}},e.cumsum=function(e,t){var a=0,n=0;return Float64Array.from(e,void 0===t?e=>a+=+e||0:i=>a+=+t(i,n++,e)||0)},e.descending=function(e,t){return t<e?-1:t>e?1:t>=e?0:NaN},e.deviation=m,e.difference=function(e,...t){e=new Set(e);for(const a of t)for(const t of a)e.delete(t);return e},e.disjoint=function(e,t){const a=t[Symbol.iterator](),n=new Set;for(const t of e){if(n.has(t))return!1;let e,i;for(;({value:e,done:i}=a.next())&&!i;){if(Object.is(t,e))return!1;n.add(e)}}return!0},e.every=function(e,t){if("function"!=typeof t)throw new TypeError("test is not a function");let a=-1;for(const n of e)if(!t(n,++a,e))return!1;return!0},e.extent=g,e.fcumsum=function(e,t){const a=new Adder;let n=-1;return Float64Array.from(e,void 0===t?e=>a.add(+e||0):i=>a.add(+t(i,++n,e)||0))},e.filter=function(e,t){if("function"!=typeof t)throw new TypeError("test is not a function");const a=[];let n=-1;for(const i of e)t(i,++n,e)&&a.push(i);return a},e.fsum=function(e,t){const a=new Adder;if(void 0===t)for(let t of e)(t=+t)&&a.add(t);else{let n=-1;for(let i of e)(i=+t(i,++n,e))&&a.add(i)}return+a},e.greatest=function(e,a=t){let n,i=!1;if(1===a.length){let r;for(const o of e){const e=a(o);(i?t(e,r)>0:0===t(e,e))&&(n=o,r=e,i=!0)}}else for(const t of e)(i?a(t,n)>0:0===a(t,t))&&(n=t,i=!0);return n},e.greatestIndex=function(e,a=t){if(1===a.length)return z(e,a);let n,i=-1,r=-1;for(const t of e)++r,(i<0?0===a(t,t):a(t,n)>0)&&(n=t,i=r);return i},e.group=v,e.groupSort=function(e,a,n){return(1===a.length?j(x(e,a,n),(([e,a],[n,i])=>t(a,i)||t(e,n))):j(v(e,n),(([e,n],[i,r])=>a(n,r)||t(e,i)))).map((([e])=>e))},e.groups=function(e,...t){return S(e,Array.from,E,t)},e.histogram=N,e.index=function(e,...t){return S(e,E,k,t)},e.indexes=function(e,...t){return S(e,Array.from,k,t)},e.intersection=function(e,...t){e=new Set(e),t=t.map(Y);e:for(const a of e)for(const n of t)if(!n.has(a)){e.delete(a);continue e}return e},e.least=function(e,a=t){let n,i=!1;if(1===a.length){let r;for(const o of e){const e=a(o);(i?t(e,r)<0:0===t(e,e))&&(n=o,r=e,i=!0)}}else for(const t of e)(i?a(t,n)<0:0===a(t,t))&&(n=t,i=!0);return n},e.leastIndex=G,e.map=function(e,t){if("function"!=typeof e[Symbol.iterator])throw new TypeError("values is not iterable");if("function"!=typeof t)throw new TypeError("mapper is not a function");return Array.from(e,((a,n)=>t(a,n,e)))},e.max=R,e.maxIndex=z,e.mean=function(e,t){let a=0,n=0;if(void 0===t)for(let t of e)null!=t&&(t=+t)>=t&&(++a,n+=t);else{let i=-1;for(let r of e)null!=(r=t(r,++i,e))&&(r=+r)>=r&&(++a,n+=r)}if(a)return n/a},e.median=function(e,t){return B(e,.5,t)},e.merge=function(e){return Array.from(function*(e){for(const t of e)yield*t}(e))},e.min=q,e.minIndex=$,e.nice=A,e.pairs=function(e,t=V){const a=[];let n,i=!1;for(const r of e)i&&a.push(t(n,r)),n=r,i=!0;return a},e.permute=w,e.quantile=B,e.quantileSorted=function(e,t,a=n){if(i=e.length){if((t=+t)<=0||i<2)return+a(e[0],0,e);if(t>=1)return+a(e[i-1],i-1,e);var i,r=(i-1)*t,o=Math.floor(r),s=+a(e[o],o,e);return s+(+a(e[o+1],o+1,e)-s)*(r-o)}},e.quickselect=P,e.range=function(e,t,a){e=+e,t=+t,a=(i=arguments.length)<2?(t=e,e=0,1):i<3?1:+a;for(var n=-1,i=0|Math.max(0,Math.ceil((t-e)/a)),r=new Array(i);++n<i;)r[n]=e+n*a;return r},e.reduce=function(e,t,a){if("function"!=typeof t)throw new TypeError("reducer is not a function");const n=e[Symbol.iterator]();let i,r,o=-1;if(arguments.length<3){if(({done:i,value:a}=n.next()),i)return;++o}for(;({done:i,value:r}=n.next()),!i;)a=t(a,r,++o,e);return a},e.reverse=function(e){if("function"!=typeof e[Symbol.iterator])throw new TypeError("values is not iterable");return Array.from(e).reverse()},e.rollup=x,e.rollups=function(e,t,...a){return S(e,Array.from,t,a)},e.scan=function(e,t){const a=G(e,t);return a<0?void 0:a},e.shuffle=U,e.shuffler=H,e.some=function(e,t){if("function"!=typeof t)throw new TypeError("test is not a function");let a=-1;for(const n of e)if(t(n,++a,e))return!0;return!1},e.sort=j,e.subset=function(e,t){return K(t,e)},e.sum=function(e,t){let a=0;if(void 0===t)for(let t of e)(t=+t)&&(a+=t);else{let n=-1;for(let i of e)(i=+t(i,++n,e))&&(a+=i)}return a},e.superset=K,e.thresholdFreedmanDiaconis=function(e,t,a){return Math.ceil((a-t)/(2*(B(e,.75)-B(e,.25))*Math.pow(l(e),-1/3)))},e.thresholdScott=function(e,t,a){return Math.ceil((a-t)/(3.5*m(e)*Math.pow(l(e),-1/3)))},e.thresholdSturges=_,e.tickIncrement=D,e.tickStep=function(e,t,a){var n=Math.abs(t-e)/Math.max(0,a),i=Math.pow(10,Math.floor(Math.log(n)/Math.LN10)),r=n/i;return r>=T?i*=10:r>=C?i*=5:r>=M&&(i*=2),t<e?-i:i},e.ticks=F,e.transpose=W,e.union=function(...e){const t=new Set;for(const a of e)for(const e of a)t.add(e);return t},e.variance=p,e.zip=function(){return W(arguments)},Object.defineProperty(e,"__esModule",{value:!0})}(t)},function(e,t,a){!function(e,t){"use strict";var a=new Date,n=new Date;function i(e,t,r,o){function s(t){return e(t=0===arguments.length?new Date:new Date(+t)),t}return s.floor=function(t){return e(t=new Date(+t)),t},s.ceil=function(a){return e(a=new Date(a-1)),t(a,1),e(a),a},s.round=function(e){var t=s(e),a=s.ceil(e);return e-t<a-e?t:a},s.offset=function(e,a){return t(e=new Date(+e),null==a?1:Math.floor(a)),e},s.range=function(a,n,i){var r,o=[];if(a=s.ceil(a),i=null==i?1:Math.floor(i),!(a<n&&i>0))return o;do{o.push(r=new Date(+a)),t(a,i),e(a)}while(r<a&&a<n);return o},s.filter=function(a){return i((function(t){if(t>=t)for(;e(t),!a(t);)t.setTime(t-1)}),(function(e,n){if(e>=e)if(n<0)for(;++n<=0;)for(;t(e,-1),!a(e););else for(;--n>=0;)for(;t(e,1),!a(e););}))},r&&(s.count=function(t,i){return a.setTime(+t),n.setTime(+i),e(a),e(n),Math.floor(r(a,n))},s.every=function(e){return e=Math.floor(e),isFinite(e)&&e>0?e>1?s.filter(o?function(t){return o(t)%e==0}:function(t){return s.count(0,t)%e==0}):s:null}),s}var r=i((function(){}),(function(e,t){e.setTime(+e+t)}),(function(e,t){return t-e}));r.every=function(e){return e=Math.floor(e),isFinite(e)&&e>0?e>1?i((function(t){t.setTime(Math.floor(t/e)*e)}),(function(t,a){t.setTime(+t+a*e)}),(function(t,a){return(a-t)/e})):r:null};var o=r.range;const s=1e3,l=60*s,c=60*l,u=24*c,d=7*u,p=30*u,m=365*u;var g=i((function(e){e.setTime(e-e.getMilliseconds())}),(function(e,t){e.setTime(+e+t*s)}),(function(e,t){return(t-e)/s}),(function(e){return e.getUTCSeconds()})),y=g.range,f=i((function(e){e.setTime(e-e.getMilliseconds()-e.getSeconds()*s)}),(function(e,t){e.setTime(+e+t*l)}),(function(e,t){return(t-e)/l}),(function(e){return e.getMinutes()})),b=f.range,h=i((function(e){e.setTime(e-e.getMilliseconds()-e.getSeconds()*s-e.getMinutes()*l)}),(function(e,t){e.setTime(+e+t*c)}),(function(e,t){return(t-e)/c}),(function(e){return e.getHours()})),E=h.range,v=i((e=>e.setHours(0,0,0,0)),((e,t)=>e.setDate(e.getDate()+t)),((e,t)=>(t-e-(t.getTimezoneOffset()-e.getTimezoneOffset())*l)/u),(e=>e.getDate()-1)),x=v.range;function k(e){return i((function(t){t.setDate(t.getDate()-(t.getDay()+7-e)%7),t.setHours(0,0,0,0)}),(function(e,t){e.setDate(e.getDate()+7*t)}),(function(e,t){return(t-e-(t.getTimezoneOffset()-e.getTimezoneOffset())*l)/d}))}var S=k(0),w=k(1),j=k(2),O=k(3),I=k(4),T=k(5),C=k(6),M=S.range,F=w.range,D=j.range,A=O.range,_=I.range,N=T.range,R=C.range,q=i((function(e){e.setDate(1),e.setHours(0,0,0,0)}),(function(e,t){e.setMonth(e.getMonth()+t)}),(function(e,t){return t.getMonth()-e.getMonth()+12*(t.getFullYear()-e.getFullYear())}),(function(e){return e.getMonth()})),P=q.range,L=i((function(e){e.setMonth(0,1),e.setHours(0,0,0,0)}),(function(e,t){e.setFullYear(e.getFullYear()+t)}),(function(e,t){return t.getFullYear()-e.getFullYear()}),(function(e){return e.getFullYear()}));L.every=function(e){return isFinite(e=Math.floor(e))&&e>0?i((function(t){t.setFullYear(Math.floor(t.getFullYear()/e)*e),t.setMonth(0,1),t.setHours(0,0,0,0)}),(function(t,a){t.setFullYear(t.getFullYear()+a*e)})):null};var B=L.range,z=i((function(e){e.setUTCSeconds(0,0)}),(function(e,t){e.setTime(+e+t*l)}),(function(e,t){return(t-e)/l}),(function(e){return e.getUTCMinutes()})),$=z.range,V=i((function(e){e.setUTCMinutes(0,0,0)}),(function(e,t){e.setTime(+e+t*c)}),(function(e,t){return(t-e)/c}),(function(e){return e.getUTCHours()})),G=V.range,U=i((function(e){e.setUTCHours(0,0,0,0)}),(function(e,t){e.setUTCDate(e.getUTCDate()+t)}),(function(e,t){return(t-e)/u}),(function(e){return e.getUTCDate()-1})),H=U.range;function W(e){return i((function(t){t.setUTCDate(t.getUTCDate()-(t.getUTCDay()+7-e)%7),t.setUTCHours(0,0,0,0)}),(function(e,t){e.setUTCDate(e.getUTCDate()+7*t)}),(function(e,t){return(t-e)/d}))}var Q=W(0),Y=W(1),K=W(2),Z=W(3),J=W(4),X=W(5),ee=W(6),te=Q.range,ae=Y.range,ne=K.range,ie=Z.range,re=J.range,oe=X.range,se=ee.range,le=i((function(e){e.setUTCDate(1),e.setUTCHours(0,0,0,0)}),(function(e,t){e.setUTCMonth(e.getUTCMonth()+t)}),(function(e,t){return t.getUTCMonth()-e.getUTCMonth()+12*(t.getUTCFullYear()-e.getUTCFullYear())}),(function(e){return e.getUTCMonth()})),ce=le.range,ue=i((function(e){e.setUTCMonth(0,1),e.setUTCHours(0,0,0,0)}),(function(e,t){e.setUTCFullYear(e.getUTCFullYear()+t)}),(function(e,t){return t.getUTCFullYear()-e.getUTCFullYear()}),(function(e){return e.getUTCFullYear()}));ue.every=function(e){return isFinite(e=Math.floor(e))&&e>0?i((function(t){t.setUTCFullYear(Math.floor(t.getUTCFullYear()/e)*e),t.setUTCMonth(0,1),t.setUTCHours(0,0,0,0)}),(function(t,a){t.setUTCFullYear(t.getUTCFullYear()+a*e)})):null};var de=ue.range;function pe(e,a,n,i,o,y){const f=[[g,1,s],[g,5,5*s],[g,15,15*s],[g,30,30*s],[y,1,l],[y,5,5*l],[y,15,15*l],[y,30,30*l],[o,1,c],[o,3,3*c],[o,6,6*c],[o,12,12*c],[i,1,u],[i,2,2*u],[n,1,d],[a,1,p],[a,3,3*p],[e,1,m]];function b(a,n,i){const o=Math.abs(n-a)/i,s=t.bisector((([,,e])=>e)).right(f,o);if(s===f.length)return e.every(t.tickStep(a/m,n/m,i));if(0===s)return r.every(Math.max(t.tickStep(a,n,i),1));const[l,c]=f[o/f[s-1][2]<f[s][2]/o?s-1:s];return l.every(c)}return[function(e,t,a){const n=t<e;n&&([e,t]=[t,e]);const i=a&&"function"==typeof a.range?a:b(e,t,a),r=i?i.range(e,+t+1):[];return n?r.reverse():r},b]}const[me,ge]=pe(ue,le,Q,U,V,z),[ye,fe]=pe(L,q,S,v,h,f);e.timeDay=v,e.timeDays=x,e.timeFriday=T,e.timeFridays=N,e.timeHour=h,e.timeHours=E,e.timeInterval=i,e.timeMillisecond=r,e.timeMilliseconds=o,e.timeMinute=f,e.timeMinutes=b,e.timeMonday=w,e.timeMondays=F,e.timeMonth=q,e.timeMonths=P,e.timeSaturday=C,e.timeSaturdays=R,e.timeSecond=g,e.timeSeconds=y,e.timeSunday=S,e.timeSundays=M,e.timeThursday=I,e.timeThursdays=_,e.timeTickInterval=fe,e.timeTicks=ye,e.timeTuesday=j,e.timeTuesdays=D,e.timeWednesday=O,e.timeWednesdays=A,e.timeWeek=S,e.timeWeeks=M,e.timeYear=L,e.timeYears=B,e.utcDay=U,e.utcDays=H,e.utcFriday=X,e.utcFridays=oe,e.utcHour=V,e.utcHours=G,e.utcMillisecond=r,e.utcMilliseconds=o,e.utcMinute=z,e.utcMinutes=$,e.utcMonday=Y,e.utcMondays=ae,e.utcMonth=le,e.utcMonths=ce,e.utcSaturday=ee,e.utcSaturdays=se,e.utcSecond=g,e.utcSeconds=y,e.utcSunday=Q,e.utcSundays=te,e.utcThursday=J,e.utcThursdays=re,e.utcTickInterval=ge,e.utcTicks=me,e.utcTuesday=K,e.utcTuesdays=ne,e.utcWednesday=Z,e.utcWednesdays=ie,e.utcWeek=Q,e.utcWeeks=te,e.utcYear=ue,e.utcYears=de,Object.defineProperty(e,"__esModule",{value:!0})}(t,a(816))},function(e,t,a){"use strict";a.d(t,"a",(function(){return l})),a.d(t,"b",(function(){return c})),a.d(t,"c",(function(){return u}));var n=a(40),i=a(42),r=a(2),o=a.n(r),s=a(121);const l="process.name",c="user.name",u=o.a.memo((({contextId:e,eventId:t,isDraggable:a,processName:r,userName:u})=>o.a.createElement(n.EuiFlexGroup,{alignItems:"flexStart","data-test-subj":"user-process",direction:"column",justifyContent:"center",gutterSize:"none"},null!=u?Object(i.uniq)(u).map((i=>o.a.createElement(n.EuiFlexItem,{grow:!1,key:i},o.a.createElement(s.c,{contextId:e,"data-test-subj":"user-name",eventId:t,field:c,isDraggable:a,value:i,iconType:"user",isAggregatable:!0,fieldType:"keyword"})))):null,null!=r?Object(i.uniq)(r).map((i=>o.a.createElement(n.EuiFlexItem,{grow:!1,key:i},o.a.createElement(s.c,{contextId:e,eventId:t,field:l,isDraggable:a,value:i,iconType:"console",isAggregatable:!0,fieldType:"keyword"})))):null)));u.displayName="UserProcess"},function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(2),i=a.n(n),r=a(121),o=a(392),s=a(127);const l=i.a.memo((({contextId:e,eventId:t,hostName:a,workingDirectory:n,isDraggable:l})=>i.a.createElement(i.a.Fragment,null,i.a.createElement(s.c,{grow:!1,component:"span"},i.a.createElement(r.c,{contextId:e,eventId:t,field:"host.name",value:a,isDraggable:l,fieldType:"keyword",isAggregatable:!0})),null!=n&&i.a.createElement(s.c,{grow:!1,component:"span"},o.e),i.a.createElement(s.c,{grow:!1,component:"span"},i.a.createElement(r.c,{contextId:e,eventId:t,field:"process.working_directory",value:n,iconType:"folderOpen",isDraggable:l,fieldType:"keyword",isAggregatable:!0})))));l.displayName="HostWorkingDir"},function(e,t,a){"use strict";a.d(t,"a",(function(){return w}));var n=a(42),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(106),c=a(449),u=a(607),d=a(485),p=a(569),m=a(395),g=a(608),y=a(868),f=a(571),b=a(818),h=a(380),E=a(460),v=a(570),x=a(532),k=a(275);const S=s.a.div.withConfig({displayName:"Details",componentId:"sc-1voakd9-0"})(["margin:5px 0;"]);S.displayName="Details";const w={id:l.d.netflow,isInstance:e=>"network_traffic"===`${Object(n.get)("event.category",e)}`.toLowerCase()||(e=>{const t=`${e}`.toLowerCase();return"network_flow"===t||"netflow_flow"===t})(Object(n.get)("event.action",e)),renderRow:({data:e,isDraggable:t,scopeId:a})=>r.a.createElement(k.a,null,r.a.createElement(S,null,r.a.createElement(y.a,{contextId:`netflow-row-renderer-render-row-${a}-${e._id}`,destinationBytes:Object(c.a)(Object(n.get)(x.a,e)),destinationGeoContinentName:Object(c.a)(Object(n.get)(v.b,e)),destinationGeoCountryName:Object(c.a)(Object(n.get)(v.d,e)),destinationGeoCountryIsoCode:Object(c.a)(Object(n.get)(v.c,e)),destinationGeoRegionName:Object(c.a)(Object(n.get)(v.e,e)),destinationGeoCityName:Object(c.a)(Object(n.get)(v.a,e)),destinationIp:Object(c.a)(Object(n.get)(m.a,e)),destinationPackets:Object(c.a)(Object(n.get)(x.b,e)),destinationPort:Object(c.a)(Object(n.get)(h.a,e)),eventDuration:Object(c.a)(Object(n.get)(d.b,e)),eventId:Object(n.get)(p.a,e),eventEnd:Object(c.a)(Object(n.get)(f.b,e)),eventStart:Object(c.a)(Object(n.get)(f.c,e)),isDraggable:t,networkBytes:Object(c.a)(Object(n.get)(E.a,e)),networkCommunityId:Object(c.a)(Object(n.get)(E.b,e)),networkDirection:Object(c.a)(Object(n.get)(E.c,e)),networkPackets:Object(c.a)(Object(n.get)(E.d,e)),networkProtocol:Object(c.a)(Object(n.get)(E.e,e)),processName:Object(c.a)(Object(n.get)(b.a,e)),sourceBytes:Object(c.a)(Object(n.get)(x.c,e)),sourceGeoContinentName:Object(c.a)(Object(n.get)(v.h,e)),sourceGeoCountryName:Object(c.a)(Object(n.get)(v.j,e)),sourceGeoCountryIsoCode:Object(c.a)(Object(n.get)(v.i,e)),sourceGeoRegionName:Object(c.a)(Object(n.get)(v.k,e)),sourceGeoCityName:Object(c.a)(Object(n.get)(v.g,e)),sourceIp:Object(c.a)(Object(n.get)(m.d,e)),sourcePackets:Object(c.a)(Object(n.get)(x.d,e)),sourcePort:Object(c.a)(Object(n.get)(h.c,e)),tlsClientCertificateFingerprintSha1:Object(c.a)(Object(n.get)(u.b,e)),tlsFingerprintsJa3Hash:Object(c.a)(Object(n.get)(g.a,e)),tlsServerCertificateFingerprintSha1:Object(c.a)(Object(n.get)(u.c,e)),transport:Object(c.a)(Object(n.get)(E.f,e)),userName:Object(c.a)(Object(n.get)(b.b,e))})))}},function(e,t,a){"use strict";a.d(t,"e",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"d",(function(){return o})),a.d(t,"c",(function(){return s})),a.d(t,"a",(function(){return l})),a.d(t,"f",(function(){return c}));var n=a(5);n.i18n.translate("xpack.securitySolution.timeline.expandableEvent.messageTitle",{defaultMessage:"Message"});const i=n.i18n.translate("xpack.securitySolution.timeline.expandableEvent.openAlertDetails",{defaultMessage:"Open alert details page"}),r=n.i18n.translate("xpack.securitySolution.timeline.expandableEvent.closeEventDetailsLabel",{defaultMessage:"close"}),o=n.i18n.translate("xpack.securitySolution.timeline.expandableEvent.placeholder",{defaultMessage:"Select an event to show event details"}),s=n.i18n.translate("xpack.securitySolution.timeline.expandableEvent.eventTitleLabel",{defaultMessage:"Event details"}),l=n.i18n.translate("xpack.securitySolution.timeline.expandableEvent.alertTitleLabel",{defaultMessage:"Alert details"}),c=n.i18n.translate("xpack.securitySolution.timeline.expandableEvent.shareAlert",{defaultMessage:"Share alert"})},function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(8),i=a(2),r=a(4),o=a(108),s=a(239),l=a(375);const c=({alertId:e})=>{const[t,a]=Object(i.useState)(!1),[c,u]=Object(i.useState)([]),{addError:d}=Object(o.a)();return Object(i.useEffect)((()=>{let t=!0;return a(!0),Object(n.isEmpty)(e)||(async()=>{try{const a=await Object(s.f)({alertId:e,owner:[r.i]});t&&u(a)}catch(e){d(e.message,{title:l.a})}t&&a(!1)})(),()=>{t=!1}}),[e,d]),{loading:t,casesInfo:c}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a(120),r=a(181),o=a(135);const s=({isEndpointAlert:e,onAddExceptionTypeClick:t})=>{const[{canUserCRUD:a,hasIndexWrite:s}]=Object(r.b)(),l=Object(n.useCallback)((()=>{t()}),[t]),c=Object(n.useCallback)((()=>{t(i.b.ENDPOINT)}),[t]),u=!a||!s||!e,d=!a||!s;return{exceptionActionItems:Object(n.useMemo)((()=>d?[]:[{key:"add-endpoint-exception-menu-item","data-test-subj":"add-endpoint-exception-menu-item",disabled:u,onClick:c,name:o.d},{key:"add-exception-menu-item","data-test-subj":"add-exception-menu-item",disabled:d,onClick:l,name:o.g}]),[u,d,l,c])}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(2),i=a(135);const r=({onAddEventFilterClick:e,disabled:t=!1,tooltipMessage:a})=>({eventFilterActionItems:Object(n.useMemo)((()=>[{key:"add-event-filter-menu-item","data-test-subj":"add-event-filter-menu-item",onClick:e,disabled:t,toolTipContent:a,name:i.e}]),[e,t,a])})},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a(129),r=a(1123),o=a(285);const s=({closePopover:e,ecsRowData:t,refetch:a})=>{var s;const{hasIndexWrite:l}=Object(o.a)(),c=t._id,u=Object(n.useMemo)((()=>{var e,a,n,r;return[{_id:c,_index:null!==(e=t._index)&&void 0!==e?e:"",data:[{field:i.kb,value:null!==(a=null==t||null===(n=t.kibana)||void 0===n?void 0:n.alert.workflow_tags)&&void 0!==a?a:[]}],ecs:{_id:c,_index:null!==(r=t._index)&&void 0!==r?r:""}}]}),[c,t._index,null==t||null===(s=t.kibana)||void 0===s?void 0:s.alert.workflow_tags]),{alertTagsItems:d,alertTagsPanels:p}=Object(r.a)({refetch:a}),m=Object(n.useMemo)((()=>d.map((e=>({name:e.name,panel:e.panel,"data-test-subj":e["data-test-subj"],key:e.key})))),[d]);return{alertTagsItems:l?m:[],alertTagsPanels:Object(n.useMemo)((()=>p.map((t=>{const a=t.renderContent({closePopoverMenu:e,setIsBulkActionsLoading:()=>{},alertItems:u});return{title:t.title,content:a,id:t.id}}))),[u,p,e])}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(2);const i=({refetch:e,onRuleChange:t,isActiveTimelines:a})=>{const[i,r]=Object(n.useState)(!1),[o,s]=Object(n.useState)(null);return{exceptionFlyoutType:o,openAddExceptionFlyout:i,onAddExceptionTypeClick:Object(n.useCallback)((e=>{s(null!=e?e:null),r(!0)}),[]),onAddExceptionCancel:Object(n.useCallback)((()=>{s(null),r(!1)}),[]),onAddExceptionConfirm:Object(n.useCallback)(((n,i,o)=>{e&&(!1===a||o)&&e(),null!=t&&n&&t(),r(!1)}),[t,e,a])}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(381);const i=(e,t)=>{const a=Object(n.g)(e),i=Object(n.b)(e);return"create"===t?i:a}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a.n(n),r=a(40),o=a(107);const s=Object(n.memo)((({title:e,subtitle:t,actions:a,children:s,restrictWidth:l=!1,hasBottomBorder:c=!0,hideHeader:u=!1,headerBackComponent:d,...p})=>{const m=Object(n.useMemo)((()=>i.a.createElement(r.EuiFlexGroup,{direction:"column",gutterSize:"none",alignItems:"flexStart"},i.a.createElement(r.EuiFlexItem,{grow:!1},d&&i.a.createElement(i.a.Fragment,null,d)),i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiTitle,{size:"l"},i.a.createElement("span",{"data-test-subj":"header-page-title"},e))))),[d,e]),g=Object(n.useMemo)((()=>t?i.a.createElement("span",{"data-test-subj":"header-panel-subtitle"},t):void 0),[t]),y=Object(o.a)(p["data-test-subj"]);return i.a.createElement("div",p,!u&&i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiPageHeader,{pageTitle:m,description:g,bottomBorder:c,rightSideItems:a?[a]:void 0,restrictWidth:l,"data-test-subj":y("header")}),i.a.createElement(r.EuiSpacer,{size:"l"})),i.a.createElement(r.EuiPageContent_Deprecated,{hasBorder:!1,hasShadow:!1,paddingSize:"none",color:"transparent",borderRadius:"none"},i.a.createElement(r.EuiPageContentBody_Deprecated,{restrictWidth:l},s)))}));s.displayName="AdministrationListPage"},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(2),i=a(290);const r=["create","edit"],o=(e=!0,t=!0)=>{var a;const o=null!==(a=Object(i.a)().urlParams.show)&&void 0!==a?a:"";return Object(n.useMemo)((()=>!!r.includes(o)&&("create"===o&&t||"edit"===o&&e)),[t,e,o])}},function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"a",(function(){return r})),a.d(t,"c",(function(){return o})),a.d(t,"d",(function(){return s}));var n=a(226);function i(e){return(null==e?void 0:e.filter((e=>!e.startsWith("policy:"))))||[]}function r(e,t=[]){return e.isGlobal?[n.d,...t]:e.selected.map((e=>`policy:${e.id}`)).concat(t)}function o(e,t){return e.find((e=>e===n.d))?{isGlobal:!0,selected:[]}:{isGlobal:!1,selected:e.reduce(((e,a)=>{const n=a.split(":")[1],i=t.find((e=>e.id===n));return void 0!==i&&e.push(i),e}),[])}}function s(e){return void 0!==e&&void 0!==e.find((e=>e===n.d))}},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(2);const i=()=>{const[e,t]=Object(n.useState)(!1),a=Object(n.useCallback)((()=>{t(!0)}),[]);return{closeAddEventFilterModal:Object(n.useCallback)((()=>{t(!1)}),[]),isAddEventFilterModalOpen:e,onAddEventFilterClick:a}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(119),i=a(139),r=a(542);const o=Object(i.createSelector)(Object(r.globalFiltersQuerySelector)(),Object(r.getTimelineSelector)(),Object(r.globalQuerySelector)(),Object(r.globalQuery)(),Object(r.timelineQueryByIdSelector)(),Object(n.o)(),((e,t,a,n,i,r)=>({filters:e,input:t,query:a,globalQueries:n,timelineQuery:i,dataTable:r})))},function(e,t,a){e.exports=a.p+"2d015490d219c87a014c81f9555e556a.svg"},function(e,t,a){e.exports=a.p+"432a17d27c37a1b4467753dcc2332f12.svg"},function(e,t,a){"use strict";a.d(t,"c",(function(){return o})),a.d(t,"b",(function(){return s})),a.d(t,"a",(function(){return l}));var n=a(113),i=a(314),r=a(200);const o=e=>({...e.page.queries,[r.HostsTableType.authentications]:{...e.page.queries[r.HostsTableType.authentications],activePage:i.a},[r.HostsTableType.hosts]:{...e.page.queries[r.HostsTableType.hosts],activePage:i.a},[r.HostsTableType.events]:{...e.page.queries[r.HostsTableType.events],activePage:i.a},[r.HostsTableType.uncommonProcesses]:{...e.page.queries[r.HostsTableType.uncommonProcesses],activePage:i.a}}),s=e=>({...e.details.queries,[r.HostsTableType.authentications]:{...e.details.queries[r.HostsTableType.authentications],activePage:i.a},[r.HostsTableType.hosts]:{...e.details.queries[r.HostsTableType.hosts],activePage:i.a},[r.HostsTableType.events]:{...e.details.queries[r.HostsTableType.events],activePage:i.a},[r.HostsTableType.uncommonProcesses]:{...e.details.queries[r.HostsTableType.uncommonProcesses],activePage:i.a}}),l=(e,t)=>e.length>0?[{query:{bool:{should:e.map((e=>({match_phrase:{[t===n.w.user?n.x.userRisk:n.x.hostRisk]:{query:e}}})))}},meta:{alias:null,disabled:!1,negate:!1}}]:[]},function(e,t,a){const n=a(192);e.exports=(e,t,a)=>0===n(e,t,a)},function(e,t,a){const n=a(192);e.exports=(e,t,a)=>0!==n(e,t,a)},function(e,t,a){const n=a(836),i=a(837),r=a(462),o=a(489),s=a(578),l=a(396);e.exports=(e,t,a,c)=>{switch(t){case"===":return"object"==typeof e&&(e=e.version),"object"==typeof a&&(a=a.version),e===a;case"!==":return"object"==typeof e&&(e=e.version),"object"==typeof a&&(a=a.version),e!==a;case"":case"=":case"==":return n(e,a,c);case"!=":return i(e,a,c);case">":return r(e,a,c);case">=":return o(e,a,c);case"<":return s(e,a,c);case"<=":return l(e,a,c);default:throw new TypeError(`Invalid operator: ${t}`)}}},function(e,t,a){"use strict";const n=a(2),i=a(1310),r=a(496),o=a(1311),s=a(1358),l=a(1399),c=a(1359),u=a(1360),d=a(1362),p=a(1363).hastChildrenToReact;e.exports=f;const m={}.hasOwnProperty,g="https://github.com/remarkjs/react-markdown/blob/main/changelog.md",y={renderers:{to:"components",id:"change-renderers-to-components"},astPlugins:{id:"remove-buggy-html-in-markdown-parser"},allowDangerousHtml:{id:"remove-buggy-html-in-markdown-parser"},escapeHtml:{id:"remove-buggy-html-in-markdown-parser"},source:{to:"children",id:"change-source-to-children"},allowNode:{to:"allowElement",id:"replace-allownode-allowedtypes-and-disallowedtypes"},allowedTypes:{to:"allowedElements",id:"replace-allownode-allowedtypes-and-disallowedtypes"},disallowedTypes:{to:"disallowedElements",id:"replace-allownode-allowedtypes-and-disallowedtypes"},includeNodeIndex:{to:"includeElementIndex",id:"change-includenodeindex-to-includeelementindex"}};function f(e){for(const t in y)if(m.call(y,t)&&m.call(e,t)){const e=y[t];console.warn(`[react-markdown] Warning: please ${e.to?`use \`${e.to}\` instead of`:"remove"} \`${t}\` (see <${g}#${e.id}> for more info)`),delete y[t]}const t=r().use(o).use(e.remarkPlugins||e.plugins||[]).use(s,{allowDangerousHtml:!0}).use(e.rehypePlugins||[]).use(u,e);let a;"string"==typeof e.children?a=i(e.children):(void 0!==e.children&&null!==e.children&&console.warn(`[react-markdown] Warning: please pass a string as \`children\` (not: \`${e.children}\`)`),a=i());const l=t.runSync(t.parse(a),a);if("root"!==l.type)throw new TypeError("Expected a `root` node");let d=n.createElement(n.Fragment,{},p({options:e,schema:c,listDepth:0},l));return e.className&&(d=n.createElement("div",{className:e.className},d)),d}f.defaultProps={transformLinkUri:d},f.propTypes={children:l.string,className:l.string,allowElement:l.func,allowedElements:l.arrayOf(l.string),disallowedElements:l.arrayOf(l.string),unwrapDisallowed:l.bool,remarkPlugins:l.arrayOf(l.oneOfType([l.object,l.func,l.arrayOf(l.oneOfType([l.object,l.func]))])),rehypePlugins:l.arrayOf(l.oneOfType([l.object,l.func,l.arrayOf(l.oneOfType([l.object,l.func]))])),sourcePos:l.bool,rawSourcePos:l.bool,skipHtml:l.bool,includeElementIndex:l.bool,transformLinkUri:l.oneOfType([l.func,l.bool]),linkTarget:l.oneOfType([l.func,l.string]),transformImageUri:l.func,components:l.object},f.uriTransformer=d},function(e,t,a){"use strict";var n={}.hasOwnProperty;e.exports=n},function(e,t,a){"use strict";e.exports=function(e){for(var t=-1,a=0;++t<e.length;)a+="string"==typeof e[t]?e[t].length:1;return a}},function(e,t,a){"use strict";var n=a(369),i=a(251),r=a(315);function o(e,t){for(var a,n,r,o,s,l,c=e[t][1],u=e[t][2],d=t-1,p=[],m=c._tokenizer||u.parser[c.contentType](c.start),g=m.events,y=[],f={};c;){for(;e[++d][1]!==c;);p.push(d),c._tokenizer||(a=u.sliceStream(c),c.next||a.push(null),n&&m.defineSkip(c.start),c.isInFirstContentOfListItem&&(m._gfmTasklistFirstContentOfListItem=!0),m.write(a),c.isInFirstContentOfListItem&&(m._gfmTasklistFirstContentOfListItem=void 0)),n=c,c=c.next}for(c=n,r=g.length;r--;)"enter"===g[r][0]?o=!0:o&&g[r][1].type===g[r-1][1].type&&g[r][1].start.line!==g[r][1].end.line&&(b(g.slice(r+1,s)),c._tokenizer=c.next=void 0,c=c.previous,s=r+1);for(m.events=c._tokenizer=c.next=void 0,b(g.slice(0,s)),r=-1,l=0;++r<y.length;)f[l+y[r][0]]=l+y[r][1],l+=y[r][1]-y[r][0]-1;return f;function b(t){var a=p.pop();y.unshift([a,a+t.length-1]),i(e,a,2,t)}}e.exports=function(e){for(var t,a,s,l,c,u,d,p={},m=-1;++m<e.length;){for(;m in p;)m=p[m];if(t=e[m],m&&"chunkFlow"===t[1].type&&"listItemPrefix"===e[m-1][1].type&&((s=0)<(u=t[1]._tokenizer.events).length&&"lineEndingBlank"===u[s][1].type&&(s+=2),s<u.length&&"content"===u[s][1].type))for(;++s<u.length&&"content"!==u[s][1].type;)"chunkText"===u[s][1].type&&(u[s][1].isInFirstContentOfListItem=!0,s++);if("enter"===t[0])t[1].contentType&&(n(p,o(e,m)),m=p[m],d=!0);else if(t[1]._container||t[1]._movePreviousLineEndings){for(s=m,a=void 0;s--&&("lineEnding"===(l=e[s])[1].type||"lineEndingBlank"===l[1].type);)"enter"===l[0]&&(a&&(e[a][1].type="lineEndingBlank"),l[1].type="lineEnding",a=s);a&&(t[1].end=r(e[a][1].start),(c=e.slice(a,m)).unshift(t),i(e,a,m-a+1,c))}}return!d}},function(e,t,a){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var n=a(369),i=a(315),r=l("text"),o=l("string"),s={resolveAll:c()};function l(e){return{tokenize:function(t){var a=this,n=this.parser.constructs[e],i=t.attempt(n,r,o);return r;function r(e){return l(e)?i(e):o(e)}function o(e){if(null!==e)return t.enter("data"),t.consume(e),s;t.consume(e)}function s(e){return l(e)?(t.exit("data"),i(e)):(t.consume(e),s)}function l(e){var t=n[e],i=-1;if(null===e)return!0;if(t)for(;++i<t.length;)if(!t[i].previous||t[i].previous.call(a,a.previous))return!0}},resolveAll:c("text"===e?u:void 0)}}function c(e){return function(t,a){for(var n,i=-1;++i<=t.length;)void 0===n?t[i]&&"data"===t[i][1].type&&(n=i,i++):t[i]&&"data"===t[i][1].type||(i!==n+2&&(t[n][1].end=t[i-1][1].end,t.splice(n+2,i-n-2),i=n+2),n=void 0);return e?e(t,a):t}}function u(e,t){for(var a,r,o,s,l,c,u,d,p=-1;++p<=e.length;)if((p===e.length||"lineEnding"===e[p][1].type)&&"data"===e[p-1][1].type){for(r=e[p-1][1],s=(a=t.sliceStream(r)).length,l=-1,c=0,u=void 0;s--;)if("string"==typeof(o=a[s])){for(l=o.length;32===o.charCodeAt(l-1);)c++,l--;if(l)break;l=-1}else if(-2===o)u=!0,c++;else if(-1!==o){s++;break}c&&(d={type:p===e.length||u||c<2?"lineSuffix":"hardBreakTrailing",start:{line:r.end.line,column:r.end.column-c,offset:r.end.offset-c,_index:r.start._index+s,_bufferIndex:s?l:r.start._bufferIndex+l},end:i(r.end)},r.end=i(d.start),r.start.offset===r.end.offset?n(r,d):(e.splice(p,0,["enter",d,t],["exit",d,t]),p+=2)),p++}return e}t.resolver=s,t.string=o,t.text=r},function(e,t,a){"use strict";e.exports=function(e){return e<32||127===e}},function(e,t,a){e.exports=a(33)(3364)},function(e,t,a){"use strict";var n=a(253)(/\d/);e.exports=n},function(e,t,a){"use strict";var n=a(844),i=a(252),r=a(147);e.exports=function(e,t,a,o,s,l,c,u,d){var p=d||1/0,m=0;return function(t){return 60===t?(e.enter(o),e.enter(s),e.enter(l),e.consume(t),e.exit(l),g):n(t)||41===t?a(t):(e.enter(o),e.enter(c),e.enter(u),e.enter("chunkString",{contentType:"string"}),b(t))};function g(a){return 62===a?(e.enter(l),e.consume(a),e.exit(l),e.exit(s),e.exit(o),t):(e.enter(u),e.enter("chunkString",{contentType:"string"}),y(a))}function y(t){return 62===t?(e.exit("chunkString"),e.exit(u),g(t)):null===t||60===t||r(t)?a(t):(e.consume(t),92===t?f:y)}function f(t){return 60===t||62===t||92===t?(e.consume(t),y):y(t)}function b(r){return 40===r?++m>p?a(r):(e.consume(r),b):41===r?m--?(e.consume(r),b):(e.exit("chunkString"),e.exit(u),e.exit(c),e.exit(o),t(r)):null===r||i(r)?m?a(r):(e.exit("chunkString"),e.exit(u),e.exit(c),e.exit(o),t(r)):n(r)?a(r):(e.consume(r),92===r?h:b)}function h(t){return 40===t||41===t||92===t?(e.consume(t),b):b(t)}}},function(e,t,a){"use strict";var n=a(147),i=a(237);e.exports=function(e,t,a,r,o,s){var l,c=this,u=0;return function(t){return e.enter(r),e.enter(o),e.consume(t),e.exit(o),e.enter(s),d};function d(i){return null===i||91===i||93===i&&!l||94===i&&!u&&"_hiddenFootnoteSupport"in c.parser.constructs||u>999?a(i):93===i?(e.exit(s),e.enter(o),e.consume(i),e.exit(o),e.exit(r),t):n(i)?(e.enter("lineEnding"),e.consume(i),e.exit("lineEnding"),d):(e.enter("chunkString",{contentType:"string"}),p(i))}function p(t){return null===t||91===t||93===t||n(t)||u++>999?(e.exit("chunkString"),d(t)):(e.consume(t),l=l||!i(t),92===t?m:p)}function m(t){return 91===t||92===t||93===t?(e.consume(t),u++,p):p(t)}}},function(e,t,a){"use strict";var n=a(147),i=a(237),r=a(154);e.exports=function(e,t){var a;return function o(s){return n(s)?(e.enter("lineEnding"),e.consume(s),e.exit("lineEnding"),a=!0,o):i(s)?r(e,o,a?"linePrefix":"lineSuffix")(s):t(s)}}},function(e,t,a){"use strict";var n=a(147),i=a(154);e.exports=function(e,t,a,r,o,s){var l;return function(t){return e.enter(r),e.enter(o),e.consume(t),e.exit(o),l=40===t?41:t,c};function c(a){return a===l?(e.enter(o),e.consume(a),e.exit(o),e.exit(r),t):(e.enter(s),u(a))}function u(t){return t===l?(e.exit(s),c(l)):null===t?a(t):n(t)?(e.enter("lineEnding"),e.consume(t),e.exit("lineEnding"),i(e,u,"linePrefix")):(e.enter("chunkString",{contentType:"string"}),d(t))}function d(t){return t===l||null===t||n(t)?(e.exit("chunkString"),u(t)):(e.consume(t),92===t?p:d)}function p(t){return t===l||92===t?(e.consume(t),d):d(t)}}},function(e,t,a){"use strict";var n=a(147),i=a(237),r=a(154),o={name:"thematicBreak",tokenize:function(e,t,a){var o,s=0;return function(t){return e.enter("thematicBreak"),o=t,l(t)};function l(u){return u===o?(e.enter("thematicBreakSequence"),c(u)):i(u)?r(e,l,"whitespace")(u):s<3||null!==u&&!n(u)?a(u):(e.exit("thematicBreak"),t(u))}function c(t){return t===o?(e.consume(t),s++,c):(e.exit("thematicBreakSequence"),l(t))}}};e.exports=o},function(e,t,a){"use strict";a.d(t,"b",(function(){return i})),a.d(t,"d",(function(){return r})),a.d(t,"a",(function(){return o})),a.d(t,"e",(function(){return s})),a.d(t,"c",(function(){return l}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.ruleActionsField.ruleActionsFormErrorsTitle",{defaultMessage:"Please fix issues listed below"}),r=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleNotifyWhen.onActiveAlert.display",{defaultMessage:"Per rule run"}),o=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleNotifyWhen.onThrottleInterval.display",{defaultMessage:"Custom frequency"}),s=n.i18n.translate("xpack.securitySolution.detectionEngine.body.summary.message",{defaultMessage:"Rule {ruleName} generated {signalsCount} alerts",values:{ruleName:"{{context.rule.name}}",signalsCount:"{{state.signals_count}}"}}),l=n.i18n.translate("xpack.securitySolution.detectionEngine.body.forEachAlert.message",{defaultMessage:"Rule {ruleName} generated alert {alertId}",values:{ruleName:"{{context.rule.name}}",alertId:"{{alert.id}}"}})},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(108),i=a(332),r=a(304);const o=(e,t)=>{const{addError:a}=Object(n.a)();return Object(i.a)(e,{onError:e=>a(e,{title:r.b}),...t})}},function(e,t,a){"use strict";a.d(t,"a",(function(){return i})),a.d(t,"h",(function(){return r})),a.d(t,"i",(function(){return o})),a.d(t,"d",(function(){return s})),a.d(t,"e",(function(){return l})),a.d(t,"f",(function(){return c})),a.d(t,"g",(function(){return u})),a.d(t,"b",(function(){return d})),a.d(t,"c",(function(){return p}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.documentationLinks.ariaLabelEnding",{defaultMessage:"click to open documentation in a new tab"}),r="sec-requirements.html",o=n.i18n.translate("xpack.securitySolution.documentationLinks.solutionRequirements.text",{defaultMessage:"Elastic Security system requirements"}),s="detections-permissions-section.html",l=n.i18n.translate("xpack.securitySolution.documentationLinks.detectionsRequirements.text",{defaultMessage:"Detections prerequisites and requirements"}),c="alerts-ui-monitor.html#ml-job-compatibility",u=n.i18n.translate("xpack.securitySolution.documentationLinks.mlJobCompatibility.text",{defaultMessage:"ML job compatibility"}),d="rules-coverage.html",p=n.i18n.translate("xpack.securitySolution.documentationLinks.coverageOverview.text",{defaultMessage:"Learn more."})},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(5);const i={interval:{label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldIntervalLabel",{defaultMessage:"Runs every"}),helpText:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldIntervalHelpText",{defaultMessage:"Rules run periodically and detect alerts within the specified time frame."})},from:{label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldAdditionalLookBackLabel",{defaultMessage:"Additional look-back time"}),helpText:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldAdditionalLookBackHelpText",{defaultMessage:"Adds time to the look-back period to prevent missed alerts."})}}},,,function(e,t,a){"use strict";a.d(t,"e",(function(){return r})),a.d(t,"c",(function(){return o})),a.d(t,"a",(function(){return s})),a.d(t,"d",(function(){return l})),a.d(t,"b",(function(){return c}));var n=a(172),i=a(137);function r(e){switch(e){case n.b.export:return i.Dc;case n.b.duplicate:return i.pc;case n.b.delete:return i.hc;case n.b.enable:return i.yc;case n.b.disable:return i.lc;case n.b.edit:return i.tc}}function o(e,t){switch(e){case n.b.export:return u(t.succeeded,t.total);case n.b.duplicate:return i.qc(t.succeeded);case n.b.delete:return i.ic(t.succeeded);case n.b.enable:return i.zc(t.succeeded);case n.b.disable:return i.mc(t.succeeded)}}function s(e,t){const a=t.skipped>0?` ${i.uc}`:null;return e.some((e=>e.type===n.a.add_index_patterns||e.type===n.a.set_index_patterns||e.type===n.a.delete_index_patterns))?`${i.vc(t.succeeded,t.skipped)}${a}`:i.vc(t.succeeded,t.skipped)}function l(e){switch(e){case n.b.export:return i.Ac;case n.b.duplicate:return i.nc;case n.b.delete:return i.fc;case n.b.enable:return i.wc;case n.b.disable:return i.jc;case n.b.edit:return i.rc}}function c(e,t){var a,r;const o=null===(a=t.body)||void 0===a||null===(r=a.attributes)||void 0===r?void 0:r.summary;if(!o)return"";switch(e){case n.b.export:return i.Bc(o.failed);case n.b.duplicate:return i.oc(o.failed);case n.b.delete:return i.gc(o.failed);case n.b.enable:return i.xc(o.failed);case n.b.disable:return i.kc(o.failed);case n.b.edit:return i.sc(o.failed,o.skipped)}}const u=(e,t)=>{const a=[i.Ec(e,t)];return t>e&&a.push(i.Cc),a.join(" ")}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a(108),r=a(172),o=a(858);function s(){const e=Object(i.a)();return Object(n.useCallback)((({actionType:t,summary:a,editPayload:n})=>{const i=t===r.b.edit?Object(o.a)(null!=n?n:[],a):Object(o.c)(t,a);e.addSuccess({title:Object(o.e)(t),text:i})}),[e])}},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(2),i=a(172),r=a(265);function o(){const e=Object(r.c)();return Object(n.useCallback)((t=>{const a=null!=e&&e.state.isAllSelected?e.state.rules:[];return(t===i.b.enable?a.filter((e=>!e.enabled)):t===i.b.disable?a.filter((e=>e.enabled)):a).map((e=>e.id))}),[e])}},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(41);const i=a.n(n).a.div.withConfig({displayName:"Display",componentId:"sc-1f84jld-0"})(["",";"],(({show:e})=>e?"":"display: none;"));i.displayName="Display"},function(e,t,a){"use strict";a.d(t,"c",(function(){return i})),a.d(t,"e",(function(){return r})),a.d(t,"d",(function(){return o})),a.d(t,"g",(function(){return s})),a.d(t,"f",(function(){return l})),a.d(t,"a",(function(){return c})),a.d(t,"b",(function(){return u}));var n=a(5);n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.pageTitle",{defaultMessage:"Rule details"}),n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.backToRulesButton",{defaultMessage:"Rules"});const i=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.enableRuleLabel",{defaultMessage:"Enable"}),r=(n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.unknownDescription",{defaultMessage:"Unknown"}),n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExceptionsTab",{defaultMessage:"Rule exceptions"})),o=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.endpointExceptionsTab",{defaultMessage:"Endpoint exceptions"}),s=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionResultsTab",{defaultMessage:"Execution results"}),l=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionEventsTab",{defaultMessage:"Execution events"}),c=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.deletedRule",{defaultMessage:"Deleted rule"}),u=n.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.deleteRuleConfirmationBody",{defaultMessage:'This action will delete the rule. Click "Delete" to continue.'})},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(2);const i=({onInit:e,onFinish:t})=>{const a=Object(n.useRef)(),i=Object(n.useCallback)((()=>{var e;null===(e=a.current)||void 0===e||e.call(a,!0)}),[]),r=Object(n.useCallback)((()=>{var e;null===(e=a.current)||void 0===e||e.call(a,!1)}),[]);return[Object(n.useCallback)((()=>(e(),new Promise((e=>{a.current=e})).finally((()=>{t()})))),[e,t]),i,r]}},,,function(e,t,a){"use strict";a.d(t,"b",(function(){return ni})),a.d(t,"a",(function(){return ii})),a.d(t,"c",(function(){return si}));var n=a(40),i=a(5),r=a(264),o=a(42),s=a(2),l=a.n(s),c=a(45),u=a(103),d=a(41),p=a.n(d),m=a(120),g=a(59),y=a(119),f=a(1042),b=a(1058),h=a(1048),E=a(204),v=a(661),x=a(114),k=a(105),S=a(102),w=a(384),j=a(201),O=a(423),I=a(222),T=a(695),C=a(219),M=a(8),F=a(180),D=a(166),A=a(383);const _=i.i18n.translate("xpack.securitySolution.detectionEngine.details.stepAboutRule.detailsLabel",{defaultMessage:"Details"}),N=i.i18n.translate("xpack.securitySolution.detectionEngine.details.stepAboutRule.aboutText",{defaultMessage:"About"}),R=i.i18n.translate("xpack.securitySolution.detectionEngine.details.stepAboutRule.investigationGuideLabel",{defaultMessage:"Investigation guide"}),q=i.i18n.translate("xpack.securitySolution.detectionEngine.details.stepAboutRule.setupGuideLabel",{defaultMessage:"Setup guide"}),P=i.i18n.translate("xpack.securitySolution.detectionEngine.details.stepAboutRule.controlLegend",{defaultMessage:"Viewing"});var L=a(746);const B=F.css`
  height: 100%;
`,z={id:"details",label:_,"data-test-subj":"stepAboutDetailsToggle-details"},$={id:"notes",label:R,"data-test-subj":"stepAboutDetailsToggle-notes"},V={id:"setup",label:q,"data-test-subj":"stepAboutDetailsToggle-setup"},G=({stepData:e,stepDataDetails:t,loading:a})=>{const[i,r]=Object(s.useState)("details"),[o,c]=Object(s.useState)(0),u=Object(s.useCallback)((e=>{c(e.height)}),[c]),d=Object(s.useMemo)((()=>{const e=!Object(M.isEmpty)(null==t?void 0:t.note)&&""!==(null==t?void 0:t.note.trim()),a=!Object(M.isEmpty)(null==t?void 0:t.setup)&&""!==(null==t?void 0:t.setup.trim());return[...e||a?[z]:[],...e?[$]:[],...a?[V]:[]]}),[t]);return l.a.createElement(n.EuiPanel,{hasBorder:!0,className:F.css`
        position: relative;
      `},a&&l.a.createElement(l.a.Fragment,null,l.a.createElement(n.EuiProgress,{size:"xs",color:"accent",position:"absolute"}),l.a.createElement(D.a,{title:N})),null!=e&&null!=t&&l.a.createElement(n.EuiFlexGroup,{gutterSize:"xs",direction:"column",className:B},l.a.createElement(n.EuiFlexItem,{grow:!1,key:"header"},l.a.createElement(D.a,{title:N},d.length>0&&l.a.createElement(n.EuiButtonGroup,{options:d,idSelected:i,onChange:e=>{r(e)},"data-test-subj":"stepAboutDetailsToggle",legend:P}))),l.a.createElement(n.EuiFlexItem,{key:"details"},"details"===i&&l.a.createElement(n.EuiResizeObserver,{"data-test-subj":"stepAboutDetailsContent",onResize:u},(a=>l.a.createElement("div",{ref:a,className:B},l.a.createElement(H,{maxHeight:120},l.a.createElement(W,{maxHeight:120},l.a.createElement(n.EuiText,{size:"s","data-test-subj":"stepAboutRuleDetailsToggleDescriptionText"},t.description))),l.a.createElement(n.EuiSpacer,{size:"m"}),l.a.createElement(L.b,{addPadding:!1,descriptionColumns:"singleSplit",defaultValues:e})))),"notes"===i&&l.a.createElement(H,{"data-test-subj":"stepAboutDetailsNoteContent",maxHeight:o},l.a.createElement(W,{maxHeight:o},l.a.createElement(A.b,null,t.note))),"setup"===i&&l.a.createElement(H,{"data-test-subj":"stepAboutDetailsSetupContent",maxHeight:o},l.a.createElement(W,{maxHeight:o},l.a.createElement(A.b,null,t.setup))))))},U=Object(s.memo)(G);function H({maxHeight:e,"data-test-subj":t,children:a}){return l.a.createElement("div",{className:F.css`
        max-height: ${e}px;
        overflow-y: hidden;
        word-break: break-word;
      `,"data-test-subj":t},a)}function W({maxHeight:e,children:t}){return l.a.createElement("div",{className:`eui-yScroll ${F.css`
        max-height: ${e}px;
      `}`},t)}var Q=a(656),Y=a(181),K=a(745),Z=a(740),J=a(528),X=a(312),ee=a(1107),te=a(1108),ae=a(334),ne=a(954),ie=a(134),re=a(138),oe=a(151),se=a(4),le=a(687),ce=a(172),ue=a(472),de=a(196),pe=a(159),me=a(333),ge=a(1067),ye=a(612),fe=a(1050),be=a(137);const he=i.i18n.translate("xpack.securitySolution.detectionEngine.rules.components.ruleActionsOverflow.allActionsTitle",{defaultMessage:"All actions"}),Ee=p()(n.EuiButtonIcon).withConfig({displayName:"MyEuiButtonIcon",componentId:"sc-1ut3lkn-0"})(["&.euiButtonIcon{svg{transform:rotate(90deg);}border:1px solid ",";width:40px;height:40px;}"],(({theme:e})=>e.euiColorPrimary)),ve=({rule:e,userHasPermissions:t,canDuplicateRuleWithActions:a,showBulkDuplicateExceptionsConfirmation:i,confirmDeletion:r})=>{const[o,,c,u]=Object(ue.a)(),{navigateToApp:d}=Object(S.j)().services.application,{startTransaction:p}=Object(pe.b)(),{executeBulkAction:m}=Object(ye.b)({suppressSuccessToast:!0}),{bulkExport:g}=Object(ge.a)(),y=Object(fe.a)(),f=Object(s.useCallback)((()=>{d(se.l,{deepLinkId:se.wc.rules,path:Object(j.e)()})}),[d]),b=Object(s.useMemo)((()=>null!=e?[l.a.createElement(n.EuiContextMenuItem,{key:be.Ab,icon:"copy",disabled:!a||!t,"data-test-subj":"rules-details-duplicate-rule",onClick:async()=>{p({name:de.e.DUPLICATE}),c();const t=await i();if(null===t)return;const a=await m({type:ce.b.duplicate,ids:[e.id],duplicatePayload:{include_exceptions:t===le.a.withExceptions||t===le.a.withExceptionsExcludeExpiredExceptions,include_expired_exceptions:!(t===le.a.withExceptionsExcludeExpiredExceptions)}}),n=null==a?void 0:a.attributes.results.created;null!=n&&n.length&&Object(ye.a)(n[0].id,d)}},l.a.createElement(n.EuiToolTip,{position:"left",content:Object(me.a)(e,a)?void 0:be.Qb},l.a.createElement(l.a.Fragment,null,be.Ab))),l.a.createElement(n.EuiContextMenuItem,{key:be.Hb,icon:"exportAction",disabled:!t||e.immutable,"data-test-subj":"rules-details-export-rule",onClick:async()=>{p({name:de.e.EXPORT}),c();const t=await g({ids:[e.id]});t&&await y(t)}},be.Hb),l.a.createElement(n.EuiContextMenuItem,{key:be.xb,icon:"trash",disabled:!t,"data-test-subj":"rules-details-delete-rule",onClick:async()=>{c(),!1!==await r()&&(p({name:de.e.DELETE}),await m({type:ce.b.delete,ids:[e.id]}),f())}},be.xb)]:[]),[g,a,c,m,d,f,e,i,p,t,y,r]),h=Object(s.useMemo)((()=>l.a.createElement(n.EuiToolTip,{position:"top",content:he},l.a.createElement(Ee,{iconType:"boxesHorizontal","aria-label":he,isDisabled:!t,"data-test-subj":"rules-details-popover-button-icon",onClick:u}))),[u,t]);return l.a.createElement(l.a.Fragment,null,l.a.createElement(n.EuiPopover,{anchorPosition:"leftCenter",button:h,closePopover:c,id:"ruleActionsOverflow",isOpen:o,"data-test-subj":"rules-details-popover",ownFocus:!0,panelPaddingSize:"none",repositionOnScroll:!0},l.a.createElement(n.EuiContextMenuPanel,{"data-test-subj":"rules-details-menu-panel",items:b})))},xe=l.a.memo(ve);xe.displayName="RuleActionsOverflow";var ke=a(162),Se=a(648),we=a(486),je=a(131),Oe=a(178),Ie=a(861),Te=a(148),Ce=a(116),Me=a(110),Fe=a(1393),De=a(505),Ae=a(50),_e=a.n(Ae),Ne=a(49);const Re=1e3;var qe=a(64),Pe=a(44),Le=(a(1371),a(21)),Be=a(317),ze=a(108),$e=a(122),Ve=a(541),Ge=a(587);const Ue=Object(s.createContext)(null),He=({children:e})=>{var t;const{storage:a}=Object(S.j)().services,[n,i]=Object(s.useState)([]),[r,o]=Object(s.useState)(1e3),[c,u]=Object(s.useState)(!0),[d,p]=Object(s.useState)("now-24h"),[m,g]=Object(s.useState)("now"),[y,f]=Object(s.useState)(""),[b,h]=Object(s.useState)([]),[E,v]=Object(s.useState)(null!==(t=a.get(se.oc))&&void 0!==t&&t),[x,k]=Object(s.useState)(1),[w,j]=Object(s.useState)(5),[O,I]=Object(s.useState)("timestamp"),[T,C]=Object(s.useState)("desc"),M=Object(s.useMemo)((()=>({[ni.executionResults]:{state:{superDatePicker:{recentlyUsedRanges:n,refreshInterval:r,isPaused:c,start:d,end:m},queryText:y,statusFilters:b,showMetricColumns:E,pagination:{pageIndex:x,pageSize:w},sort:{sortField:O,sortDirection:T}},actions:{setEnd:g,setIsPaused:u,setPageIndex:k,setPageSize:j,setQueryText:f,setRecentlyUsedRanges:i,setRefreshInterval:o,setShowMetricColumns:v,setSortDirection:C,setSortField:I,setStart:p,setStatusFilters:h}}})),[m,c,x,w,y,n,r,E,T,O,d,b]);return l.a.createElement(Ue.Provider,{value:M},e)};var We=a(1418),Qe=a(1417);const Ye=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.tableTitle",{defaultMessage:"Execution log"}),Ke=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.tableSubtitle",{defaultMessage:"A log of rule execution results"}),Ze=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.searchPlaceholder",{defaultMessage:"duration > 100 and gapDuration > 10"}),Je=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.showMetricColumnsSwitchTitle",{defaultMessage:"Show metrics columns"}),Xe=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.statusColumn",{defaultMessage:"Status"}),et=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.statusColumnTooltip",{defaultMessage:"Overall status of execution."}),tt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.timestampColumn",{defaultMessage:"Timestamp"}),at=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.timestampColumnTooltip",{defaultMessage:"Datetime rule execution initiated."}),nt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.durationColumn",{defaultMessage:"Duration"}),it=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.durationColumnTooltip",{defaultMessage:"The length of time it took for the rule to run (hh:mm:ss:SSS)."}),rt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.messageColumn",{defaultMessage:"Message"}),ot=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.messageColumnTooltip",{defaultMessage:"Relevant message from execution outcome."}),st=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.gapDurationColumn",{defaultMessage:"Gap Duration"}),lt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.gapTooltipSeeDocsDescription",{defaultMessage:"see documentation"}),ct=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.indexDurationColumn",{defaultMessage:"Index Duration"}),ut=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.indexDurationColumnTooltip",{defaultMessage:"The length of time it took to index detected alerts (hh:mm:ss:SSS)."}),dt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.searchDurationColumn",{defaultMessage:"Search Duration"}),pt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.searchDurationColumnTooltip",{defaultMessage:"The length of time it took to search for alerts (hh:mm:ss:SSS)."}),mt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.schedulingDelayColumn",{defaultMessage:"Scheduling Delay"}),gt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.schedulingDelayColumnTooltip",{defaultMessage:"The length of time from rule scheduled till rule executed (hh:mm:ss:SSS)."}),yt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.actionsColumn",{defaultMessage:"Actions"}),ft=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.actionsColumnTooltip",{defaultMessage:"Filter alerts by rule execution ID."}),bt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.actionSearchFiltersUpdatedTitle",{defaultMessage:"Global search filters have been updated"}),ht=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.actionSearchFiltersUpdatedDescription",{defaultMessage:"Search filters have been updated to show alerts from selected rule execution"}),Et=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.actionSearchFiltersUpdatedRestoreButtonTitle",{defaultMessage:"Restore previous filters"}),vt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.actionFieldNotFoundErrorTitle",{defaultMessage:"Unable to filter alerts"}),xt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.actionFieldNotFoundErrorDescription",{defaultMessage:"Cannot find field 'kibana.alert.rule.execution.uuid' in alerts index."}),kt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.durationNotAvailableDescription",{defaultMessage:"N/A"}),St=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.durationGreaterThanYearDescription",{defaultMessage:"> 1 Year"}),wt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.fullMessage",{defaultMessage:"Full message"}),jt=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.expandRow",{defaultMessage:"Expand rows"}),Ot=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.expand",{defaultMessage:"Expand"}),It=i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.collapse",{defaultMessage:"Collapse"});var Tt=a(117),Ct=a(132),Mt=a(1109),Ft=a(1110);const Dt=e=>{const{duration:t,isSeconds:a=!1,allowZero:n=!0}=e,i=Object(s.useMemo)((()=>n&&t>=0?(e=>{if(!e)return"00:00:00:000";const t=_e.a.duration(e),a=Math.floor(t.asDays()).toString().padStart(3,"0"),n=Math.floor(t.asHours()%24).toString().padStart(2,"0"),i=Math.floor(t.asMinutes()%60).toString().padStart(2,"0"),r=t.seconds().toString().padStart(2,"0"),o=t.milliseconds().toString().padStart(3,"0");return Math.floor(t.asDays())>0?Math.floor(t.asDays())>=365?St:`${a}:${n}:${i}:${r}:${o}`:`${n}:${i}:${r}:${o}`})(a?1e3*t:t):kt),[n,t,a]);return l.a.createElement("span",{"data-test-subj":"rule-duration-format-value"},i)},At=l.a.memo(Dt);At.displayName="RuleDurationFormat";const _t=[{name:l.a.createElement(Ft.a,{title:Xe,tooltipContent:et}),field:"security_status",render:e=>l.a.createElement(De.c,{status:e,showTooltip:!0}),sortable:!1,truncateText:!1,width:"10%"},{field:"timestamp",name:l.a.createElement(Ft.a,{title:tt,tooltipContent:at}),render:e=>l.a.createElement(Ct.a,{value:e,fieldName:"timestamp"}),sortable:!0,truncateText:!1,width:"15%"},{field:"duration_ms",name:l.a.createElement(Ft.a,{title:nt,tooltipContent:it}),render:e=>l.a.createElement(l.a.Fragment,null,e?l.a.createElement(At,{duration:e}):Object(Tt.e)()),sortable:!0,truncateText:!1,width:"10%"}],Nt=e=>({field:"security_message",name:l.a.createElement(Ft.a,{title:rt,tooltipContent:ot}),render:(e,t)=>"succeeded"===t.security_status?e:l.a.createElement(Rt,null,e),sortable:!1,width:e});var Rt=p()("div").withConfig({displayName:"_StyledDiv",componentId:"sc-okzjc9-0"})(["display:-webkit-box;-webkit-line-clamp:3;-webkit-box-orient:vertical;overflow:hidden;"]),qt=a(283);const Pt={status:"kibana.alert.rule.execution.status",timestamp:"@timestamp",duration:"event.duration",message:"message",gapDuration:"kibana.alert.rule.execution.metrics.execution_gap_duration_s",indexDuration:"kibana.alert.rule.execution.metrics.total_indexing_duration_ms",searchDuration:"kibana.alert.rule.execution.metrics.total_search_duration_ms",totalActions:"kibana.alert.rule.execution.metrics.number_of_triggered_actions",schedulingDelay:"kibana.task.schedule_delay"},Lt=[qt.f.succeeded,qt.f.failed,qt.f["partial failure"]],Bt=l.a.memo((({onlyShowFilters:e,selectedStatuses:t,onStatusFilterChange:a,onSearch:i})=>{const r=Object(s.useCallback)((e=>{i((e=>Object.entries(Pt).reduce(((e,[t,a])=>Object(M.replace)(e,t,a)),e))(e))}),[i]);return l.a.createElement(n.EuiFlexGroup,{gutterSize:"s"},l.a.createElement(n.EuiFlexItem,{grow:!0},!e&&l.a.createElement(n.EuiFieldSearch,{"data-test-subj":"executionLogSearch","aria-label":Ze,placeholder:Ze,onSearch:r,isClearable:!0,fullWidth:!0})),l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(De.b,{items:Lt,selectedItems:t,onChange:a})))}));Bt.displayName="ExecutionLogSearchBar";const zt="kibana.alert.rule.execution.uuid",$t=p()(n.EuiSwitch).withConfig({displayName:"UtilitySwitch",componentId:"sc-z5yvfc-0"})(["margin-left:17px;"]),Vt=p()(n.EuiFlexItem).withConfig({displayName:"DatePickerEuiFlexItem",componentId:"sc-z5yvfc-1"})(["max-width:582px;"]),Gt=({ruleId:e,selectAlertsTab:t})=>{var a,r;const{docLinks:o,data:{query:{filterManager:c}},storage:d,timelines:p}=Object(S.j)().services,{[ni.executionResults]:{state:{superDatePicker:{recentlyUsedRanges:m,refreshInterval:g,isPaused:y,start:f,end:b},queryText:h,statusFilters:E,showMetricColumns:v,pagination:{pageIndex:w,pageSize:j},sort:{sortField:O,sortDirection:I}},actions:{setEnd:T,setIsPaused:C,setPageIndex:M,setPageSize:F,setQueryText:A,setRecentlyUsedRanges:_,setRefreshInterval:N,setShowMetricColumns:R,setSortDirection:q,setSortField:P,setStart:L,setStatusFilters:B}}}=(()=>{const e=Object(s.useContext)(Ue);return Object(Ge.a)(e,"useRuleDetailsContext should be used inside RuleDetailsContextProvider"),e})(),{indexPattern:z}=Object(Ce.d)(Me.SourcererScopeName.detections),{addError:$,addSuccess:V,remove:G}=Object(ze.a)(),U=Object(u.useDispatch)(),H=Object(s.useMemo)((()=>$e.d.globalFiltersQuerySelector()),[]),W=Object(s.useMemo)((()=>$e.d.globalQuerySelector()),[]),Q=Object(k.a)($e.d.globalTimeRangeSelector),Y=Object(k.a)(W),K=Object(k.a)(H),Z=Object(s.useRef)({filters:K,query:Y,timerange:Q}),J=Object(s.useRef)(""),X=Object(s.useCallback)((()=>{Object(Ve.a)(Z.current.timerange)?U(Object(oe.setAbsoluteRangeDatePicker)({id:x.a.global,from:Z.current.timerange.from,to:Z.current.timerange.to})):Object(Ve.b)(Z.current.timerange)&&U(Object(oe.setRelativeRangeDatePicker)({id:x.a.global,from:Z.current.timerange.from,fromStr:Z.current.timerange.fromStr,to:Z.current.timerange.to,toStr:Z.current.timerange.toStr})),U(Object(oe.setFilterQuery)({id:x.a.global,query:Z.current.query.query,language:Z.current.query.language})),c.removeAll(),c.addFilters(Z.current.filters),G(J.current)}),[U,c,G]),{data:ee,dataUpdatedAt:te,isFetching:ae,isLoading:ne,refetch:ie}=Object(De.d)({ruleId:e,start:f,end:b,queryText:h,statusFilters:E,page:w,perPage:j,sortField:O,sortOrder:I}),re=null!==(a=null==ee?void 0:ee.events)&&void 0!==a?a:[],le=null!==(r=null==ee?void 0:ee.total)&&void 0!==r?r:0,ce=Object(s.useMemo)((()=>z.fields.find((e=>e.name===zt))),[z]),ue=Object(s.useCallback)((({page:e={},sort:t={}})=>{const{index:a,size:n}=e,{field:i,direction:r}=t;M(a+1),F(n),P(i),q(r)}),[M,F,q,P]),de=Object(s.useCallback)((e=>{const t=m.filter((t=>!(t.start===e.start&&t.end===e.end)));t.unshift({start:e.start,end:e.end}),L(e.start),T(e.end),_(t.length>10?t.slice(0,9):t)}),[m,T,_,L]),pe=Object(s.useCallback)((e=>{C(e.isPaused),N(e.refreshInterval>6e4?e.refreshInterval:6e4)}),[C,N]),me=Object(s.useCallback)((e=>{ie()}),[ie]),ge=Object(s.useCallback)((e=>{A(e)}),[A]),ye=Object(s.useCallback)((e=>{B(e)}),[B]),fe=Object(s.useCallback)(((e,a)=>{if(null!=ce){Z.current={filters:K,query:Y,timerange:Q};const r=Object(Ne.buildFilter)(z,ce,Ne.FILTERS.PHRASE,!1,!1,e,null);U(Object(oe.setAbsoluteRangeDatePicker)({id:x.a.global,from:_e()(a).subtract(1,"days").toISOString(),to:_e()(a).add(1,"days").toISOString()})),c.removeAll(),c.addFilters(r),U(Object(oe.setFilterQuery)({id:x.a.global,query:"",language:"kuery"})),t(),J.current=V({title:bt,text:(i=l.a.createElement(l.a.Fragment,null,l.a.createElement("p",null,ht),l.a.createElement(n.EuiFlexGroup,{justifyContent:"flexEnd",gutterSize:"s"},l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(n.EuiButton,{size:"s",onClick:X},Et)))),e=>(Object(qe.render)(Object(Le.jsx)(Pe.I18nProvider,null,i),e),()=>Object(qe.unmountComponentAtNode)(e)))},{toastLifeTimeMs:6e5}).id}else $(xt,{title:vt});var i}),[$,V,U,c,K,z,Y,X,t,Q,ce]),be=Object(s.useCallback)((e=>{d.set(se.oc,e),R(e)}),[R,d]),he=Object(s.useMemo)((()=>({pageIndex:w-1,pageSize:j,totalItemCount:le>Re?Re:le,pageSizeOptions:[5,10,25,50]})),[le,w,j]),Ee=Object(s.useMemo)((()=>({sort:{field:O,direction:I}})),[I,O]),ve=Object(s.useMemo)((()=>[{field:zt,name:yt,width:"64px",actions:[{name:"Edit",isPrimary:!0,field:"",description:ft,icon:"filter",type:"icon",onClick:e=>{null!=e&&e.execution_uuid&&fe(e.execution_uuid,e.timestamp)},"data-test-subj":"action-filter-by-execution-id"}]}]),[fe]),xe=Object(s.useCallback)((e=>`${e.execution_uuid}`),[]),ke=Object(s.useCallback)((e=>l.a.createElement(n.EuiDescriptionList,{className:"eui-fullWidth",listItems:[{title:wt,description:l.a.createElement(Qe.a,{text:e.security_message})}]})),[]),Se=Object(We.a)({getItemId:xe,renderItem:ke}),we=Object(s.useMemo)((()=>{const e=[..._t];return v?e.push(Nt("20%"),...(e=>[{field:"gap_duration_s",name:l.a.createElement(Ft.a,{title:st,customTooltip:l.a.createElement("div",{style:{maxWidth:"20px"}},l.a.createElement(Mt.a,{columnName:st},l.a.createElement(n.EuiText,{size:"s",style:{width:350}},l.a.createElement("p",null,l.a.createElement(Pe.FormattedMessage,{defaultMessage:"Duration of gap in Rule execution (hh:mm:ss:SSS). Adjust Rule look-back or {seeDocs} for mitigating gaps.",id:"xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.gapDurationColumnTooltip",values:{seeDocs:l.a.createElement(n.EuiLink,{href:`${e.links.siem.troubleshootGaps}`,target:"_blank"},lt)}})))))}),render:e=>l.a.createElement(l.a.Fragment,null,e?l.a.createElement(At,{duration:e,isSeconds:!0}):Object(Tt.e)()),sortable:!0,truncateText:!1,width:"10%"},{field:"indexing_duration_ms",name:l.a.createElement(Ft.a,{title:ct,tooltipContent:ut}),render:e=>l.a.createElement(l.a.Fragment,null,e?l.a.createElement(At,{duration:e}):Object(Tt.e)()),sortable:!0,truncateText:!1,width:"10%"},{field:"search_duration_ms",name:l.a.createElement(Ft.a,{title:dt,tooltipContent:pt}),render:e=>l.a.createElement(l.a.Fragment,null,e?l.a.createElement(At,{duration:e}):Object(Tt.e)()),sortable:!0,truncateText:!1,width:"10%"},{field:"schedule_delay_ms",name:l.a.createElement(Ft.a,{title:mt,tooltipContent:gt}),render:e=>l.a.createElement(l.a.Fragment,null,e?l.a.createElement(At,{duration:e}):Object(Tt.e)()),sortable:!0,truncateText:!1,width:"10%"}])(o)):e.push(Nt("50%")),e.push(...ve,(({toggleRowExpanded:e,isRowExpanded:t})=>({align:n.RIGHT_ALIGNMENT,width:"40px",isExpander:!0,name:l.a.createElement(n.EuiScreenReaderOnly,null,l.a.createElement("span",null,jt)),render:a=>"succeeded"===a.security_status?null:l.a.createElement(n.EuiButtonIcon,{onClick:()=>e(a),"aria-label":t(a)?It:Ot,iconType:t(a)?"arrowUp":"arrowDown"})}))({toggleRowExpanded:Se.toggleRowExpanded,isRowExpanded:Se.isRowExpanded})),e}),[ve,o,v,Se.toggleRowExpanded,Se.isRowExpanded]);return l.a.createElement(n.EuiPanel,{hasBorder:!0},l.a.createElement(n.EuiFlexGroup,{gutterSize:"s"},l.a.createElement(n.EuiFlexItem,{grow:!0},l.a.createElement(D.a,{title:Ye,subtitle:Ke})),l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(Bt,{onlyShowFilters:!0,selectedStatuses:E,onStatusFilterChange:ye,onSearch:ge})),l.a.createElement(Vt,null,l.a.createElement(n.EuiSuperDatePicker,{start:f,end:b,onTimeChange:de,onRefresh:me,isPaused:y,isLoading:ae,refreshInterval:g,onRefreshChange:pe,recentlyUsedRanges:m,width:"full"}))),l.a.createElement(n.EuiSpacer,{size:"s"}),l.a.createElement(Be.a,null,l.a.createElement(Be.d,null,l.a.createElement(Be.c,null,l.a.createElement(Be.e,{dataTestSubj:"executionsShowing"},(je=le>Re?Re:le,i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.totalExecutionsLabel",{values:{totalItems:je},defaultMessage:"Showing {totalItems} {totalItems, plural, =1 {rule execution} other {rule executions}}"})))),le>Re&&l.a.createElement(Be.c,{grow:!0},l.a.createElement(Be.e,{dataTestSubj:"exceptionsShowing",shouldWrap:!0},l.a.createElement(n.EuiTextColor,{color:"danger"},((e,t)=>i.i18n.translate("xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.searchLimitExceededLabel",{values:{totalItems:e,maxItems:1e3},defaultMessage:"More than {totalItems} rule executions match filters provided. Showing first {maxItems} by most recent '@timestamp'. Constrain filters further to view additional execution events."}))(le))))),l.a.createElement(Be.d,null,l.a.createElement(Be.c,null,l.a.createElement(Be.e,{dataTestSubj:"lastUpdated"},p.getLastUpdated({showUpdating:ne||ae,updatedAt:te})),l.a.createElement($t,{label:Je,checked:v,compressed:!0,onChange:e=>be(e.target.checked)})))),l.a.createElement(n.EuiBasicTable,{columns:we,items:re,loading:ae,sorting:Ee,pagination:he,onChange:ue,itemId:xe,itemIdToExpandedRowMap:Se.itemIdToExpandedRowMap,isExpandable:!0}));var je},Ut=l.a.memo(Gt);Ut.displayName="ExecutionLogTable";var Ht=a(586),Wt=a(741),Qt=a(862),Yt=a(955),Kt=a(696),Zt=a(282),Jt=a(1112),Xt=a(1377),ea=a(335),ta=a(214),aa=a(156),na=a(210);const ia=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.noSearchResultsPromptTitle",{defaultMessage:"No results match your search criteria"}),ra=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.noSearchResultsPromptBody",{defaultMessage:"Try modifying your search."}),oa=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.addExceptionsEmptyPromptTitle",{defaultMessage:"Add exceptions to this rule"}),sa=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.emptyPromptBody",{defaultMessage:"There are no exceptions for this rule. Create your first rule exception."}),la=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.endpoint.emptyPromptBody",{defaultMessage:"There are no endpoint exceptions. Create your first endpoint exception."}),ca=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.emptyPromptButtonLabel",{defaultMessage:"Add rule exception"}),ua=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.endpoint.emptyPromptButtonLabel",{defaultMessage:"Add endpoint exception"}),da=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.exceptionItemsFetchError",{defaultMessage:"Unable to load exception items"}),pa=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.exceptionItemsFetchErrorDescription",{defaultMessage:"There was an error loading the exception items. Contact your administrator for help."}),ma=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.exceptionItemSearchErrorTitle",{defaultMessage:"Error searching"}),ga=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.exceptionItemSearchErrorBody",{defaultMessage:"An error occurred searching for exception items. Please try again."}),ya=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.exceptionDeleteErrorTitle",{defaultMessage:"Error deleting exception item"}),fa=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.paginationAriaLabel",{defaultMessage:"Exception item table pagination"}),ba=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.exceptionItemDeleteSuccessTitle",{defaultMessage:"Exception deleted"}),ha=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.exceptionEndpointDetailsDescription",{defaultMessage:"Endpoint exceptions are added to both the detection rule and the Elastic Endpoint agent on your hosts."}),Ea=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.exceptionDetectionDetailsDescription",{defaultMessage:"Rule exceptions are added to the detection rule."}),va=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.searchPlaceholder",{defaultMessage:'Filter exceptions using simple query syntax, for example, name:"my list"'}),xa=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.addToEndpointListLabel",{defaultMessage:"Add endpoint exception"}),ka=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.addToDetectionsListLabel",{defaultMessage:"Add rule exception"}),Sa=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.activeDetectionsLabel",{defaultMessage:"Active exceptions"}),wa=i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.expiredDetectionsLabel",{defaultMessage:"Expired exceptions"}),ja={strict:!0,fields:{created_by:{type:"string"},description:{type:"string"},id:{type:"string"},item_id:{type:"string"},list_id:{type:"string"},name:{type:"string"},os_types:{type:"string"},tags:{type:"string"}}},Oa=({canAddException:e,isEndpoint:t,isSearching:a,onSearch:i,onAddExceptionClick:r})=>{const o=Object(s.useCallback)((({queryText:e})=>{i({search:e})}),[i]),c=Object(s.useCallback)((()=>{r()}),[r]),u=Object(s.useMemo)((()=>t?xa:ka),[t]);return l.a.createElement(n.EuiFlexGroup,{alignItems:"center"},l.a.createElement(n.EuiFlexItem,{grow:!0},l.a.createElement(n.EuiSearchBar,{box:{placeholder:va,incremental:!0,schema:ja,"data-test-subj":"exceptionsViewerSearchBar"},filters:[],onChange:o})),!e&&l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(n.EuiButton,{"data-test-subj":"exceptionsHeaderAddExceptionBtn",onClick:c,isDisabled:a,fill:!0},u)))};Oa.displayName="ExceptionsViewerSearchBarComponent";const Ia=l.a.memo(Oa);Ia.displayName="ExceptionsViewerSearchBar";const Ta=({pagination:e,onPaginationChange:t})=>{var a;const i=Object(s.useCallback)((a=>{t({pagination:{page:e.pageIndex,perPage:a}})}),[t,e.pageIndex]),r=Object(s.useCallback)((a=>{t({pagination:{page:a,perPage:e.pageSize}})}),[t,e.pageSize]);return l.a.createElement(n.EuiTablePagination,{"aria-label":fa,pageCount:null!==(a=Math.ceil(e.totalItemCount/e.pageSize))&&void 0!==a?a:0,activePage:e.pageIndex,onChangePage:r,itemsPerPage:e.pageSize,onChangeItemsPerPage:i,itemsPerPageOptions:e.pageSizeOptions,"data-test-subj":"allExceptionItemsPagination"})};Ta.displayName="ExceptionsViewerPaginationComponent";const Ca=l.a.memo(Ta);Ca.displayName="ExceptionsViewerPagination";const Ma=p.a.span.withConfig({displayName:"StyledText",componentId:"sc-1co6joy-0"})(["font-weight:bold;"]),Fa=p.a.div.withConfig({displayName:"MyUtilities",componentId:"sc-1co6joy-1"})(["height:50px;"]),Da=p()(n.EuiFlexGroup).withConfig({displayName:"StyledBarGroup",componentId:"sc-1co6joy-2"})(["align-items:center;"]),Aa=p()(Be.e).withConfig({displayName:"PaginationUtilityBarText",componentId:"sc-1co6joy-3"})(["align-self:center;"]),_a=({pagination:e,lastUpdated:t,exceptionsToShow:a,onChangeExceptionsToShow:i,isEndpoint:r})=>l.a.createElement(Fa,null,l.a.createElement(Be.a,null,l.a.createElement(Be.d,null,l.a.createElement(Be.c,null,l.a.createElement(Aa,{dataTestSubj:"exceptionsShowing"},l.a.createElement(Pe.FormattedMessage,{id:"xpack.securitySolution.exceptions.viewer.paginationDetails",defaultMessage:"Showing {partOne} of {partTwo}",values:{partOne:l.a.createElement(Ma,null,`${0===e.totalItemCount?"0":"1"}-${Math.min(e.pageSize,e.totalItemCount)}`),partTwo:l.a.createElement(Ma,null,`${e.totalItemCount}`)}})))),l.a.createElement(Be.d,null,l.a.createElement(Da,null,l.a.createElement(Be.e,{dataTestSubj:"lastUpdated"},l.a.createElement(n.EuiText,{size:"s","data-test-subj":"exceptionsViewerLastUpdated"},l.a.createElement(Pe.FormattedMessage,{id:"xpack.securitySolution.exceptions.viewer.lastUpdated",defaultMessage:"Updated {updated}",values:{updated:l.a.createElement(Ct.b,{value:t})}}))),!r&&l.a.createElement(n.EuiButtonGroup,{legend:"Displayed exceptions button group",options:[{id:"active",label:Sa},{id:"expired",label:wa}],idToSelectedMap:a,onChange:i,type:"multi"})))));_a.displayName="ExceptionsViewerUtilityComponent";const Na=l.a.memo(_a);Na.displayName="ExceptionsViewerUtility";var Ra=a(281);const qa=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.editItemButton",{defaultMessage:"Edit rule exception"}),Pa=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.deleteItemButton",{defaultMessage:"Delete rule exception"}),La=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.endpoint.editItemButton",{defaultMessage:"Edit endpoint exception"}),Ba=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.endpoint.deleteItemButton",{defaultMessage:"Delete endpoint exception"}),za=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.createdLabel",{defaultMessage:"Created"}),$a=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.updatedLabel",{defaultMessage:"Updated"}),Va=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.expiresLabel",{defaultMessage:"Expires at"}),Ga=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.expiredLabel",{defaultMessage:"Expired at"}),Ua=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.metaDetailsBy",{defaultMessage:"by"}),Ha=e=>i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.showCommentsLabel",{values:{comments:e},defaultMessage:"Show {comments, plural, =1 {comment} other {comments}} ({comments})"}),Wa=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.matchOperator",{defaultMessage:"IS"}),Qa=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.matchOperator.not",{defaultMessage:"IS NOT"}),Ya=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.wildcardMatchesOperator",{defaultMessage:"MATCHES"}),Ka=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.wildcardDoesNotMatchOperator",{defaultMessage:"DOES NOT MATCH"}),Za=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.nestedOperator",{defaultMessage:"has"}),Ja=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.matchAnyOperator",{defaultMessage:"is one of"}),Xa=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.matchAnyOperator.not",{defaultMessage:"is not one of"}),en=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.existsOperator",{defaultMessage:"exists"}),tn=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.existsOperator.not",{defaultMessage:"does not exist"}),an=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.listOperator",{defaultMessage:"included in"}),nn=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.listOperator.not",{defaultMessage:"is not included in"}),rn=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.and",{defaultMessage:"AND"}),on=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.os",{defaultMessage:"OS"}),sn=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.windows",{defaultMessage:"Windows"}),ln=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.linux",{defaultMessage:"Linux"}),cn=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.conditions.macos",{defaultMessage:"Mac"}),un=i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.affectedList",{defaultMessage:"Affects shared list"}),dn=Object(s.memo)((({item:e,actions:t,disableActions:a=!1,dataTestSubj:i})=>{const[r,o]=Object(s.useState)(!1),c=()=>o(!1),u=Object(s.useMemo)((()=>t.map((e=>l.a.createElement(n.EuiContextMenuItem,{"data-test-subj":`${i}-actionItem-${e.key}`,key:e.key,icon:e.icon,onClick:()=>{c(),e.onClick()}},e.label)))),[i,t]);return l.a.createElement(n.EuiFlexGroup,{"data-test-subj":i,justifyContent:"spaceBetween"},l.a.createElement(n.EuiFlexItem,{grow:9},l.a.createElement(n.EuiTitle,{size:"xs",textTransform:"uppercase","data-test-subj":`${i}-title`},l.a.createElement("h3",null,e.name))),l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(n.EuiPopover,{button:l.a.createElement(n.EuiButtonIcon,{isDisabled:a,"aria-label":"Exception item actions menu",iconType:"boxesHorizontal",onClick:()=>o((e=>!e)),"data-test-subj":`${i}-actionButton`}),panelPaddingSize:"none",isOpen:r,closePopover:c,"data-test-subj":`${i}-items`},l.a.createElement(n.EuiContextMenuPanel,{size:"s",items:u}))))}));dn.displayName="ExceptionItemCardHeader";var pn=a(316);const mn=p.a.div.withConfig({displayName:"Container",componentId:"sc-14md3lb-0"})(["display:inline;margin-left:",";"],(({theme:e})=>`${e.eui.euiSizeXS}`)),gn=({value:e,tooltipIconType:t="iInCircle",tooltipIconText:a})=>{const{showSpaceWarningIcon:i,warningText:r}=(({value:e,tooltipIconText:t})=>({showSpaceWarningIcon:!!(Array.isArray(e)?e.find(pn.d):Object(pn.d)(e)),warningText:t||pn.c.FIELD_SPACE_WARNING}))({value:e,tooltipIconText:a});return i&&e?l.a.createElement(mn,null,l.a.createElement(n.EuiToolTip,{position:"top",content:r},l.a.createElement(n.EuiIcon,{"data-test-subj":"value_with_space_warning_tooltip",type:t,color:"warning"}))):null},yn=Object.freeze({linux:ln,mac:cn,macos:cn,windows:sn}),fn=Object.freeze({[m.d.NESTED]:Za,[m.d.MATCH_ANY]:Ja,[m.d.MATCH]:Wa,[m.d.WILDCARD]:Ya,[m.d.EXISTS]:en,[m.d.LIST]:an}),bn=Object.freeze({[m.d.MATCH_ANY]:Xa,[m.d.MATCH]:Qa,[m.d.WILDCARD]:Ka,[m.d.EXISTS]:tn,[m.d.LIST]:nn}),hn=p()(n.EuiFlexGroup).withConfig({displayName:"EuiFlexGroupNested",componentId:"sc-6hh4xv-0"})(["margin-left:",";"],(({theme:e})=>e.eui.euiSizeXL)),En=p()(n.EuiFlexItem).withConfig({displayName:"EuiFlexItemNested",componentId:"sc-6hh4xv-1"})(["margin-bottom:6px !important;margin-top:6px !important;"]),vn=p()("span").withConfig({displayName:"StyledCondition",componentId:"sc-6hh4xv-2"})(["margin-right:6px;"]),xn=p()(n.EuiPanel).withConfig({displayName:"StyledConditionContent",componentId:"sc-6hh4xv-3"})(["border:1px;border-color:#d3dae6;border-style:solid;"]),kn=Object(s.memo)((({os:e,entries:t,dataTestSubj:a})=>{const i=Object(s.useMemo)((()=>null!=e&&e.length>0?e.map((e=>{var t;return null!==(t=yn[e])&&void 0!==t?t:e})).join(", "):null),[e]),r=(e,t)=>"match_any"===e&&Array.isArray(t)?t.map((e=>l.a.createElement(n.EuiBadge,{color:"hollow"},e))):null!=t?t:"",o=(e,t)=>{var a,n;return"nested"===e?"":"included"===t?null!==(a=fn[e])&&void 0!==a?a:e:null!==(n=bn[e])&&void 0!==n?n:e},c=Object(s.useCallback)(((e,t)=>{if("nested"===e&&t.length)return t.map((e=>{const{field:t,type:i,operator:s}=e,c="value"in e?e.value:"";return l.a.createElement(hn,{"data-test-subj":`${a}-nestedCondition`,key:t+i+c,direction:"row",alignItems:"center",gutterSize:"m",responsive:!1},l.a.createElement(En,{grow:!1},l.a.createElement(n.EuiToken,{iconType:"tokenNested",size:"s"})),l.a.createElement(En,{grow:!1},l.a.createElement(n.EuiExpression,{description:"",value:t,color:"subdued"})),l.a.createElement(En,{grow:!1},l.a.createElement(n.EuiExpression,{description:o(i,s),value:r(i,c)})),l.a.createElement(gn,{value:c}))}))}),[a]),u=Object(s.useCallback)((e=>"list"===e.type?e.list.id:"value"in e?e.value:""),[]);return l.a.createElement(xn,{color:"subdued",hasBorder:!0,hasShadow:!1,"data-test-subj":a},null!=i&&l.a.createElement("div",{"data-test-subj":`${a}-os`},l.a.createElement("strong",null,l.a.createElement(n.EuiExpression,{description:"",value:on}),l.a.createElement(n.EuiExpression,{description:Wa,value:i}))),t.map(((e,t)=>{const{field:i,type:s}=e,d=u(e),p="entries"in e?e.entries:[],m="operator"in e?e.operator:"";return l.a.createElement("div",{"data-test-subj":`${a}-condition`,key:i+s+d+t},l.a.createElement("div",{className:"eui-xScroll"},l.a.createElement(n.EuiExpression,{description:0===t?"":l.a.createElement(vn,null,rn),value:i,color:0===t?"primary":"subdued"}),l.a.createElement(n.EuiExpression,{description:o(s,m),value:r(s,d)}),l.a.createElement(gn,{value:d})),null!=p&&c(s,p))})))}));kn.displayName="ExceptionItemCardConditions";var Sn=a(692);const wn=p()(n.EuiFlexItem).withConfig({displayName:"StyledFlexItem",componentId:"sc-1vvqq31-0"})(["border-right:1px solid #d3dae6;padding:4px 12px 4px 0;"]),jn=Object(s.memo)((({item:e,listAndReferences:t,dataTestSubj:a})=>{const[r,o]=Object(s.useState)(!1),[c,u]=Object(s.useState)(!1),d=()=>u((e=>!e)),p=()=>o((e=>!e)),g=()=>u(!1),y=()=>o(!1),f=Object(s.useMemo)((()=>!!e.expire_time&&new Date(e.expire_time)<=new Date),[e]),b=Object(s.useMemo)((()=>null==t?[]:t.referenced_rules.map((e=>l.a.createElement(n.EuiContextMenuItem,{"data-test-subj":`${a}-rulesAffected-${e.id}`,key:e.id},l.a.createElement(n.EuiToolTip,{content:e.name,anchorClassName:"eui-textTruncate"},l.a.createElement(Sn.f,{external:!0,referenceId:e.id,referenceName:e.name})))))),[t,a]),h=Object(s.useMemo)((()=>{var e,r;return null==t?l.a.createElement(l.a.Fragment,null):l.a.createElement(wn,{grow:!1},l.a.createElement(n.EuiPopover,{button:l.a.createElement(n.EuiButtonEmpty,{onClick:d,iconType:"list","data-test-subj":`${a}-affectedRulesButton`},(r=null!==(e=null==t?void 0:t.referenced_rules.length)&&void 0!==e?e:0,i.i18n.translate("xpack.securitySolution.ruleExceptions.exceptionItem.affectedRules",{values:{numRules:r},defaultMessage:"Affects {numRules} {numRules, plural, =1 {rule} other {rules}}"}))),panelPaddingSize:"none",isOpen:c,closePopover:g,"data-test-subj":`${a}-rulesPopover`,id:"rulesPopover"},l.a.createElement(n.EuiContextMenuPanel,{size:"s",items:b})))}),[t,a,c,b]),E=Object(s.useMemo)((()=>null==t?l.a.createElement(l.a.Fragment,null):t.type!==m.b.RULE_DEFAULT?l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(n.EuiPopover,{button:l.a.createElement(n.EuiButtonEmpty,{onClick:p,iconType:"list","data-test-subj":`${a}-affectedListsButton`},un),panelPaddingSize:"none",isOpen:r,closePopover:y,"data-test-subj":`${a}-listsPopover`,id:"listsPopover"},l.a.createElement(n.EuiContextMenuPanel,{size:"s",items:[l.a.createElement(n.EuiContextMenuItem,{"data-test-subj":`${a}-listsAffected-${t.id}`,key:t.id},l.a.createElement(n.EuiToolTip,{content:t.name,anchorClassName:"eui-textTruncate"},l.a.createElement(Sn.e,{dataTestSubj:"link-to-exception-list",linkTitle:t.name,listId:null==t?void 0:t.list_id,external:!0})))]}))):l.a.createElement(l.a.Fragment,null)),[t,a,r]);return l.a.createElement(n.EuiFlexGroup,{alignItems:"center",responsive:!1,gutterSize:"s","data-test-subj":a},l.a.createElement(wn,{grow:!1},l.a.createElement(On,{fieldName:"created_by",label:za,value1:l.a.createElement(Ct.a,{fieldName:"created_at",value:e.created_at}),value2:e.created_by,dataTestSubj:`${a}-createdBy`})),l.a.createElement(wn,{grow:!1},l.a.createElement(On,{fieldName:"updated_by",label:$a,value1:l.a.createElement(Ct.a,{fieldName:"updated_at",value:e.updated_at}),value2:e.updated_by,dataTestSubj:`${a}-updatedBy`})),null!=e.expire_time&&l.a.createElement(l.a.Fragment,null,l.a.createElement(wn,{grow:!1},l.a.createElement(On,{fieldName:"expire_time",label:f?Ga:Va,value1:l.a.createElement(Ct.a,{fieldName:"expire_time",value:e.expire_time}),dataTestSubj:`${a}-expireTime`}))),null!=t&&l.a.createElement(l.a.Fragment,null,h,E))}));jn.displayName="ExceptionItemCardMetaInfo";const On=Object(s.memo)((({label:e,value1:t,value2:a,dataTestSubj:i})=>l.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s",wrap:!1,responsive:!1},l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(n.EuiText,{size:"xs",style:{fontFamily:"Inter"}},e)),l.a.createElement(n.EuiFlexItem,{grow:!1,"data-test-subj":`${i}-value1`},l.a.createElement(n.EuiBadge,{color:"default",style:{fontFamily:"Inter"}},t)),null!=a&&l.a.createElement(l.a.Fragment,null,l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(n.EuiText,{size:"xs",style:{fontFamily:"Inter"}},Ua)),l.a.createElement(n.EuiFlexItem,{grow:!1,"data-test-subj":`${i}-value2`},l.a.createElement(n.EuiFlexGroup,{responsive:!1,gutterSize:"xs",alignItems:"center",wrap:!1},l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(n.EuiBadge,{color:"hollow",style:{fontFamily:"Inter"}},a))))))));On.displayName="MetaInfoDetails";const In=Object(s.memo)((({comments:e})=>{const{euiTheme:t}=Object(n.useEuiTheme)();return l.a.createElement(n.EuiFlexItem,null,l.a.createElement(n.EuiAccordion,{id:"exceptionItemCardComments",buttonContent:l.a.createElement(n.EuiText,{size:"s",style:{color:t.colors.primary}},Ha(e.length)),arrowDisplay:"none","data-test-subj":"exceptionsViewerCommentAccordion"},l.a.createElement(n.EuiPanel,{hasBorder:!1,hasShadow:!1,paddingSize:"m"},l.a.createElement(n.EuiCommentList,{comments:e}))))}));In.displayName="ExceptionItemCardComments";const Tn=({disableActions:e,exceptionItem:t,isEndpoint:a,listAndReferences:i,onDeleteException:r,onEditException:o,dataTestSubj:c})=>{const u=Object(s.useCallback)((()=>{r({id:t.id,name:t.name,namespaceType:t.namespace_type})}),[r,t.id,t.name,t.namespace_type]),d=Object(s.useCallback)((()=>{o(t)}),[o,t]),p=Object(s.useMemo)((()=>Object(Ra.j)(t.comments)),[t.comments]);return l.a.createElement(n.EuiPanel,{paddingSize:"l","data-test-subj":c,hasBorder:!0,hasShadow:!1},l.a.createElement(n.EuiFlexGroup,{gutterSize:"m",direction:"column"},l.a.createElement(n.EuiFlexItem,{"data-test-subj":`${c}-header`},l.a.createElement(dn,{item:t,actions:[{key:"edit",icon:"controlsHorizontal",label:a?La:qa,onClick:d},{key:"delete",icon:"trash",label:a?Ba:Pa,onClick:u}],disableActions:e,dataTestSubj:"exceptionItemCardHeader"})),l.a.createElement(n.EuiFlexItem,{"data-test-subj":`${c}-meta`},l.a.createElement(jn,{item:t,listAndReferences:i,dataTestSubj:"exceptionItemCardMetaInfo"})),l.a.createElement(n.EuiFlexItem,null,l.a.createElement(kn,{os:t.os_types,entries:t.entries,dataTestSubj:"exceptionItemCardConditions"})),p.length>0&&l.a.createElement(In,{comments:p})))};Tn.displayName="ExceptionItemCardComponent";const Cn=l.a.memo(Tn);Cn.displayName="ExceptionItemCard";var Mn=a(1378),Fn=a.n(Mn);const Dn=({isReadOnly:e,isEndpoint:t,currentState:a,onCreateExceptionListItem:i})=>{const{euiTheme:r}=Object(n.useEuiTheme)(),o=Object(s.useMemo)((()=>{switch(a){case"error":return l.a.createElement(n.EuiEmptyPrompt,{color:"danger",iconType:"error",title:l.a.createElement("h2",null,da),body:l.a.createElement("p",null,pa),"data-test-subj":"exceptionItemViewerEmptyPrompts-error"});case"empty":return l.a.createElement(n.EuiEmptyPrompt,{color:"subdued",iconType:"plusInCircle",iconColor:r.colors.darkestShade,title:l.a.createElement("h2",{"data-test-subj":"exceptionsEmptyPromptTitle"},oa),body:l.a.createElement("p",{"data-test-subj":"exceptionsEmptyPromptBody"},t?la:sa),actions:[l.a.createElement(n.EuiButton,{"data-test-subj":"exceptionsEmptyPromptButton",onClick:i,iconType:"plusInCircle",color:"primary",isDisabled:e,fill:!0},t?ua:ca)],"data-test-subj":"exceptionItemViewerEmptyPrompts-empty"});case"empty_search":return l.a.createElement(n.EuiEmptyPrompt,{color:"plain",layout:"horizontal",hasBorder:!0,hasShadow:!1,icon:l.a.createElement(n.EuiImage,{size:"fullWidth",alt:"",url:Fn.a}),title:l.a.createElement("h3",null,ia),body:l.a.createElement("p",null,ra),"data-test-subj":"exceptionItemViewerEmptyPrompts-emptySearch"});default:return l.a.createElement(n.EuiSkeletonText,{lines:4,"data-test-subj":"exceptionItemViewerEmptyPrompts-loading"})}}),[a,r.colors.darkestShade,e,t,i]);return l.a.createElement(n.EuiPanel,{hasShadow:!1,hasBorder:!1,color:"empty_search"===a?"subdued":"transparent",style:{margin:`${r.size.l} 0`,padding:`${r.size.l} 0`}},o)},An=l.a.memo(Dn);An.displayName="ExeptionItemsViewerEmptyPrompts";const _n=p()(n.EuiFlexItem).withConfig({displayName:"MyFlexItem",componentId:"sc-1rc5djy-0"})(["margin:",";&:first-child{margin:",";}"],(({theme:e})=>`${e.eui.euiSize} 0`),(({theme:e})=>`${e.eui.euiSizeXS} 0 ${e.eui.euiSize}`)),Nn=({isReadOnly:e,exceptions:t,isEndpoint:a,disableActions:i,ruleReferences:r,viewerState:o,onCreateExceptionListItem:s,onDeleteException:c,onEditExceptionItem:u})=>l.a.createElement(l.a.Fragment,null,null!=o&&"deleting"!==o?l.a.createElement(An,{isReadOnly:e,isEndpoint:a,currentState:o,onCreateExceptionListItem:s}):l.a.createElement(n.EuiFlexGroup,{direction:"column",className:"eui-yScrollWithShadows"},l.a.createElement(n.EuiFlexItem,{grow:!1,className:"eui-yScrollWithShadows"},l.a.createElement(n.EuiFlexGroup,{"data-test-subj":"exceptionsContainer",gutterSize:"none",direction:"column"},t.map((e=>l.a.createElement(_n,{"data-test-subj":"exceptionItemContainer",grow:!1,key:e.id},l.a.createElement(Cn,{disableActions:i,exceptionItem:e,isEndpoint:a,listAndReferences:null!=r?r[e.list_id]:null,onDeleteException:c,onEditException:u,dataTestSubj:"exceptionItemsViewerItem"}))))))));Nn.displayName="ExceptionItemsViewerComponent";const Rn=l.a.memo(Nn);Rn.displayName="ExceptionsViewerItems";var qn=a(598),Pn=a(418),Ln=a(807);const Bn=p()(n.EuiText).withConfig({displayName:"StyledText",componentId:"sc-h4xwnx-0"})(["font-style:italic;"]),zn=["error"],$n=["loading","empty_search","empty","error","searching"],Vn={pagination:{pageIndex:0,pageSize:25,totalItemCount:0,pageSizeOptions:[5,10,25,50,100,200,300]},exceptions:[],exceptionToEdit:null,currenFlyout:null,viewerState:"loading",isReadOnly:!0,lastUpdated:Date.now(),exceptionsToShow:{active:!0}},Gn=({rule:e,listTypes:t,isViewReadOnly:a,onRuleChange:r})=>{const{services:o}=Object(S.j)(),c=Object(S.n)(),[{canUserCRUD:u,hasIndexWrite:d}]=Object(Y.b)(),p=Object(s.useMemo)((()=>null!=e&&null!=e.exceptions_list?e.exceptions_list.filter((({type:e})=>t.includes(e))):[]),[t,e]),g=Object(s.useMemo)((()=>p.map((({id:e,list_id:t,namespace_type:a})=>({id:e,listId:t,namespaceType:a})))),[p]),y=Object(s.useMemo)((()=>1===t.length&&t[0]===m.b.ENDPOINT),[t]),[{exceptions:f,pagination:b,currenFlyout:h,exceptionToEdit:E,viewerState:v,isReadOnly:x,lastUpdated:k,exceptionsToShow:w},j]=Object(s.useReducer)(((e,t)=>{switch(t.type){case"setExceptions":{var a;const{exceptions:n,pagination:i}=t;return{...e,pagination:{...e.pagination,pageIndex:i.page-1,pageSize:i.perPage,totalItemCount:null!==(a=i.total)&&void 0!==a?a:0},exceptions:n}}case"updateExceptionToEdit":{const{exception:a}=t;return{...e,exceptionToEdit:a}}case"updateFlyoutOpen":return{...e,currenFlyout:t.flyoutType};case"setViewerState":return{...e,viewerState:t.state};case"setIsReadOnly":return{...e,isReadOnly:t.readOnly};case"setLastUpdateTime":return{...e,lastUpdated:t.lastUpdate};case"setExceptionsToShow":{const a={...e.exceptionsToShow,[t.optionId]:!e.exceptionsToShow[t.optionId]};return a.active||a.expired?{...e,exceptionsToShow:a}:{...e,exceptionsToShow:{active:!0}}}default:return e}}),{...Vn}),O=Object(s.useCallback)((e=>{j({type:"setLastUpdateTime",lastUpdate:e})}),[j]),I=Object(s.useCallback)((({exceptions:e,pagination:t})=>{O(Date.now()),j({type:"setExceptions",exceptions:e,pagination:t})}),[j,O]),T=Object(s.useCallback)((e=>{j({type:"setViewerState",state:e})}),[j]),C=Object(s.useCallback)((e=>{j({type:"updateFlyoutOpen",flyoutType:e})}),[j]),M=Object(s.useCallback)((e=>{j({type:"setIsReadOnly",readOnly:e})}),[j]),F=Object(s.useCallback)((e=>{j({type:"setExceptionsToShow",optionId:e})}),[j]),[D,A,_,N]=Object(Ln.a)();Object(s.useEffect)((()=>{null!=N&&g.length&&N(g)}),[g,N]),Object(s.useEffect)((()=>{A?T("error"):null==v&&D?T("loading"):"loading"!==v||D||T(null)}),[D,A,T,v]);const R=Object(s.useMemo)((()=>p.map((e=>e.namespace_type))),[p]),q=Object(s.useMemo)((()=>{if(y||w.active&&w.expired)return;const e=Object(na.m)({namespaceType:R});return w.active?Object(na.d)(e):w.expired?Object(na.e)(e):void 0}),[w,R,y]),P=Object(s.useCallback)((async e=>{var t;const a=new AbortController,n=null!=(null==e?void 0:e.pagination)?{page:(null!==(t=e.pagination.page)&&void 0!==t?t:0)+1,perPage:e.pagination.perPage}:{page:b.pageIndex+1,perPage:b.pageSize};if(0===p.length)return{data:[],pageIndex:b.pageIndex,itemsPerPage:b.pageSize,total:0};const{page:i,per_page:r,total:s,data:l}=await Object(aa.m)({filter:q,http:o.http,listIds:p.map((e=>e.list_id)),namespaceTypes:R,search:null==e?void 0:e.search,pagination:n,signal:a.signal});return{data:l.map((e=>Object(ta.b)(e))),pageIndex:i,itemsPerPage:r,total:s}}),[b.pageIndex,b.pageSize,p,o.http,q,R]),L=Object(s.useCallback)((async()=>{const e=new AbortController;if(0===p.length)return 0;const{total:t}=await Object(aa.m)({filter:void 0,http:o.http,listIds:p.map((e=>e.list_id)),namespaceTypes:R,pagination:{},signal:e.signal});return t}),[p,R,o.http]),B=Object(s.useCallback)((async e=>{try{const{pageIndex:t,itemsPerPage:a,total:n,data:i}=await P(e);T(n>0?null:"empty"),I({exceptions:i,pagination:{page:t,perPage:a,total:n}}),T(n>0?null:await L()>0?"empty_search":"empty")}catch(e){T("error"),c.addError(e,{title:da,toastMessage:pa})}}),[P,I,T,c,L]),z=Object(s.useCallback)((async e=>{try{T("searching");const{pageIndex:t,itemsPerPage:a,total:n,data:i}=await P(e);T(n>0?null:"empty_search"),I({exceptions:i,pagination:{page:t,perPage:a,total:n}})}catch(e){c.addError(e,{title:ma,toastMessage:ga})}}),[P,I,T,c]),$=Object(s.useCallback)((e=>{F(e)}),[F]),V=Object(s.useCallback)((()=>{C("addException")}),[C]),G=Object(s.useCallback)((e=>{j({type:"updateExceptionToEdit",exception:e}),C("editException")}),[C]),U=Object(s.useCallback)((e=>{C(null),e&&null!=r&&r()}),[r,C]),H=Object(s.useCallback)((e=>{C(null),e&&null!=r&&r(),B()}),[C,B,r]),W=Object(s.useCallback)((async({id:e,name:t,namespaceType:a})=>{const n=new AbortController;try{T("deleting"),await Object(aa.e)({http:o.http,id:e,namespaceType:a,signal:n.signal}),c.addSuccess({title:ba,text:(r=t,i.i18n.translate("xpack.securitySolution.ruleExceptions.allExceptionItems.exceptionItemDeleteSuccessText",{values:{itemName:r},defaultMessage:'"{itemName}" deleted successfully.'}))}),await B()}catch(e){T("error"),c.addError(e,{title:ya})}var r}),[B,o.http,T,c]);Object(s.useEffect)((()=>{M(a||!u||!d)}),[M,a,u,d]),Object(s.useEffect)((()=>{p.length>0?B():T("empty")}),[p.length,B,T]);const Q=Object(s.useMemo)((()=>null!=_&&null!=E?_[E.list_id]:null),[_,E]);return l.a.createElement(l.a.Fragment,null,"editException"===h&&null!=Q&&null!=E&&null!=e&&l.a.createElement(qn.a,{rule:e,list:Q,itemToEdit:E,showAlertCloseOptions:!0,onCancel:U,onConfirm:H,"data-test-subj":"editExceptionItemFlyout"}),"addException"===h&&null!=e&&l.a.createElement(Pn.a,{rules:[e],isBulkAction:!1,isEndpointItem:y,onCancel:U,onConfirm:H,"data-test-subj":"addExceptionItemFlyout",showAlertCloseOptions:!0}),l.a.createElement(n.EuiPanel,{hasBorder:!1,hasShadow:!1},l.a.createElement(l.a.Fragment,null,l.a.createElement(Bn,{size:"s"},y?ha:Ea),l.a.createElement(n.EuiSpacer,{size:"l"}),!zn.includes(v)&&l.a.createElement(l.a.Fragment,null,l.a.createElement(Na,{pagination:b,exceptionsToShow:w,onChangeExceptionsToShow:$,lastUpdated:k,isEndpoint:y}),l.a.createElement(n.EuiSpacer,{size:"m"}),l.a.createElement(Ia,{canAddException:x,isEndpoint:y,isSearching:"searching"===v,onSearch:z,onAddExceptionClick:V})),l.a.createElement(n.EuiSpacer,{size:"l"}),l.a.createElement(Rn,{isReadOnly:x,disableActions:x||"deleting"===v,exceptions:f,isEndpoint:y,ruleReferences:_,viewerState:v,onDeleteException:W,onEditExceptionItem:G,onCreateExceptionListItem:V}),!$n.includes(v)&&l.a.createElement(Ca,{onPaginationChange:B,pagination:b}))))};Gn.displayName="ExceptionsViewerComponent";const Un=l.a.memo(Gn);Un.displayName="ExceptionsViewer";var Hn=a(123);function Wn({ruleId:e,disabled:t=!1,disabledReason:a}){const{application:{navigateToApp:i}}=Object(S.j)().services,r=Object(s.useCallback)((t=>{t.preventDefault(),i(se.l,{deepLinkId:je.a.rules,path:Object(j.b)(e)})}),[i,e]);return l.a.createElement(n.EuiToolTip,{position:"top",content:a},l.a.createElement(Hn.l,{"data-test-subj":"editRuleSettingsLink",onClick:r,iconType:"controlsHorizontal",isDisabled:t,deepLinkId:je.a.rules,path:Object(j.b)(e)},be.Cb))}var Qn=a(1052),Yn=a(1113),Kn=a(1114),Zn=a(863),Jn=a(752),Xn=a(956),ei=a(213);const ti=p.a.div.withConfig({displayName:"StyledFullHeightContainer",componentId:"sc-fdhtli-0"})(["display:flex;flex-direction:column;flex:1 1 auto;"]),ai=p.a.div.withConfig({displayName:"StyledMinHeightTabContainer",componentId:"sc-fdhtli-1"})(["min-height:800px;"]);let ni;!function(e){e.alerts="alerts",e.exceptions="rule_exceptions",e.endpointExceptions="endpoint_exceptions",e.executionResults="execution_results",e.executionEvents="execution_events"}(ni||(ni={}));const ii={[ni.alerts]:Ht.a,[ni.exceptions]:Qt.e,[ni.endpointExceptions]:Qt.d,[ni.executionResults]:Qt.g,[ni.executionEvents]:Qt.f},ri=({clearEventsDeleted:e,clearEventsLoading:t,clearSelected:a})=>{var d,p,M,F,D,A,_;const{data:N,application:{navigateToApp:R,capabilities:{actions:q}},timelines:P,spaces:L}=Object(S.j)().services,B=Object(u.useDispatch)(),z=Object(s.useRef)(null),$=Object(s.useMemo)((()=>y.j.getTableByIdSelector()),[]),V=Object(k.b)((e=>{var t;return(null!==(t=$(e,y.e.alertsOnRuleDetailsPage))&&void 0!==t?t:y.q).graphEventId})),G=Object(k.b)((e=>{var t;return(null!==(t=$(e,y.e.alertsOnRuleDetailsPage))&&void 0!==t?t:y.q).updated})),H=Object(k.b)((e=>{var t;return(null!==(t=$(e,y.e.alertsOnRuleDetailsPage))&&void 0!==t?t:y.q).isLoading})),W=Object(s.useMemo)((()=>re.d.globalFiltersQuerySelector()),[]),le=Object(s.useMemo)((()=>re.d.globalQuerySelector()),[]),ce=Object(k.a)(le),de=Object(k.a)(W),{to:pe,from:ge}=Object(ie.a)(),[{loading:ye,isSignalIndexExists:fe,isAuthenticated:he,hasEncryptionKey:Ee,canUserCRUD:ve,hasIndexRead:Ae,signalIndexName:_e,hasIndexWrite:Ne,hasIndexMaintenance:Re}]=Object(Y.b)(),{loading:qe,needsConfiguration:Pe}=Object(T.a)(),{indexPattern:Le,runtimeMappings:Be,loading:ze}=Object(Ce.d)(Me.SourcererScopeName.detections),$e=ye||qe,{detailName:Ve}=Object(c.useParams)(),{rule:Ge,refresh:Ue,loading:We,isExistingRule:Qe}=Object(Zt.a)(Ve),{pollForSignalIndex:Ye}=Object(Xt.a)(),[Ke,Ze]=Object(s.useState)(null),Je=We&&null==Ke,{starting:Xe,startMlJobs:et}=Object(Qn.a)(),tt=Object(s.useCallback)((async()=>{await et(null==Ke?void 0:Ke.machine_learning_job_id)}),[Ke,et]),at=Object(s.useMemo)((()=>({[ni.alerts]:{id:ni.alerts,name:ii[ni.alerts],disabled:!1,href:`/rules/id/${Ve}/${ni.alerts}`},[ni.exceptions]:{id:ni.exceptions,name:ii[ni.exceptions],disabled:null==Ke,href:`/rules/id/${Ve}/${ni.exceptions}`},[ni.endpointExceptions]:{id:ni.endpointExceptions,name:ii[ni.endpointExceptions],disabled:null==Ke,href:`/rules/id/${Ve}/${ni.endpointExceptions}`},[ni.executionResults]:{id:ni.executionResults,name:ii[ni.executionResults],disabled:!Qe,href:`/rules/id/${Ve}/${ni.executionResults}`},[ni.executionEvents]:{id:ni.executionEvents,name:ii[ni.executionEvents],disabled:!Qe,href:`/rules/id/${Ve}/${ni.executionEvents}`}})),[Qe,Ke,Ve]),[nt,it]=Object(s.useState)(at),[rt,ot,st]=Object(ue.a)(),[lt,ct,ut]=Object(Zn.a)({onInit:ot,onFinish:st}),{aboutRuleData:dt,modifiedAboutRuleDetailsData:pt,defineRuleData:mt,scheduleRuleData:gt,ruleActionsData:yt}=null!=Ke?Object(ae.g)({rule:Ke,detailsView:!0}):{aboutRuleData:null,modifiedAboutRuleDetailsData:null,defineRuleData:null,scheduleRuleData:null,ruleActionsData:null},[ft,bt]=Object(s.useState)();Object(s.useEffect)((()=>{(async()=>{if(null!=(null==mt?void 0:mt.dataViewId)&&""!==(null==mt?void 0:mt.dataViewId)){const e=await N.dataViews.get(null==mt?void 0:mt.dataViewId);bt(e.title)}})()}),[N.dataViews,null==mt?void 0:mt.dataViewId]);const{indexPattern:ht}=Object(Xn.b)({dataSourceType:null!==(d=null==mt?void 0:mt.dataSourceType)&&void 0!==d?d:ei.a.IndexPatterns,index:null!==(p=null==mt?void 0:mt.index)&&void 0!==p?p:[],dataViewId:null==mt?void 0:mt.dataViewId}),{showBuildingBlockAlerts:Et,setShowBuildingBlockAlerts:vt,showOnlyThreatIndicatorAlerts:xt}=Object(h.a)(y.e.alertsOnRuleDetailsPage),kt=Object(ke.a)(),{globalFullScreen:St}=Object(Oe.a)(),[wt,jt]=Object(s.useState)(y.c),{isSavedQueryLoading:Ot,savedQueryBar:It}=Object(Wt.a)({savedQueryId:null==Ke?void 0:Ke.saved_id,ruleType:null==Ke?void 0:Ke.type}),Tt=Object(we.a)(kt)&&Object(Se.a)(kt),Ct=Object(s.useMemo)((()=>!(null!=(null==Ke?void 0:Ke.actions)&&(null==Ke?void 0:Ke.actions.length)>0&&Object(me.d)(q.show))||q.show),[q,null==Ke?void 0:Ke.actions]),Mt=Object(s.useCallback)((()=>{R(se.l,{deepLinkId:je.a.rules,path:Object(j.c)(null!=Ve?Ve:"","alerts","")})}),[R,Ve]);Object(s.useEffect)((()=>{null!=Ge&&Ze(Ge)}),[Ge]),Object(s.useEffect)((()=>{if(Ke){const e=Ke.outcome;if(L&&"aliasMatch"===e){const e=`rules/id/${Ke.id}${window.location.search}${window.location.hash}`;L.ui.redirectLegacyUrl({path:e,aliasPurpose:Ke.alias_purpose,objectNoun:i.i18n.translate("xpack.triggersActionsUI.sections.ruleDetails.redirectObjectNoun",{defaultMessage:"rule"})})}}}),[Ke,L]);const Ft=Object(s.useMemo)((()=>{if(null!=(null==Ke?void 0:Ke.alias_target_id)&&L&&"conflict"===Ke.outcome){const e=Ke.alias_target_id,t=`rules/id/${e}${window.location.search}${window.location.hash}`;return l.a.createElement(l.a.Fragment,null,l.a.createElement(n.EuiSpacer,null),L.ui.components.getLegacyUrlConflict({objectNoun:i.i18n.translate("xpack.triggersActionsUI.sections.ruleDetails.redirectObjectNoun",{defaultMessage:"rule"}),currentObjectId:Ke.id,otherObjectId:e,otherObjectPath:t}))}return null}),[Ke,L]),Dt=Object(De.e)();Object(s.useEffect)((()=>{const e=[];var t;(Ae||e.push(ni.alerts),Dt.extendedLogging.isEnabled||e.push(ni.executionEvents),null!=Ke)&&((null!==(t=Ke.exceptions_list)&&void 0!==t?t:[]).some((e=>e.type===m.b.ENDPOINT))||e.push(ni.endpointExceptions));const a=Object(o.omit)(e,at);it(a)}),[Ae,Ke,at,Dt]);const At=Object(s.useMemo)((()=>ze||H||$e),[ze,H,$e]),_t=Object(s.useMemo)((()=>l.a.createElement(l.a.Fragment,null,null==Ke?void 0:Ke.name," ",We&&l.a.createElement(n.EuiLoadingSpinner,{size:"m"}))),[Ke,We]),Nt=Object(s.useMemo)((()=>We||Qe?void 0:{text:Qt.a,color:"default"}),[Qe,We]),Rt=Object(s.useMemo)((()=>Ke?[l.a.createElement(ne.a,{createdBy:null==Ke?void 0:Ke.created_by,createdAt:null==Ke?void 0:Ke.created_at}),null!=(null==Ke?void 0:Ke.updated_by)?l.a.createElement(ne.b,{updatedBy:null==Ke?void 0:Ke.updated_by,updatedAt:null==Ke?void 0:Ke.updated_at}):""]:We?l.a.createElement(n.EuiLoadingSpinner,{size:"m"}):null),[Ke,We]),qt=Object(s.useCallback)((n=>{const i=y.e.alertsOnRuleDetailsPage;t({id:i}),e({id:i}),a({id:i}),jt(n)}),[t,e,a,jt]);Object(s.useEffect)((()=>{vt(null!=(null==Ke?void 0:Ke.building_block_type))}),[Ke,vt]);const Pt=Object(s.useMemo)((()=>{var e;return[...Object(X.c)(null!==(e=null==Ke?void 0:Ke.rule_id)&&void 0!==e?e:""),...Object(X.d)(Et),...Object(X.a)(wt),...Object(X.e)(xt)]}),[Ke,Et,xt,wt]),Lt=Object(s.useMemo)((()=>[...Pt,...de]),[Pt,de]),Bt=null==Ke||null===(M=Ke.execution_summary)||void 0===M?void 0:M.last_execution,zt=null==Bt?void 0:Bt.status,$t=null!==(F=null==Bt?void 0:Bt.date)&&void 0!==F?F:"",Vt=null!==(D=null==Bt?void 0:Bt.message)&&void 0!==D?D:"",Gt=Object(s.useMemo)((()=>l.a.createElement(l.a.Fragment,null,We?l.a.createElement(n.EuiFlexItem,null,l.a.createElement(n.EuiLoadingSpinner,{size:"m","data-test-subj":"rule-status-loader"})):l.a.createElement(Fe.a,{status:zt,date:$t},l.a.createElement(n.EuiButtonIcon,{"data-test-subj":"ruleLastExecutionStatusRefreshButton",color:"primary",onClick:Ue,iconType:"refresh","aria-label":be.dc,isDisabled:!Qe})),l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(Jn.a,{ruleId:Ve,showTooltipInline:!0})))),[Ve,zt,$t,We,Qe,Ue]),Ht=Object(s.useMemo)((()=>We?l.a.createElement(n.EuiFlexItem,null,l.a.createElement(n.EuiLoadingSpinner,{size:"m","data-test-subj":"rule-status-loader"})):l.a.createElement(Fe.c,{status:zt,date:$t,message:Vt})),[zt,$t,Vt,We]),ta=Object(s.useCallback)((({x:e})=>{if(!e)return;const[t,a]=e;B(Object(oe.setAbsoluteRangeDatePicker)({id:x.a.global,from:new Date(t).toISOString(),to:new Date(a).toISOString()}))}),[B]),aa=Object(s.useCallback)((e=>{Ze((t=>t?{...t,enabled:e}:t))}),[]),na=Object(s.useCallback)((()=>{Object(Te.j)(z.current)}),[z]),ia=Object(s.useCallback)((()=>{Object(Te.m)()}),[]),ra=Object(s.useCallback)((e=>{Object(g.isTab)(e)&&Object(Te.l)({containerElement:z.current,keyboardEvent:e,onSkipFocusBeforeEventsTable:na,onSkipFocusAfterEventsTable:ia})}),[z,na,ia]),oa=Object(s.useMemo)((()=>[wt]),[wt]),sa=Object(s.useMemo)((()=>P.getLastUpdated({updatedAt:G||Date.now(),showUpdating:At})),[G,At,P]),la=Object(s.useCallback)((e=>l.a.createElement(f.a,{configId:se.e.RULE_DETAILS,flyoutSize:"m",inputFilters:[...Lt,...e],tableId:y.e.alertsOnRuleDetailsPage,onRuleChange:Ue})),[Lt,Ue]),{isBulkDuplicateConfirmationVisible:ca,showBulkDuplicateConfirmation:ua,cancelRuleDuplication:da,confirmRuleDuplication:pa}=Object(Yn.a)();if(Object(ae.h)(fe,he,Ee,Pe))return R(se.l,{deepLinkId:je.a.alerts,path:Object(j.a)()}),null;const ma=null!=yt&&yt.actions.length>0,ga=null!=yt&&(yt.responseActions||[]).length>0,ya=ma||ga;return l.a.createElement(l.a.Fragment,null,l.a.createElement(Yt.a,null),l.a.createElement(Kt.a,null),ca&&l.a.createElement(Kn.a,{onCancel:da,onConfirm:pa,rulesCount:1}),rt&&l.a.createElement(n.EuiConfirmModal,{title:be.Vc,onCancel:ut,onConfirm:ct,confirmButtonText:be.wb,cancelButtonText:be.vb,buttonColor:"danger",defaultFocusedButton:"confirm","data-test-subj":"deleteRulesConfirmationModal"},Qt.b),l.a.createElement(ti,{onKeyDown:ra,ref:z},l.a.createElement(n.EuiWindowEvent,{event:"resize",handler:o.noop}),l.a.createElement(w.a,{show:Object(Te.n)({globalFullScreen:St,graphEventId:V})},l.a.createElement(O.a,{id:x.a.global,pollForSignalIndex:Ye,indexPattern:Le})),l.a.createElement(He,null,l.a.createElement(I.a,{noPadding:St},l.a.createElement(Ie.a,{show:!St},l.a.createElement(ea.a,{border:!0,subtitle:Rt,subtitle2:l.a.createElement(l.a.Fragment,null,l.a.createElement(n.EuiFlexGroup,{gutterSize:"xs",alignItems:"center",justifyContent:"flexStart"},l.a.createElement(n.EuiFlexItem,{grow:!1},Fe.d.STATUS,":"),Gt)),title:_t,badgeOptions:Nt},l.a.createElement(n.EuiFlexGroup,{alignItems:"center"},l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(n.EuiToolTip,{position:"top",content:Object(me.b)(Ke,Tt,Ct,ve)},l.a.createElement(n.EuiFlexGroup,null,l.a.createElement(ee.a,{id:null!==(A=null==Ke?void 0:Ke.id)&&void 0!==A?A:"-1",isDisabled:!Qe||!Object(me.a)(Ke,Ct)||!Object(me.c)(ve)||Object(E.d)(null==Ke?void 0:Ke.type)&&!Tt,enabled:Qe&&null!==(_=null==Ke?void 0:Ke.enabled)&&void 0!==_&&_,startMlJobsIfNeeded:tt,onChange:aa}),l.a.createElement(n.EuiFlexItem,null,Qt.c)))),l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s",responsive:!1},l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(Wn,{ruleId:Ve,disabled:!Qe||!Object(me.c)(ve)||Object(E.d)(null==Ke?void 0:Ke.type)&&!Tt,disabledReason:Object(me.b)(Ke,Tt,Ct,ve)})),l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(xe,{rule:Ke,userHasPermissions:Qe&&Object(me.c)(ve),canDuplicateRuleWithActions:Object(me.a)(Ke,Ct),showBulkDuplicateExceptionsConfirmation:ua,confirmDeletion:lt})))))),Ht,Ft,l.a.createElement(n.EuiSpacer,null),l.a.createElement(n.EuiFlexGroup,null,l.a.createElement(n.EuiFlexItem,{"data-test-subj":"aboutRule",component:"section",grow:1},l.a.createElement(U,{loading:Je,stepData:dt,stepDataDetails:pt})),l.a.createElement(n.EuiFlexItem,{grow:1},l.a.createElement(n.EuiFlexGroup,{direction:"column"},l.a.createElement(n.EuiFlexItem,{component:"section",grow:1,"data-test-subj":"defineRule"},l.a.createElement(te.a,{loading:Je||Ot,title:be.tb},null!=mt&&!Ot&&!Xe&&l.a.createElement(K.c,{addPadding:!1,descriptionColumns:"singleSplit",defaultValues:{dataViewTitle:ft,...mt,queryBar:null!=It?It:mt.queryBar},indexPattern:ht}))),l.a.createElement(n.EuiSpacer,null),l.a.createElement(n.EuiFlexItem,{"data-test-subj":"schedule",component:"section",grow:1},l.a.createElement(te.a,{loading:Je,title:be.Mc},null!=gt&&l.a.createElement(Z.b,{addPadding:!1,descriptionColumns:"singleSplit",defaultValues:gt}))),ya&&l.a.createElement(n.EuiFlexItem,{"data-test-subj":"actions",component:"section",grow:1},l.a.createElement(te.a,{loading:Je,title:be.c},l.a.createElement(J.b,{addPadding:!1,defaultValues:yt})))))),l.a.createElement(n.EuiSpacer,null),l.a.createElement(v.a,{navTabs:nt}),l.a.createElement(n.EuiSpacer,null)),l.a.createElement(ai,null,l.a.createElement(r.c,null,l.a.createElement(r.a,{path:`/rules/id/:detailName/:tabName(${ni.alerts})`},l.a.createElement(l.a.Fragment,null,l.a.createElement(n.EuiFlexGroup,{alignItems:"center",justifyContent:"spaceBetween"},l.a.createElement(n.EuiFlexItem,{grow:!1},l.a.createElement(Jt.a,{status:wt,onFilterGroupChanged:qt})),l.a.createElement(n.EuiFlexItem,{grow:!1},sa)),l.a.createElement(n.EuiSpacer,{size:"l"}),l.a.createElement(Ie.a,{show:!St},l.a.createElement(Q.a,{filters:Lt,query:ce,signalIndexName:_e,defaultStackByOption:"event.category",updateDateRange:ta,runtimeMappings:Be}),l.a.createElement(n.EuiSpacer,null)),null!=Ve&&l.a.createElement(b.a,{currentAlertStatusFilterValue:oa,defaultFilters:Lt,from:ge,globalFilters:de,globalQuery:ce,hasIndexMaintenance:null!=Re&&Re,hasIndexWrite:null!=Ne&&Ne,loading:$e,renderChildComponent:la,runtimeMappings:Be,signalIndexName:_e,tableId:y.e.alertsOnRuleDetailsPage,to:pe}))),l.a.createElement(r.a,{path:`/rules/id/:detailName/:tabName(${ni.exceptions})`},l.a.createElement(Un,{rule:Ke,listTypes:[m.b.DETECTION,m.b.RULE_DEFAULT],onRuleChange:Ue,isViewReadOnly:!Qe,"data-test-subj":"exceptionTab"})),l.a.createElement(r.a,{path:`/rules/id/:detailName/:tabName(${ni.endpointExceptions})`},l.a.createElement(Un,{rule:Ke,listTypes:[m.b.ENDPOINT],onRuleChange:Ue,isViewReadOnly:!Qe,"data-test-subj":"endpointExceptionsTab"})),l.a.createElement(r.a,{path:`/rules/id/:detailName/:tabName(${ni.executionResults})`},l.a.createElement(Ut,{ruleId:Ve,selectAlertsTab:Mt})),l.a.createElement(r.a,{path:`/rules/id/:detailName/:tabName(${ni.executionEvents})`},l.a.createElement(De.a,{ruleId:Ve}))))))),l.a.createElement(C.a,{pageName:je.a.rules,state:{ruleName:null==Ke?void 0:Ke.name,isExistingRule:Qe}}))},oi=Object(u.connect)(null,(e=>({clearSelected:({id:t})=>e(y.h.clearSelected({id:t})),clearEventsLoading:({id:t})=>e(y.h.clearEventsLoading({id:t})),clearEventsDeleted:({id:t})=>e(y.h.clearEventsDeleted({id:t}))})));ri.displayName="RuleDetailsPageComponent";const si=oi(l.a.memo(ri));si.displayName="RuleDetailsPage"},function(e,t,a){"use strict";a.d(t,"a",(function(){return j})),a.d(t,"c",(function(){return h})),a.d(t,"b",(function(){return le})),a.d(t,"d",(function(){return me}));var n=a(54),i=a(42),r=a(2),o=a.n(r),s=a(142),l=a(573),c=a(40),u=a(568),d=a(461),p=a(821);const m=({showAlertDetails:e,isolateAction:t})=>o.a.createElement(o.a.Fragment,null,o.a.createElement(c.EuiButtonEmpty,{iconType:"arrowLeft",iconSide:"left",flush:"left",onClick:e},o.a.createElement(c.EuiText,{size:"xs"},o.a.createElement("p",null,p.a))),o.a.createElement(c.EuiTitle,null,o.a.createElement("h2",null,"isolateHost"===t?d.b:d.d))),g=o.a.memo(m),y=({eventId:e,eventIndex:t,isAlert:a,isHostIsolationPanelOpen:n,isolateAction:i,loading:r,promptContextId:s,ruleName:l,showAlertDetails:c,timestamp:d})=>o.a.createElement(o.a.Fragment,null,n?o.a.createElement(g,{isolateAction:i,showAlertDetails:c}):o.a.createElement(u.b,{eventId:e,eventIndex:t,isAlert:a,loading:r,promptContextId:s,ruleName:l,timestamp:d})),f=o.a.memo(y),b=({eventId:e,eventIndex:t,isAlert:a,isHostIsolationPanelOpen:n,isolateAction:i,loading:r,promptContextId:s,ruleName:l,showAlertDetails:u,timestamp:d})=>o.a.createElement(c.EuiFlyoutHeader,{hasBorder:n},o.a.createElement(y,{eventId:e,eventIndex:t,isAlert:a,isHostIsolationPanelOpen:n,isolateAction:i,loading:r,promptContextId:s,ruleName:l,showAlertDetails:u,timestamp:d})),h=o.a.memo(b);var E=a(41),v=a.n(E),x=a(399),k=a(748);const S=v()(c.EuiFlyoutBody).withConfig({displayName:"StyledEuiFlyoutBody",componentId:"sc-p7dcu3-0"})([".euiFlyoutBody__overflow{display:flex;flex:1;overflow:hidden;.euiFlyoutBody__overflowContent{flex:1;overflow:hidden;padding:",";}}"],(({theme:e})=>`0 ${e.eui.euiSizeM} ${e.eui.euiSizeM}`)),w=({alertId:e,browserFields:t,detailsData:a,detailsEcsData:n,event:i,handleIsolationActionSuccess:r,handleOnEventClosed:s,hostName:l,isAlert:c,isDraggable:d,isReadOnly:p,isolateAction:m,isHostIsolationPanelOpen:g,isIsolateActionSuccessBannerVisible:y,loading:f,rawEventData:b,showAlertDetails:h,scopeId:E})=>o.a.createElement(S,null,y&&o.a.createElement(x.c,{hostName:l,alertId:e,isolateAction:m}),g?o.a.createElement(k.a,{details:a,cancelCallback:h,successCallback:r,isolateAction:m}):o.a.createElement(u.a,{browserFields:t,detailsData:a,detailsEcsData:n,event:i,isAlert:c,isDraggable:d,loading:f,rawEventData:b,scopeId:E,timelineTabType:"flyout",handleOnEventClosed:s,isReadOnly:p})),j=o.a.memo(w);var O=a(104),I=a.n(O),T=a(103),C=a(115),M=a(119),F=a(291),D=a(199),A=a(44),_=a(126),N=a(319),R=a(350),q=a(1132),P=a(1096),L=a(823),B=a(558),z=a(500),$=a(824),V=a(932),G=a(185),U=a(8),H=a(239),W=a(1384),Q=a(228);var Y=a(124),K=a(887),Z=a(102),J=a(805),X=a(825);const ee=o.a.memo((({detailsData:e,ecsData:t,handleOnEventClosed:a,isHostIsolationPanelOpen:n,loadingEventDetails:i,onAddEventFilterClick:s,onAddExceptionTypeClick:l,onAddIsolationStatusClick:u,refetch:p,refetchFlyoutData:m,onOsqueryClick:g,scopeId:y})=>{var f;const b=Object(Y.a)("tGridEnabled"),{loading:h,canWriteEventFilters:E}=Object(_.a)().endpointPrivileges,v=Object(r.useMemo)((()=>!h&&E),[E,h]),{osquery:x}=Object(Z.j)().services,[k,S]=Object(r.useState)(!1),w=Object(r.useMemo)((()=>[{category:"kibana",field:"kibana.alert.rule.uuid",name:"ruleId"},{category:"kibana",field:"kibana.alert.rule.name",name:"ruleName"},{category:"kibana",field:"kibana.alert.workflow_status",name:"alertStatus"},{category:"event",field:"event.kind",name:"eventKind"},{category:"_id",field:"_id",name:"eventId"}].reduce(((t,a)=>({...t,[a.name]:Object(R.a)({category:a.category,field:a.field},e)})),{})),[e]),j="event"===w.eventKind,O=Object(r.useMemo)((()=>{var e,a;return null==t||null===(e=t.agent)||void 0===e||null===(a=e.type)||void 0===a?void 0:a.includes("endpoint")}),[t]),I=Object(r.useMemo)((()=>j&&O),[j,O]),T=Object(r.useMemo)((()=>Object(R.a)({category:"agent",field:"agent.id"},e)),[e]),ee=Object(r.useCallback)((()=>{S(!k)}),[k]),te=Object(r.useCallback)((()=>{S(!1)}),[]),ae=Object(r.useCallback)((()=>{a(),S(!1)}),[a]),ne=Object(r.useCallback)((e=>{u(e),S(!1)}),[u]),ie=(({closePopover:e,detailsData:t,isHostIsolationPanelOpen:a,onAddIsolationStatusClick:n})=>{const{canIsolateHost:i,canUnIsolateHost:o}=Object(_.a)().endpointPrivileges,s=Object(r.useMemo)((()=>Object(N.b)({data:t||[]})),[t]),l=Object(r.useMemo)((()=>Object(R.a)({category:"agent",field:"agent.id"},t)),[t]),c=Object(r.useMemo)((()=>Object(R.a)({category:"host",field:"host.os.name"},t)),[t]),u=Object(r.useMemo)((()=>Object(R.a)({category:"agent",field:"agent.version"},t)),[t]),{loading:p,isIsolated:m,agentStatus:g,capabilities:y}=(({agentId:e})=>{const[t,a]=Object(r.useState)(!1),[n,i]=Object(r.useState)([]),[o,s]=Object(r.useState)(),[l,c]=Object(r.useState)(0),[u,d]=Object(r.useState)(0),[p,m]=Object(r.useState)(!1);return Object(r.useEffect)((()=>{const t=new AbortController;let n,r=!0;return m(!0),Object(U.isEmpty)(e)||(async()=>{try{const o=await Object(H.g)({agentId:e,signal:t.signal});r&&(a(Object(Q.b)(o.metadata)),o.metadata.Endpoint.capabilities&&i([...o.metadata.Endpoint.capabilities]),s(o.host_status),n=o.metadata.elastic.agent.id)}catch(e){if("AbortError"===e.name)return;r&&400===e.body.statusCode&&s(G.c.UNENROLLED)}try{const{data:e}=await Object(W.a)(n);var o,l,u,p;r&&(c(null!==(o=null===(l=e[0].pending_actions)||void 0===l?void 0:l.isolate)&&void 0!==o?o:0),d(null!==(u=null===(p=e[0].pending_actions)||void 0===p?void 0:p.unisolate)&&void 0!==u?u:0))}catch(e){return}r&&m(!1)})(),()=>{r=!1,t.abort()}}),[e]),{loading:p,capabilities:n,isIsolated:t,agentStatus:o,pendingIsolation:l,pendingUnisolation:u}})({agentId:l}),f=Object(r.useMemo)((()=>!!s&&Object(V.a)({osName:c,version:u,capabilities:y})),[u,y,c,s]),b=Object(r.useCallback)((()=>{e(),n(m?"unisolateHost":"isolateHost")}),[e,m,n]);return Object(r.useMemo)((()=>{if(!s||!f||p||a)return[];const e=[{key:"isolate-host-action-item","data-test-subj":"isolate-host-action-item",disabled:g===G.c.UNENROLLED,onClick:b,name:m?d.d:d.b}];return i||m&&o?e:[]}),[s,f,p,a,g,b,i,m,o])})({closePopover:te,detailsData:e,onAddIsolationStatusClick:ne,isHostIsolationPanelOpen:n}),re=((e,t)=>{const{loading:a,canAccessResponseConsole:n}=Object(_.a)().endpointPrivileges,i=Object(r.useMemo)((()=>Object(N.c)(e||[])),[e]),s=Object(r.useMemo)((()=>Object(R.a)({category:"agent",field:"agent.id"},e)),[e]),{handleResponseActionsClick:l,isDisabled:c,tooltip:u}=Object(q.a)({endpointId:s,onClick:t});return Object(r.useMemo)((()=>{const e=[];return!a&&n&&i&&e.push({key:"endpointResponseActions-action-item","data-test-subj":"endpointResponseActions-action-item",disabled:c,toolTipContent:u,size:"s",onClick:l,name:o.a.createElement(A.FormattedMessage,{id:"xpack.securitySolution.endpoint.detections.takeAction.responseActionConsole.buttonLabel",defaultMessage:"Respond"})}),e}),[n,l,i,a,c,u])})(e,te),oe=Object(r.useCallback)((e=>{l(e),S(!1)}),[l]),{exceptionActionItems:se}=Object(L.a)({isEndpointAlert:Object(N.a)({ecsData:t}),onAddExceptionTypeClick:oe}),le=Object(r.useCallback)((()=>{s(),S(!1)}),[s]),{eventFilterActionItems:ce}=Object($.a)({onAddEventFilterClick:le}),ue=Object(r.useCallback)((()=>{te()}),[te]),{actionItems:de}=Object(B.a)({alertStatus:w.alertStatus,closePopover:ae,eventId:w.eventId,refetch:p,scopeId:y}),{alertTagsItems:pe,alertTagsPanels:me}=Object(X.a)({closePopover:te,ecsRowData:null!=t?t:{_id:w.eventId},refetch:p}),{investigateInTimelineActionItems:ge}=Object(z.a)({ecsRowData:t,onInvestigateInTimelineAlertClick:te}),ye=null==x?void 0:x.isOsqueryAvailable({agentId:T}),fe=Object(r.useCallback)((()=>{g(T),S(!1)}),[g,S,T]),be=Object(r.useMemo)((()=>Object(J.a)({handleClick:fe})),[fe]),he=Object(r.useMemo)((()=>!j&&w.ruleId?[...de,...pe,...se]:I&&v?ce:[]),[ce,I,v,se,de,j,w.ruleId,pe]),Ee=[M.e.alertsOnAlertsPage,M.e.alertsOnRuleDetailsPage].includes(y),{addToCaseActionItems:ve,handleAddToNewCaseClick:xe}=Object(K.a)({ecsData:t,nonEcsData:null!==(f=null==e?void 0:e.map((e=>({field:e.field,value:e.values}))))&&void 0!==f?f:[],onMenuItemClick:ue,onSuccess:m,isActiveTimelines:Object(C.isActiveTimeline)(y),isInDetections:Ee,refetch:p}),ke=Object(r.useMemo)((()=>[...b?ve:[],...he,...ie,...re,...ye?[be]:[],...ge]),[b,ve,he,ie,re,ye,be,ge]),Se=[{id:0,items:ke},...me],we=Object(r.useMemo)((()=>o.a.createElement(F.a,{onClick:xe,step:D.a.addAlertToCase,tourId:D.b.alertsCases},o.a.createElement(c.EuiButton,{"data-test-subj":"take-action-dropdown-btn",fill:!0,iconSide:"right",iconType:"arrowDown",onClick:ee},P.d))),[xe,ee]);return ke.length&&!i&&t?o.a.createElement(c.EuiPopover,{id:"AlertTakeActionPanel",button:we,isOpen:k,closePopover:te,panelPaddingSize:"none",anchorPosition:"downLeft",repositionOnScroll:!0},o.a.createElement(c.EuiContextMenu,{size:"s",initialPanelId:0,panels:Se,"data-test-subj":"takeActionPanelMenu"})):null}));var te=a(826),ae=a(875),ne=a(876),ie=a(831),re=a(122),oe=a(511);const se=o.a.memo((({detailsData:e,detailsEcsData:t,handleOnEventClosed:a,isHostIsolationPanelOpen:n,isReadOnly:s,loadingEventDetails:l,onAddIsolationStatusClick:u,scopeId:d,globalQuery:p,timelineQuery:m,refetchFlyoutData:g})=>{var y;const f=null!=t&&null!==(y=t.kibana)&&void 0!==y&&y.alert?null==t?void 0:t._id:null,b=Object(r.useMemo)((()=>{var t,a,n;return null!==(t=null===(a=Object(i.find)({category:"signal",field:"signal.rule.index"},e))||void 0===a?void 0:a.values)&&void 0!==t?t:null===(n=Object(i.find)({category:"kibana",field:"kibana.alert.rule.parameters.index"},e))||void 0===n?void 0:n.values}),[e]),h=Object(r.useMemo)((()=>Array.isArray(b)?b:void 0),[b]),E=Object(r.useMemo)((()=>{var t,a,n;return null!==(t=null===(a=Object(i.find)({category:"signal",field:"signal.rule.data_view_id"},e))||void 0===a?void 0:a.values)&&void 0!==t?t:null===(n=Object(i.find)({category:"kibana",field:"kibana.alert.rule.parameters.data_view_id"},e))||void 0===n?void 0:n.values}),[e]),v=Object(r.useMemo)((()=>Array.isArray(E)?E[0]:void 0),[E]),x=Object(r.useMemo)((()=>[{category:"signal",field:"signal.rule.id",name:"ruleId"},{category:"signal",field:"signal.rule.rule_id",name:"ruleRuleId"},{category:"signal",field:"signal.rule.name",name:"ruleName"},{category:"signal",field:"kibana.alert.workflow_status",name:"alertStatus"},{category:"_id",field:"_id",name:"eventId"}].reduce(((t,a)=>({...t,[a.name]:Object(R.a)({category:a.category,field:a.field},e)})),{})),[e]),k=e=>{e.forEach((e=>e.refetch&&e.refetch()))},S=Object(r.useCallback)((()=>{Object(C.isActiveTimeline)(d)?k([m]):k(p)}),[d,m,p]),{exceptionFlyoutType:w,openAddExceptionFlyout:j,onAddExceptionTypeClick:O,onAddExceptionCancel:T,onAddExceptionConfirm:M}=Object(te.a)({refetch:S,isActiveTimelines:Object(C.isActiveTimeline)(d)}),{closeAddEventFilterModal:F,isAddEventFilterModalOpen:D,onAddEventFilterClick:A}=Object(ie.a)(),[_,N]=Object(r.useState)(null),q=Object(r.useCallback)((()=>{N(null)}),[N]);return s?null:o.a.createElement(o.a.Fragment,null,o.a.createElement(c.EuiFlyoutFooter,{"data-test-subj":"side-panel-flyout-footer"},o.a.createElement(c.EuiFlexGroup,{justifyContent:"flexEnd"},o.a.createElement(c.EuiFlexItem,{grow:!1},t&&o.a.createElement(ee,{detailsData:e,ecsData:t,handleOnEventClosed:a,isHostIsolationPanelOpen:n,loadingEventDetails:l,onAddEventFilterClick:A,onAddExceptionTypeClick:O,onAddIsolationStatusClick:u,refetchFlyoutData:g,refetch:S,scopeId:d,onOsqueryClick:N})))),j&&null!=x.ruleId&&null!=x.ruleRuleId&&null!=x.eventId&&o.a.createElement(ae.a,I()({},x,{ruleIndices:h,ruleDataViewId:v,exceptionListType:w,onCancel:T,onConfirm:M})),D&&null!=t&&o.a.createElement(ne.a,{data:t,onCancel:F}),_&&null!=t&&o.a.createElement(oe.a,{agentId:_,defaultValues:f?{alertIds:[f]}:void 0,onClose:q,ecsData:t}))})),le=Object(T.connect)((()=>{const e=re.d.globalQuery(),t=re.d.timelineQueryByIdSelector();return(a,{scopeId:n})=>({globalQuery:e(a),timelineQuery:t(a,n)})}))(o.a.memo(se));var ce=a(348),ue=a(116),de=a(110),pe=a(186);const me=()=>{var e,t;const{browserFields:a,runtimeMappings:c}=Object(ue.d)(de.SourcererScopeName.detections),[u,d]=Object(r.useState)({id:void 0,indexName:void 0}),[p,m,g,y,b]=Object(ce.a)({entityType:n.EntityType.EVENTS,indexName:null!==(e=u.indexName)&&void 0!==e?e:"",eventId:null!==(t=u.id)&&void 0!==t?t:"",runtimeMappings:c,skip:!u.id}),{alertId:h,isAlert:E,hostName:v,ruleName:x,timestamp:k}=Object(pe.b)(m),{isolateAction:S,isHostIsolationPanelOpen:w,isIsolateActionSuccessBannerVisible:O,handleIsolationActionSuccess:I,showAlertDetails:T,showHostIsolationPanel:C}=Object(l.a)(),M=Object(r.useCallback)((({isLoading:e,alert:t})=>(d((e=>e.id!==t._id?{id:t._id,indexName:t._index}:e)),o.a.createElement(j,{alertId:h,browserFields:a,detailsData:m,detailsEcsData:y,event:{eventId:t._id,indexName:t._index},hostName:null!=v?v:"",handleIsolationActionSuccess:I,handleOnEventClosed:i.noop,isAlert:E,isDraggable:!1,isolateAction:S,isIsolateActionSuccessBannerVisible:O,isHostIsolationPanelOpen:w,loading:e||p,rawEventData:g,showAlertDetails:T,scopeId:s.f.casePage,isReadOnly:!1}))),[h,a,m,y,I,v,E,w,O,S,p,g,T]),F=Object(r.useCallback)((({isLoading:e})=>{var t;return o.a.createElement(f,{isHostIsolationPanelOpen:w,isAlert:E,eventIndex:null!==(t=u.indexName)&&void 0!==t?t:"",eventId:h,isolateAction:S,loading:e||p,ruleName:x,showAlertDetails:T,timestamp:k})}),[u.indexName,E,h,w,S,p,x,T,k]),D=Object(r.useCallback)((({isLoading:e,alert:t})=>o.a.createElement(le,{detailsData:m,detailsEcsData:y,refetchFlyoutData:b,handleOnEventClosed:i.noop,isHostIsolationPanelOpen:w,isReadOnly:!1,loadingEventDetails:e||p,onAddIsolationStatusClick:C,scopeId:s.f.casePage})),[m,y,w,p,b,C]);return Object(r.useMemo)((()=>({body:M,header:F,footer:D})),[M,F,D])}},function(e,t,a){"use strict";a.d(t,"a",(function(){return H}));var n=a(40),i=a(2),r=a.n(i),o=a(42),s=a(607),l=a(608);const c=r.a.memo((({contextId:e,eventId:t,isDraggable:a,tlsClientCertificateFingerprintSha1:i,tlsFingerprintsJa3Hash:c,tlsServerCertificateFingerprintSha1:u})=>r.a.createElement(n.EuiFlexGroup,{alignItems:"center","data-test-subj":"fingerprints-group",direction:"column",justifyContent:"center",gutterSize:"none"},null!=c?Object(o.uniq)(c).map((i=>r.a.createElement(n.EuiFlexItem,{grow:!1,key:i},r.a.createElement(l.b,{eventId:t,fieldName:l.a,contextId:e,isDraggable:a,value:i})))):null,null!=i?Object(o.uniq)(i).map((i=>r.a.createElement(n.EuiFlexItem,{grow:!1,key:i},r.a.createElement(s.a,{eventId:t,certificateType:"client",contextId:e,fieldName:s.b,isDraggable:a,value:i})))):null,null!=u?Object(o.uniq)(u).map((i=>r.a.createElement(n.EuiFlexItem,{grow:!1,key:i},r.a.createElement(s.a,{eventId:t,certificateType:"server",contextId:e,fieldName:s.c,isDraggable:a,value:i})))):null)));c.displayName="Fingerprints";var u=a(41),d=a.n(u),p=a(113),m=a(121),g=a(460);const y="questionInCircle",f=e=>{if(null==e)return y;switch(`${e}`.toLowerCase()){case p.n.outbound:case p.n.outgoing:return"arrowUp";case p.n.inbound:case p.n.incoming:case p.n.listening:return"arrowDown";case p.n.external:return"globe";case p.n.internal:return"bullseye";case p.n.unknown:default:return y}},b=r.a.memo((({contextId:e,eventId:t,direction:a,isDraggable:n})=>r.a.createElement(m.c,{contextId:e,eventId:t,field:g.c,iconType:f(a),isDraggable:n,value:a,isAggregatable:!0,fieldType:"keyword"})));b.displayName="DirectionBadge";var h=a(815),E=a(727);const v=d()(n.EuiFlexItem).withConfig({displayName:"EuiFlexItemMarginRight",componentId:"sc-10udnrm-0"})(["margin-right:3px;"]);v.displayName="EuiFlexItemMarginRight";const x=d()(n.EuiText).withConfig({displayName:"Stats",componentId:"sc-10udnrm-1"})(["margin:0 5px;"]);x.displayName="Stats";const k=r.a.memo((({bytes:e,communityId:t,contextId:a,direction:i,eventId:s,isDraggable:l,packets:c,protocol:u,transport:d})=>r.a.createElement(n.EuiFlexGroup,{alignItems:"center",justifyContent:"center",gutterSize:"none"},null!=i?Object(o.uniq)(i).map((e=>r.a.createElement(v,{grow:!1,key:e},r.a.createElement(b,{contextId:a,direction:e,eventId:s,isDraggable:l})))):null,null!=u?Object(o.uniq)(u).map((e=>r.a.createElement(v,{grow:!1,key:e},r.a.createElement(m.c,{contextId:a,eventId:s,field:g.e,isDraggable:l,value:e,isAggregatable:!0,fieldType:"keyword"})))):null,null!=e?Object(o.uniq)(e).map((e=>isNaN(Number(e))?null:r.a.createElement(v,{grow:!1,key:e},r.a.createElement(m.b,{field:g.a,id:`network-default-draggable-${a}-${s}-${g.a}-${e}`,isDraggable:l,value:e},r.a.createElement(x,{size:"xs"},r.a.createElement("span",null,r.a.createElement(E.a,{value:e}))))))):null,null!=c?Object(o.uniq)(c).map((e=>r.a.createElement(v,{grow:!1,key:e},r.a.createElement(m.b,{field:g.d,id:`network-default-draggable-${a}-${s}-${g.d}-${e}`,isDraggable:l,value:e},r.a.createElement(x,{size:"xs"},r.a.createElement("span",null,`${e} ${h.a}`)))))):null,null!=d?Object(o.uniq)(d).map((e=>r.a.createElement(v,{grow:!1,key:e},r.a.createElement(m.c,{contextId:a,"data-test-subj":"network-transport",eventId:s,field:g.f,isDraggable:l,value:e,isAggregatable:!0,fieldType:"keyword"})))):null,null!=t?Object(o.uniq)(t).map((e=>r.a.createElement(n.EuiFlexItem,{grow:!1,key:e},r.a.createElement(m.c,{contextId:a,eventId:s,field:g.b,isDraggable:l,value:e,isAggregatable:!0,fieldType:"keyword"})))):null)));k.displayName="Network";var S=a(532),w=a(130),j=a.n(w),O=a(395),I=a(1039),T=a(380),C=a(392),M=a(570);const F=d.a.span.withConfig({displayName:"IpPortSeparator",componentId:"sc-12b0nt-0"})(["margin:0 3px;"]);F.displayName="IpPortSeparator";const D=r.a.memo((({contextId:e,eventId:t,isDraggable:a,port:i,portFieldName:o})=>null!=i?r.a.createElement(n.EuiFlexGroup,{gutterSize:"none"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(F,{"data-test-subj":"ip-port-separator"},":")),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(I.a,{contextId:e,"data-test-subj":"port",eventId:t,fieldName:o,isDraggable:a,value:i}))):null));D.displayName="PortWithSeparator";const A=r.a.memo((({contextId:e,eventId:t,ip:a,ipFieldName:i,isDraggable:o,port:s,portFieldName:l})=>r.a.createElement(n.EuiFlexGroup,{gutterSize:"none"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(O.c,{contextId:e,"data-test-subj":"ip",eventId:t,fieldName:i,isDraggable:o,value:a})),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(D,{contextId:e,eventId:t,isDraggable:o,port:s,portFieldName:l})))));A.displayName="IpWithPort";const _=d.a.div.withConfig({displayName:"Label",componentId:"sc-1ym4dlz-0"})(["font-weight:bold;margin-top:2px;"]),N=({destinationIp:e,sourceIp:t,type:a})=>"source"===a&&null!=t&&t.some((e=>!Object(o.isEmpty)(e)))||"destination"===a&&null!=e&&e.some((e=>!Object(o.isEmpty)(e))),R=({destinationPort:e,sourcePort:t,type:a})=>("source"===a&&null!=t?t:"destination"===a&&null!=e?e:[]).filter((e=>null!=e)).map((e=>`${e}`)).filter((e=>!Object(o.isEmpty)(e))),q=r.a.memo((({contextId:e,destinationIp:t,destinationPort:a,eventId:i,isDraggable:s,sourceIp:l,sourcePort:c,type:u})=>{const d="source"===u?l:t,p="source"===u?O.d:O.a,m="source"===u?c:a,g="source"===u?T.c:T.a;if(null==d)return null;const y=null!=m&&d.length===m.length?d.map(((e,t)=>({ip:e,port:null!=m[t]?`${m[t]}`:null}))):d.map((e=>({ip:e,port:null})));return r.a.createElement(n.EuiFlexGroup,{gutterSize:"none"},Object(o.uniqWith)(j.a,y).map((t=>null!=t.ip&&r.a.createElement(n.EuiFlexItem,{grow:!1,key:t.ip},r.a.createElement(A,{contextId:e,"data-test-subj":`${u}-ip-and-port`,eventId:i,ip:t.ip,ipFieldName:p,isDraggable:s,port:t.port,portFieldName:g})))))}));q.displayName="IpAdressesWithPorts";const P=r.a.memo((({contextId:e,destinationGeoContinentName:t,destinationGeoCountryName:a,destinationGeoCountryIsoCode:i,destinationGeoRegionName:o,destinationGeoCityName:s,destinationIp:l,destinationPort:c,eventId:u,isDraggable:d,sourceGeoContinentName:p,sourceGeoCountryName:m,sourceGeoCountryIsoCode:g,sourceGeoRegionName:y,sourceGeoCityName:f,sourceIp:b,sourcePort:h,type:E})=>{const v="source"===E?C.i:C.c;return N({destinationIp:l,sourceIp:b,type:E})||(({destinationPort:e,sourcePort:t,type:a})=>R({destinationPort:e,sourcePort:t,type:a}).length>0)({destinationPort:c,sourcePort:h,type:E})?r.a.createElement(n.EuiBadge,{"data-test-subj":`${E}-ip-badge`,color:"hollow",title:""},r.a.createElement(n.EuiFlexGroup,{alignItems:"center","data-test-subj":`${E}-ip-group`,direction:"column",gutterSize:"xs"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(_,null,v)),r.a.createElement(n.EuiFlexItem,{grow:!1},N({destinationIp:l,sourceIp:b,type:E})?r.a.createElement(q,{contextId:e,destinationIp:l,destinationPort:c,eventId:u,isDraggable:d,sourceIp:b,sourcePort:h,type:E}):r.a.createElement(n.EuiFlexGroup,{gutterSize:"none"},R({destinationPort:c,sourcePort:h,type:E}).map(((t,a)=>r.a.createElement(n.EuiFlexItem,{key:`port-${t}-${a}`,grow:!1},r.a.createElement(I.a,{contextId:e,"data-test-subj":"port",eventId:u,fieldName:`${E}.port`,isDraggable:d,value:t})))))),r.a.createElement(n.EuiFlexItem,null,r.a.createElement(M.f,{contextId:e,destinationGeoContinentName:t,destinationGeoCountryName:a,destinationGeoCountryIsoCode:i,destinationGeoRegionName:o,destinationGeoCityName:s,eventId:u,isDraggable:d,sourceGeoContinentName:p,sourceGeoCountryName:m,sourceGeoCountryIsoCode:g,sourceGeoRegionName:y,sourceGeoCityName:f,type:E})))):null}));P.displayName="SourceDestinationIp";const L=r.a.memo((({contextId:e,destinationBytes:t,destinationGeoContinentName:a,destinationGeoCountryName:i,destinationGeoCountryIsoCode:o,destinationGeoRegionName:s,destinationGeoCityName:l,destinationIp:c,destinationPackets:u,destinationPort:d,eventId:p,isDraggable:m,sourceBytes:g,sourceGeoContinentName:y,sourceGeoCountryName:f,sourceGeoCountryIsoCode:b,sourceGeoRegionName:h,sourceGeoCityName:E,sourcePackets:v,sourceIp:x,sourcePort:k})=>r.a.createElement(n.EuiFlexGroup,{justifyContent:"center",gutterSize:"none"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(P,{contextId:e,destinationGeoContinentName:a,destinationGeoCountryName:i,destinationGeoCountryIsoCode:o,destinationGeoRegionName:s,destinationGeoCityName:l,destinationIp:c,destinationPort:d,eventId:p,isDraggable:m,sourceGeoContinentName:y,sourceGeoCountryName:f,sourceGeoCountryIsoCode:b,sourceGeoRegionName:h,sourceGeoCityName:E,sourceIp:x,sourcePort:k,type:"source"})),r.a.createElement(S.e,{contextId:e,destinationBytes:t,destinationPackets:u,eventId:p,isDraggable:m,sourceBytes:g,sourcePackets:v}),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(P,{contextId:e,destinationGeoContinentName:a,destinationGeoCountryName:i,destinationGeoCountryIsoCode:o,destinationGeoRegionName:s,destinationGeoCityName:l,destinationIp:c,destinationPort:d,eventId:p,isDraggable:m,sourceGeoContinentName:y,sourceGeoCountryName:f,sourceGeoCountryIsoCode:b,sourceGeoRegionName:h,sourceGeoCityName:E,sourceIp:x,sourcePort:k,type:"destination"})))));L.displayName="SourceDestinationWithArrows";const B=d()(n.EuiFlexItem).withConfig({displayName:"EuiFlexItemMarginTop",componentId:"sc-ru6rd-0"})(["margin-top:3px;"]);B.displayName="EuiFlexItemMarginTop";const z=r.a.memo((({contextId:e,destinationBytes:t,destinationGeoContinentName:a,destinationGeoCountryName:i,destinationGeoCountryIsoCode:o,destinationGeoRegionName:s,destinationGeoCityName:l,destinationIp:c,destinationPackets:u,destinationPort:d,eventId:p,isDraggable:m,networkBytes:g,networkCommunityId:y,networkDirection:f,networkPackets:b,networkProtocol:h,sourceBytes:E,sourceGeoContinentName:v,sourceGeoCountryName:x,sourceGeoCountryIsoCode:S,sourceGeoRegionName:w,sourceGeoCityName:j,sourceIp:O,sourcePackets:I,sourcePort:T,transport:C})=>r.a.createElement(n.EuiFlexGroup,{alignItems:"center",direction:"column",justifyContent:"center",gutterSize:"none"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(k,{bytes:g,packets:b,communityId:y,contextId:e,direction:f,eventId:p,isDraggable:m,protocol:h,transport:C})),r.a.createElement(B,{grow:!1},r.a.createElement(L,{contextId:e,destinationBytes:t,destinationGeoContinentName:a,destinationGeoCountryName:i,destinationGeoCountryIsoCode:o,destinationGeoRegionName:s,destinationGeoCityName:l,destinationIp:c,destinationPackets:u,destinationPort:d,eventId:p,isDraggable:m,sourceBytes:E,sourceGeoContinentName:v,sourceGeoCountryName:x,sourceGeoCountryIsoCode:S,sourceGeoRegionName:w,sourceGeoCityName:j,sourceIp:O,sourcePackets:I,sourcePort:T})))));z.displayName="SourceDestination";var $=a(571),V=a(818);const G=d()(n.EuiFlexItem).withConfig({displayName:"EuiFlexItemMarginRight",componentId:"sc-ub9rva-0"})(["margin-right:10px;"]);G.displayName="EuiFlexItemMarginRight";const U=r.a.memo((({contextId:e,destinationBytes:t,destinationGeoContinentName:a,destinationGeoCountryName:i,destinationGeoCountryIsoCode:o,destinationGeoRegionName:s,destinationGeoCityName:l,destinationIp:c,destinationPackets:u,destinationPort:d,eventDuration:p,eventId:m,eventEnd:g,eventStart:y,isDraggable:f,networkBytes:b,networkCommunityId:h,networkDirection:E,networkPackets:v,networkProtocol:x,processName:k,sourceBytes:S,sourceGeoContinentName:w,sourceGeoCountryName:j,sourceGeoCountryIsoCode:O,sourceGeoRegionName:I,sourceGeoCityName:T,sourceIp:C,sourcePackets:M,sourcePort:F,transport:D,userName:A})=>r.a.createElement(n.EuiFlexGroup,{"data-test-subj":"netflow-columns",gutterSize:"none",justifyContent:"center",wrap:!0},r.a.createElement(G,{grow:!1},r.a.createElement(V.c,{contextId:e,eventId:m,isDraggable:f,processName:k,userName:A})),r.a.createElement(G,{grow:!1},r.a.createElement($.a,{contextId:e,eventDuration:p,eventId:m,eventEnd:g,eventStart:y,isDraggable:f})),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(z,{contextId:e,destinationBytes:t,destinationGeoContinentName:a,destinationGeoCountryName:i,destinationGeoCountryIsoCode:o,destinationGeoRegionName:s,destinationGeoCityName:l,destinationIp:c,destinationPackets:u,destinationPort:d,eventId:m,isDraggable:f,networkBytes:b,networkCommunityId:h,networkDirection:E,networkPackets:v,networkProtocol:x,sourceBytes:S,sourceGeoContinentName:w,sourceGeoCountryName:j,sourceGeoCountryIsoCode:O,sourceGeoRegionName:I,sourceGeoCityName:T,sourceIp:C,sourcePackets:M,sourcePort:F,transport:D})))));U.displayName="NetflowColumns";const H=r.a.memo((({contextId:e,destinationBytes:t,destinationGeoContinentName:a,destinationGeoCountryName:i,destinationGeoCountryIsoCode:o,destinationGeoRegionName:s,destinationGeoCityName:l,destinationIp:u,destinationPackets:d,destinationPort:p,eventDuration:m,eventId:g,eventEnd:y,eventStart:f,isDraggable:b,networkBytes:h,networkCommunityId:E,networkDirection:v,networkPackets:x,networkProtocol:k,processName:S,sourceBytes:w,sourceGeoContinentName:j,sourceGeoCountryName:O,sourceGeoCountryIsoCode:I,sourceGeoRegionName:T,sourceGeoCityName:C,sourcePackets:M,sourceIp:F,sourcePort:D,tlsClientCertificateFingerprintSha1:A,tlsFingerprintsJa3Hash:_,tlsServerCertificateFingerprintSha1:N,transport:R,userName:q})=>r.a.createElement(n.EuiFlexGroup,{alignItems:"center","data-test-subj":"netflow-rows",direction:"column",justifyContent:"center",wrap:!0,gutterSize:"none"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(U,{contextId:e,destinationBytes:t,destinationGeoContinentName:a,destinationGeoCountryName:i,destinationGeoCountryIsoCode:o,destinationGeoRegionName:s,destinationGeoCityName:l,destinationIp:u,destinationPackets:d,destinationPort:p,eventDuration:m,eventId:g,eventEnd:y,eventStart:f,isDraggable:b,networkBytes:h,networkCommunityId:E,networkDirection:v,networkPackets:x,networkProtocol:k,processName:S,sourceBytes:w,sourceGeoContinentName:j,sourceGeoCountryName:O,sourceGeoCountryIsoCode:I,sourceGeoRegionName:T,sourceGeoCityName:C,sourceIp:F,sourcePackets:M,sourcePort:D,transport:R,userName:q})),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(c,{contextId:e,eventId:g,isDraggable:b,tlsClientCertificateFingerprintSha1:A,tlsFingerprintsJa3Hash:_,tlsServerCertificateFingerprintSha1:N})))));H.displayName="Netflow"},,function(e,t,a){"use strict";a.d(t,"a",(function(){return I}));var n=a(106),i=a(8),r=a(41),o=a.n(r),s=a(4),l=a(167);const c=o.a.div.withConfig({displayName:"HorizontalSpacer",componentId:"sc-1o769t7-0"})(["margin:0 ",";"],(({theme:e})=>e.eui.euiSizeXS));var u=a(40),d=a(2),p=a.n(d),m=a(569),g=a(275),y=a(42),f=a(44),b=a(121);const h=({contextId:e,eventId:t,isDraggable:a,sourceField:n,sourceValue:i})=>p.a.createElement(u.EuiFlexGroup,{alignItems:"center","data-test-subj":"threat-match-details",direction:"row",justifyContent:"center",gutterSize:"none",wrap:!0},p.a.createElement(u.EuiFlexItem,{grow:!1},p.a.createElement(b.c,{contextId:e,"data-test-subj":"threat-match-details-source-field",eventId:t,field:l.g,isDraggable:a,value:n,isAggregatable:!0,fieldType:"keyword"})),p.a.createElement(u.EuiFlexItem,{grow:!1},p.a.createElement(c,null,p.a.createElement(f.FormattedMessage,{defaultMessage:"matched",id:"xpack.securitySolution.alerts.rowRenderers.cti.threatMatch.matchedVerb"}))),p.a.createElement(u.EuiFlexItem,{grow:!1},p.a.createElement(b.c,{contextId:e,"data-test-subj":"threat-match-details-source-value",eventId:t,field:n,isDraggable:a,value:i,isAggregatable:!0,fieldType:"keyword"})));var E=a(337);const v=({contextId:e,eventId:t,feedName:a,indicatorReference:n,indicatorType:i,isDraggable:r})=>p.a.createElement(u.EuiFlexGroup,{alignItems:"flexStart","data-test-subj":"threat-match-indicator-details",direction:"row",justifyContent:"center",gutterSize:"none",wrap:!0},i&&p.a.createElement(u.EuiFlexItem,{grow:!1},p.a.createElement(b.c,{contextId:e,"data-test-subj":"threat-match-indicator-details-indicator-type",eventId:t,field:l.h,isDraggable:r,value:i,isAggregatable:!0,fieldType:"keyword"})),a&&p.a.createElement(p.a.Fragment,null,p.a.createElement(u.EuiFlexItem,{grow:!1,component:"span"},p.a.createElement(c,null,p.a.createElement(f.FormattedMessage,{defaultMessage:"provided by",id:"xpack.securitySolution.alerts.rowRenderers.cti.threatMatch.providerPreposition"}))),p.a.createElement(u.EuiFlexItem,{grow:!1},p.a.createElement(b.c,{contextId:e,"data-test-subj":"threat-match-indicator-details-indicator-feedName",eventId:t,field:l.e,isDraggable:r,value:a,isAggregatable:!0,fieldType:"keyword"}))),n&&p.a.createElement(p.a.Fragment,null,p.a.createElement(u.EuiFlexItem,{grow:!1},p.a.createElement(c,null,":")),p.a.createElement(u.EuiFlexItem,{grow:!1},p.a.createElement(E.a,{contextId:e,"data-test-subj":"threat-match-indicator-details-indicator-reference",eventId:t,fieldName:l.j,isDraggable:r,value:n,isAggregatable:!0,fieldType:"keyword"})))),x=({contextId:e,data:t,eventId:a,isDraggable:n})=>{const i={contextId:e,eventId:a,indicatorReference:Object(y.getOr)([],l.p,t)[0],feedName:Object(y.getOr)([],l.e,t)[0],indicatorType:Object(y.getOr)([],l.n,t)[0],isDraggable:n,sourceField:Object(y.get)(l.l,t)[0],sourceValue:Object(y.get)(l.k,t)[0]};return p.a.createElement(k,i)},k=({contextId:e,eventId:t,feedName:a,indicatorReference:n,indicatorType:i,isDraggable:r,sourceField:o,sourceValue:s})=>p.a.createElement(u.EuiFlexGroup,{alignItems:"center","data-test-subj":"threat-match-row",gutterSize:"s",justifyContent:"center"},p.a.createElement(u.EuiFlexItem,{grow:!1},p.a.createElement(h,{contextId:e,eventId:t,isDraggable:r,sourceField:o,sourceValue:s})),p.a.createElement(u.EuiFlexItem,{grow:!1},p.a.createElement(v,{contextId:e,eventId:t,feedName:a,indicatorReference:n,indicatorType:i,isDraggable:r})));var S=a(392);const w=o.a.div.withConfig({displayName:"SpacedContainer",componentId:"sc-e4rhpb-0"})(["margin:"," 0;"],(({theme:e})=>e.eui.euiSizeS)),j=({data:e,isDraggable:t,scopeId:a})=>{const n=Object(i.get)(e,s.pb),r=Object(i.get)(e,m.a),o=Object(d.useCallback)(((e="max")=>{const i="max"===e?n.slice(0,2):n;return p.a.createElement(g.a,{"data-test-subj":"threat-match-row-renderer"},p.a.createElement(w,null,i.map(((e,i)=>{const o=`threat-match-row-${a}-${r}-${i}`;return p.a.createElement(d.Fragment,{key:o},p.a.createElement(x,{contextId:o,data:e,eventId:r,isDraggable:t}),i<n.length-1&&p.a.createElement(u.EuiHorizontalRule,{margin:"s"}))}))))}),[n,r,t,a]),l=Object(d.useCallback)((()=>o("all")),[o]);return p.a.createElement(u.EuiFlexGroup,{direction:"column",justifyContent:"center",alignItems:"center",gutterSize:"none"},p.a.createElement(u.EuiFlexItem,null,o()),n.length>2&&p.a.createElement(u.EuiFlexItem,null,p.a.createElement(O,{title:Object(S.h)(n.length),renderChildren:l})))},O=({title:e,renderChildren:t})=>{const[a,n]=Object(d.useState)(!1),i=()=>n(!1);let r;return a&&(r=p.a.createElement(u.EuiModal,{onClose:i},p.a.createElement(u.EuiModalHeader,{"data-test-subj":"threat-match-row-modal"},p.a.createElement(u.EuiModalHeaderTitle,null,S.b)),p.a.createElement(u.EuiModalBody,null,t()),p.a.createElement(u.EuiModalFooter,null,p.a.createElement(u.EuiButton,{onClick:i,fill:!0},S.a)))),p.a.createElement("div",null,p.a.createElement(u.EuiButtonEmpty,{"data-test-subj":"threat-match-row-show-all",iconType:"popout",color:"primary",onClick:()=>n(!0)},e),r)},I={id:n.d.threat_match,isInstance:e=>(e=>{const t=Object(i.get)(e,s.pb);return null==t?[]:Array.isArray(t)?t:[t]})(e).some((e=>l.i.some((t=>!Object(i.isEmpty)(Object(i.get)(e,t)))))),renderRow:({data:e,isDraggable:t,scopeId:a})=>p.a.createElement(j,{data:e,isDraggable:t,scopeId:a})}},function(e,t,a){"use strict";a.d(t,"a",(function(){return D}));var n=a(42),i=a(2),r=a.n(i),o=a(106),s=a(275),l=a(40),c=a(41),u=a.n(c),d=a(250),p=a(321),m=a(153),g=a(123),y=a(379),f=a(127);const b=["IPv4","IPv6"];var h=a(121),E=a(150);const v="suricata.eve.alert.signature",x="suricata.eve.alert.signature_id",k=u()(l.EuiFlexItem).withConfig({displayName:"SignatureFlexItem",componentId:"sc-1paeiel-0"})(["min-width:77px;"]);k.displayName="SignatureFlexItem";const S=u()(l.EuiBadge).withConfig({displayName:"Badge",componentId:"sc-1paeiel-1"})(["vertical-align:top;"]);S.displayName="Badge";const w=u()(l.EuiFlexItem).withConfig({displayName:"LinkFlexItem",componentId:"sc-1paeiel-2"})(["margin-left:6px;"]);w.displayName="LinkFlexItem";const j=r.a.memo((({tokens:e})=>r.a.createElement(r.a.Fragment,null,e.map((e=>r.a.createElement(f.c,{key:e,grow:!1},r.a.createElement(l.EuiBadge,{iconType:"tag",color:"hollow",title:""},e)))))));j.displayName="Tokens";const O=r.a.memo((({id:e,isDraggable:t,signatureId:a})=>{const n=Object(i.useMemo)((()=>({and:[],enabled:!0,id:Object(m.i)(`suricata-draggable-signature-id-${e}-sig-${a}`),name:String(a),excluded:!1,kqlQuery:"",queryMatch:{field:x,value:a,operator:E.d}})),[e,a]),o=Object(i.useCallback)(((e,t,n)=>n.isDragging?r.a.createElement(p.a,null,r.a.createElement(y.a,{dataProvider:e})):r.a.createElement(l.EuiToolTip,{"data-test-subj":"signature-id-tooltip",content:x},r.a.createElement(S,{iconType:"number",color:"hollow",title:""},a))),[a]);return r.a.createElement(k,{grow:!1},r.a.createElement(p.b,{dataProvider:n,isDraggable:t,render:o,isAggregatable:!0,fieldType:"keyword"}))}));O.displayName="DraggableSignatureId";const I=r.a.memo((({contextId:e,id:t,isDraggable:a,signature:n,signatureId:i})=>{const o=(e=>e.trim().split(" ").reduce(((e,t,a)=>e.length===a&&t===t.toUpperCase()&&""!==t||b.includes(t)?[...e,t]:e),[]))(n);return r.a.createElement(l.EuiFlexGroup,{justifyContent:"center",gutterSize:"none",wrap:!0},r.a.createElement(O,{id:`draggable-signature-id-${e}-${t}`,isDraggable:a,signatureId:i}),r.a.createElement(j,{tokens:o}),r.a.createElement(w,{grow:!1},r.a.createElement(h.b,{"data-test-subj":"draggable-signature-link",field:v,id:`suricata-signature-default-draggable-${e}-${t}-${v}`,isDraggable:a,value:n,tooltipPosition:"bottom"},r.a.createElement("div",null,r.a.createElement(g.c,{link:n},n.split(" ").splice(o.length).join(" "))))))}));I.displayName="SuricataSignature";const T=u()(l.EuiFlexItem).withConfig({displayName:"LinkEuiFlexItem",componentId:"sc-i69i1c-0"})(["display:inline;"]);T.displayName="LinkEuiFlexItem";const C=r.a.memo((({signatureId:e})=>{const[t,o]=Object(i.useState)(void 0);return Object(i.useEffect)((()=>{let t=!0;return async function(){if(null!=e)try{const i=await(async e=>{const t=(await a.e(20).then(a.t.bind(null,1652,7))).db,i=(r=t,o=e,Object.prototype.hasOwnProperty.call(r,o)?t[e]:null);var r,o;return null!=i?Object(n.uniq)(i):[]})(e);t&&null!=i&&o(i)}catch(e){o(void 0)}else t&&o(void 0)}(),()=>{t=!1}}),[e]),r.a.createElement(l.EuiFlexGroup,{"data-test-subj":"suricataRefs",gutterSize:"none",justifyContent:"center",wrap:!0},t&&t.map((e=>r.a.createElement(T,{key:e,grow:!1},r.a.createElement(l.EuiLink,{href:e,color:"subdued",target:"_blank"},e)))))}));C.displayName="SuricataRefs";const M=u.a.div.withConfig({displayName:"Details",componentId:"sc-1y9aljy-0"})(["margin:5px 0;"]);M.displayName="Details";const F=r.a.memo((({data:e,isDraggable:t,timelineId:a})=>{const i=Object(n.get)("suricata.eve.alert.signature[0]",e),o=Object(n.get)("suricata.eve.alert.signature_id[0]",e);return null!=o&&null!=i?r.a.createElement(M,null,r.a.createElement(I,{contextId:`suricata-signature-${a}-${e._id}`,id:e._id,isDraggable:t,signature:i,signatureId:o}),r.a.createElement(C,{signatureId:o}),r.a.createElement(l.EuiSpacer,{size:"s"}),r.a.createElement(d.a,{data:e,isDraggable:t,timelineId:a})):null}));F.displayName="SuricataDetails";const D={id:o.d.suricata,isInstance:e=>{const t=Object(n.get)("event.module[0]",e);return null!=t&&"suricata"===t.toLowerCase()},renderRow:({data:e,isDraggable:t,scopeId:a})=>r.a.createElement(s.a,null,r.a.createElement(F,{data:e,isDraggable:t,timelineId:a}))}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(46),i=a(602),r=a(102);const o=()=>r.b.get().http,s=({packages:e})=>Object(n.useQuery)(["installedIntegrations",{packages:e}],(async({signal:t})=>{var a;return null!==(a=(await(e=>{var t;const{packages:a,signal:n}=e;return o().fetch(i.a,{method:"GET",query:{packages:null==a||null===(t=a.sort())||void 0===t?void 0:t.join(",")},signal:n})})({packages:e,signal:t})).installed_integrations)&&void 0!==a?a:[]}),{keepPreviousData:!0,staleTime:3e5,onError:e=>{}})},function(e,t,a){"use strict";a.d(t,"a",(function(){return H}));var n=a(42),i=a(2),r=a.n(i),o=a(106),s=a(275),l=a(40),c=a(41),u=a.n(c),d=a(250),p=a(321),m=a(153),g=a(123),y=a(379),f=a(150),b=a(5);const h=b.i18n.translate("xpack.securitySolution.zeek.s0Description",{defaultMessage:"Connection attempt seen, no reply"}),E=b.i18n.translate("xpack.securitySolution.zeek.s1Description",{defaultMessage:"Connection established, not terminated"}),v=b.i18n.translate("xpack.securitySolution.zeek.s2Description",{defaultMessage:"Connection established and close attempt by originator seen (but no reply from responder)"}),x=b.i18n.translate("xpack.securitySolution.zeek.s3Description",{defaultMessage:"Connection established and close attempt by responder seen (but no reply from originator)"}),k=b.i18n.translate("xpack.securitySolution.zeek.sfDescription",{defaultMessage:"Normal SYN/FIN completion"}),S=b.i18n.translate("xpack.securitySolution.zeek.rejDescription",{defaultMessage:"Connection attempt rejected"}),w=b.i18n.translate("xpack.securitySolution.zeek.rstoODescription",{defaultMessage:"Connection established, originator aborted (sent a RST)"}),j=b.i18n.translate("xpack.securitySolution.zeek.rstrDescription",{defaultMessage:"Established, responder aborted"}),O=b.i18n.translate("xpack.securitySolution.zeek.rstosoDescription",{defaultMessage:"Originator sent a SYN followed by a RST, no SYN-ACK from the responder"}),I=b.i18n.translate("xpack.securitySolution.zeek.rstrhDescription",{defaultMessage:"Responder sent a SYN ACK followed by a RST, no SYN from the (purported) originator"}),T=b.i18n.translate("xpack.securitySolution.zeek.shDescription",{defaultMessage:"Originator sent a SYN followed by a FIN, no SYN ACK from the responder"}),C=b.i18n.translate("xpack.securitySolution.zeek.shrDescription",{defaultMessage:"Responder sent a SYN ACK followed by a FIN, no SYN from the originator"}),M=b.i18n.translate("xpack.securitySolution.zeek.othDescription",{defaultMessage:"No SYN seen, just midstream traffic"}),F=u()(l.EuiBadge).withConfig({displayName:"Badge",componentId:"sc-1b5gq3p-0"})(["vertical-align:top;"]);F.displayName="Badge";const D=u()(l.EuiFlexItem).withConfig({displayName:"TokensFlexItem",componentId:"sc-1b5gq3p-1"})(["margin-left:3px;"]);D.displayName="TokensFlexItem";const A=u()(l.EuiFlexItem).withConfig({displayName:"LinkFlexItem",componentId:"sc-1b5gq3p-2"})(["margin-left:6px;"]);A.displayName="LinkFlexItem";const _=e=>e,N=e=>{const t=e.split(".");return t.length>=2&&null!=t[1]?""!==t[1]?t[1]:t[0]:e},R=e=>`Dropped:${e}`,q=e=>`md5: ${e.substr(0,7)}...`,P=e=>`sha1: ${e.substr(0,7)}...`,L=r.a.memo((({id:e,field:t,isDraggable:a,value:n,stringRenderer:o=_})=>{const s=Object(i.useMemo)((()=>({and:[],enabled:!0,id:Object(m.i)(`draggable-zeek-element-draggable-wrapper-${e}-${t}-${n}`),name:String(n),excluded:!1,kqlQuery:"",queryMatch:{field:t,value:String(n),operator:f.d}})),[t,e,n]),c=Object(i.useCallback)(((e,a,i)=>i.isDragging?r.a.createElement(p.a,null,r.a.createElement(y.a,{dataProvider:e})):r.a.createElement(l.EuiToolTip,{"data-test-subj":"badge-tooltip",content:t},r.a.createElement(F,{iconType:"tag",color:"hollow",title:""},o(String(n))))),[t,o,n]);return null!=n?r.a.createElement(D,{grow:!1},r.a.createElement(p.b,{dataProvider:s,isDraggable:a,render:c,isAggregatable:!0,fieldType:"keyword"})):null}));L.displayName="DraggableZeekElement";const B=r.a.memo((({value:e,link:t})=>null!=e?null!=t?r.a.createElement(A,{grow:!1},r.a.createElement("div",null,r.a.createElement(g.c,{link:t},e))):r.a.createElement(A,{grow:!1},r.a.createElement("div",null,r.a.createElement(g.c,{link:e}))):null));B.displayName="Link";const z=r.a.memo((({value:e})=>null!=e?r.a.createElement(A,{grow:!1},r.a.createElement("div",null,r.a.createElement(g.j,{domain:e,overflowIndexStart:1,showDomain:!0,"data-test-subj":"reputationLinkSha"}))):null));z.displayName="TotalVirusLinkSha";const $={S0:h,S1:E,S2:v,S3:x,SF:k,REJ:S,RSTO:w,RSTR:j,RSTOS0:O,RSTRH:I,SH:T,SHR:C,OTH:M},V=r.a.memo((({data:e,isDraggable:t,timelineId:a})=>{const i=`zeek-signature-draggable-zeek-element-${a}-${e._id}`,o=Object(n.get)("zeek.session_id[0]",e),s=Object(n.get)("event.dataset[0]",e),c=Object(n.get)("zeek.ssl.version[0]",e),u=Object(n.get)("zeek.ssl.cipher[0]",e),d=Object(n.get)("zeek.connection.state[0]",e),p=Object(n.get)("zeek.connection.history[0]",e),m=Object(n.get)("zeek.notice.note[0]",e),g=Object(n.get)("zeek.notice.msg[0]",e),y=(e=>null!=e?String(e):null)(Object(n.get)("zeek.notice.dropped[0]",e)),f=Object(n.get)("zeek.dns.query[0]",e),b=Object(n.get)("zeek.dns.qclass_name[0]",e),h=Object(n.get)("http.request.method[0]",e),E=Object(n.get)("http.response.status_code[0]",e),v=Object(n.get)("url.original[0]",e),x=Object(n.get)("zeek.files.sha1[0]",e),k=Object(n.get)("zeek.files.md5[0]",e),S=(e=>{if(null!=e){const t=$[e];return null!=t?`${e} ${t}`:e}return null})(d),w=(e=>null!=e&&null!=$[e]?$[e]:null)(d);return r.a.createElement(r.a.Fragment,null,r.a.createElement(l.EuiFlexGroup,{justifyContent:"center",gutterSize:"none",wrap:!0},r.a.createElement(L,{id:i,field:"zeek.session_id",isDraggable:t,value:o}),r.a.createElement(L,{id:i,field:"event.dataset",isDraggable:t,value:s,stringRenderer:N}),r.a.createElement(L,{id:i,field:"zeek.files.sha1",isDraggable:t,value:x,stringRenderer:P}),r.a.createElement(L,{id:i,field:"zeek.files.md5",isDraggable:t,value:k,stringRenderer:q}),r.a.createElement(L,{id:i,field:"zeek.notice.dropped",isDraggable:t,value:y,stringRenderer:R}),r.a.createElement(L,{id:i,field:"zeek.ssl.version",isDraggable:t,value:c}),r.a.createElement(L,{id:i,field:"zeek.ssl.cipher",isDraggable:t,value:u}),r.a.createElement(L,{id:i,field:"zeek.connection.state",isDraggable:t,value:d}),r.a.createElement(L,{id:i,field:"http.request.method",isDraggable:t,value:h}),r.a.createElement(L,{id:i,field:"zeek.connection.history",isDraggable:t,value:p}),r.a.createElement(L,{id:i,field:"zeek.notice.note",isDraggable:t,value:m}),r.a.createElement(L,{id:i,field:"zeek.dns.query",isDraggable:t,value:f}),r.a.createElement(L,{id:i,field:"zeek.dns.qclass_name",isDraggable:t,value:b}),r.a.createElement(L,{id:i,field:"http.response.status_code",isDraggable:t,value:E})),r.a.createElement(l.EuiFlexGroup,{justifyContent:"center",gutterSize:"none"},r.a.createElement(B,{link:S,value:w}),r.a.createElement(B,{value:u}),r.a.createElement(B,{value:f}),r.a.createElement(B,{value:g}),r.a.createElement(B,{value:v}),r.a.createElement(z,{value:x})))}));V.displayName="ZeekSignature";const G=u.a.div.withConfig({displayName:"Details",componentId:"sc-1ixpiaf-0"})(["margin:5px 0;"]);G.displayName="Details";const U=r.a.memo((({data:e,isDraggable:t,timelineId:a})=>null!=e.zeek?r.a.createElement(G,null,r.a.createElement(V,{data:e,isDraggable:t,timelineId:a}),r.a.createElement(l.EuiSpacer,{size:"s"}),r.a.createElement(d.a,{data:e,isDraggable:t,timelineId:a})):null));U.displayName="ZeekDetails";const H={id:o.d.zeek,isInstance:e=>{const t=Object(n.get)("event.module[0]",e);return null!=t&&"zeek"===t.toLowerCase()},renderRow:({data:e,isDraggable:t,scopeId:a})=>r.a.createElement(s.a,null,r.a.createElement(U,{data:e,isDraggable:t,timelineId:a}))}},function(e,t,a){"use strict";a.d(t,"a",(function(){return g}));var n=a(2),i=a.n(n),r=a(40),o=a(8),s=a(5);const l=s.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.addToRulesTableSelection.addToSelectedRulesDescription",{defaultMessage:"After you create the exception, it is added to the rules you link. "});var c=a(565),u=a(313);const d=Object(n.memo)((({rule:e,linkedRules:t,onRuleLinkChange:a})=>{const o=Object(n.useMemo)((()=>Boolean(t.find((t=>t.id===e.id)))),[t,e.id]),s=Object(n.useCallback)((({target:{checked:n}})=>{const i=n?[...t,e]:null==t?void 0:t.filter((t=>t.id!==e.id));"function"==typeof a&&a(i)}),[t,a,e]);return i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiSwitch,{onChange:s,label:"",checked:o}))}));d.displayName="LinkRuleSwitch";var p=a(853);const m=({initiallySelectedRules:e,onRuleSelectionChange:t})=>{const{isLoading:a,searchOptions:m,pagination:g,sortedRulesByLinkedRulesOnTop:y,rulesTableColumnsWithLinkSwitch:f,onTableChange:b,addToSelectedRulesDescription:h}=(({initiallySelectedRules:e,onRuleSelectionChange:t})=>{const{data:{rules:a}={rules:[],total:0},isFetched:r}=Object(p.a)({filterOptions:{filter:"",showCustomRules:!1,showElasticRules:!1,tags:[]},sortingOptions:void 0,pagination:{page:1,perPage:1e4}}),[m,g]=Object(n.useState)({pageIndex:0,initialPageSize:25,showPerPageOptions:!1}),[y,f]=Object(n.useState)(e||[]);Object(n.useEffect)((()=>{t(y)}),[y,t]);const b=Object(n.useMemo)((()=>Object(o.sortBy)(a,[t=>null==e?void 0:e.find((e=>e.id===t.id))])),[e,a]),h=Object(n.useMemo)((()=>{const e=b.reduce(((e,t)=>{const{tags:a}=t;return a.forEach((t=>e.add(t))),e}),new Set);return Array.from(e).map((e=>({value:e,name:e,field:"tags"})))}),[b]),E=Object(n.useMemo)((()=>({box:{incremental:!0,schema:!0},filters:[{type:"field_value_selection",operator:"exact",name:s.i18n.translate("xpack.securitySolution.exceptions.addToRulesTable.tagsFilterLabel",{defaultMessage:"Tags"}),multiSelect:"or",options:h}]})),[h]),v=Object(n.useMemo)((()=>[{field:"link",name:c.b,align:"left","data-test-subj":"ruleActionLinkRuleSwitch",render:(e,t)=>i.a.createElement(d,{rule:t,linkedRules:y,onRuleLinkChange:f})},...Object(u.c)()]),[y]),x=Object(n.useCallback)((({page:{index:e}})=>g({...m,pageIndex:e})),[m]);return{isLoading:!r,pagination:m,searchOptions:E,sortedRulesByLinkedRulesOnTop:b,rulesTableColumnsWithLinkSwitch:v,addToSelectedRulesDescription:l,onTableChange:x}})({initiallySelectedRules:e,onRuleSelectionChange:t});return i.a.createElement(r.EuiPanel,{color:"subdued",borderRadius:"none",hasShadow:!1},i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiText,{size:"s"},h),i.a.createElement(r.EuiSpacer,{size:"s"}),i.a.createElement(r.EuiInMemoryTable,{tableLayout:"auto",search:m,"data-test-subj":"addExceptionToRulesTable",tableCaption:"Rules table",items:y,loading:a,columns:f,message:a?i.a.createElement(r.EuiSkeletonText,{lines:4,"data-test-subj":"exceptionItemViewerEmptyPromptsLoading"}):void 0,pagination:g,onTableChange:b})))},g=i.a.memo(m);g.displayName="ExceptionsAddToRulesTable"},function(e,t,a){"use strict";a.d(t,"b",(function(){return G})),a.d(t,"a",(function(){return U}));var n=a(2),i=a.n(n),r=a(40),o=a(8),s=a(103),l=a(120),c=a(42),u=a(119),d=a(282),p=a(422),m=a(115),g=a(805),y=a(102),f=a(511),b=a(175),h=a(281),E=a(126),v=a(170),x=a(418),k=a(135),S=a(122),w=a(233),j=a(232),O=a(299),I=a(876),T=a(558),C=a(826),M=a(823),F=a(831),D=a(389),A=a(824),_=a(887),N=a(319),R=a(5),q=a(123),P=a(124),L=a(169),B=a(4);const z=R.i18n.translate("xpack.securitySolution.detectionEngine.alerts.actions.openAlertDetails",{defaultMessage:"Open alert details page"});var $=a(825);const V=({ariaLabel:e=k.E,ariaRowindex:t,columnValues:a,disabled:s,ecsRowData:l,onRuleChange:d,scopeId:h,globalQuery:x,timelineQuery:S,refetch:w})=>{var j,O,R,V,G,H,W,Q,Y,K,Z,J,X,ee,te,ae,ne,ie,re;const[oe,se]=Object(n.useState)(!1),[le,ce]=Object(n.useState)(!1),[ue]=Object(b.a)(),de=Object(n.useCallback)((()=>{se(!1)}),[]),pe=null!=l&&null!==(me=l.kibana)&&void 0!==me&&me.alert?null==l?void 0:l._id:null;var me;const ge=Object(c.get)(0,null==l||null===(j=l.kibana)||void 0===j||null===(O=j.alert)||void 0===O||null===(R=O.rule)||void 0===R?void 0:R.uuid),ye=Object(c.get)(0,null==l||null===(V=l.kibana)||void 0===V||null===(G=V.alert)||void 0===G||null===(H=G.rule)||void 0===H?void 0:H.rule_id),fe=Object(c.get)(0,null==l||null===(W=l.kibana)||void 0===W||null===(Q=W.alert)||void 0===Q||null===(Y=Q.rule)||void 0===Y?void 0:Y.name),be=[u.e.alertsOnAlertsPage,u.e.alertsOnRuleDetailsPage].includes(h),{addToCaseActionItems:he}=Object(_.a)({ecsData:l,onMenuItemClick:de,isActiveTimelines:Object(m.isActiveTimeline)(null!=h?h:""),ariaLabel:Object(D.a)({ariaRowindex:t,columnValues:a}),isInDetections:be,refetch:w}),{loading:Ee,canWriteEventFilters:ve}=Object(E.a)().endpointPrivileges,xe=Object(n.useMemo)((()=>!Ee&&ve),[ve,Ee]),ke=Object(c.get)(0,null==l||null===(K=l.kibana)||void 0===K||null===(Z=K.alert)||void 0===Z?void 0:Z.workflow_status),Se=Object(n.useMemo)((()=>{var e;return-1!==Object(o.indexOf)(null===(e=l.event)||void 0===e?void 0:e.kind,"event")}),[l]),we=Object(n.useMemo)((()=>{var e,t;return null===(e=l.agent)||void 0===e||null===(t=e.type)||void 0===t?void 0:t.includes("endpoint")}),[l]),je=Object(n.useMemo)((()=>Se&&we),[Se,we]),Oe=Object(n.useMemo)((()=>h===u.e.hostsPageEvents||h===u.e.usersPageEvents),[h]),Ie=Object(n.useCallback)((()=>{se(!oe)}),[oe]),Te=Object(n.useCallback)((()=>{se(!1)}),[]),Ce=Object(n.useMemo)((()=>i.a.createElement(r.EuiToolTip,{position:"top",content:k.E},i.a.createElement(r.EuiButtonIcon,{"aria-label":e,"data-test-subj":"timeline-context-menu-button",size:"s",iconType:"boxesHorizontal","data-popover-open":oe,onClick:Ie,isDisabled:s}))),[s,Ie,e,oe]),Me=e=>{e.forEach((e=>e.refetch&&e.refetch()))},Fe=Object(n.useCallback)((()=>{Object(m.isActiveTimeline)(null!=h?h:"")?(Me([S]),"alerts"===ue.pageName&&Me(x)):(Me(x),w&&w())}),[h,x,S,ue,w]),De=null!==(J=null===(X=l["kibana.alert.rule.parameters"])||void 0===X?void 0:X.index)&&void 0!==J?J:null==l||null===(ee=l.signal)||void 0===ee||null===(te=ee.rule)||void 0===te?void 0:te.index,Ae=null!==(ae=null===(ne=l["kibana.alert.rule.parameters"])||void 0===ne?void 0:ne.data_view_id)&&void 0!==ae?ae:null==l||null===(ie=l.signal)||void 0===ie||null===(re=ie.rule)||void 0===re?void 0:re.data_view_id,{exceptionFlyoutType:_e,openAddExceptionFlyout:Ne,onAddExceptionCancel:Re,onAddExceptionConfirm:qe,onAddExceptionTypeClick:Pe}=Object(C.a)({refetch:Fe,onRuleChange:d,isActiveTimelines:Object(m.isActiveTimeline)(null!=h?h:"")}),{closeAddEventFilterModal:Le,isAddEventFilterModalOpen:Be,onAddEventFilterClick:ze}=Object(F.a)(),{actionItems:$e}=Object(T.a)({alertStatus:ke,eventId:null==l?void 0:l._id,scopeId:h,refetch:Fe,closePopover:Te}),Ve=Object(n.useCallback)((e=>{Pe(e),Te()}),[Te,Pe]),Ge=Object(n.useCallback)((()=>{ze(),Te()}),[Te,ze]),{exceptionActionItems:Ue}=Object(M.a)({isEndpointAlert:Object(N.a)({ecsData:l}),onAddExceptionTypeClick:Ve}),{eventFilterActionItems:He}=Object(A.a)({onAddEventFilterClick:Ge,disabled:!je||!Oe,tooltipMessage:Oe?void 0:k.f}),We=Object(n.useMemo)((()=>{var e;return Object(c.get)(0,null==l||null===(e=l.agent)||void 0===e?void 0:e.id)}),[l]),Qe=Object(n.useCallback)((()=>{ce((e=>!e)),se(!1)}),[]),{osqueryActionItems:Ye}=(({handleClick:e})=>{const t=Object(n.useMemo)((()=>Object(g.a)({handleClick:e})),[e]),a=Object(y.j)().services.application.capabilities.osquery;return{osqueryActionItems:null!=a&&a.writeLiveQueries||null!=a&&a.runSavedQueries?[t]:[]}})({handleClick:Qe}),{alertDetailsActionItems:Ke}=(({ruleId:e,closePopover:t,alertId:a})=>{const n=Object(P.a)("alertDetailsPageEnabled"),i=[],{onClick:r}=Object(q.o)()({deepLinkId:B.wc.alerts,path:a?Object(L.a)(a):""});return e&&a&&n&&i.push({key:"open-alert-details-item","data-test-subj":"open-alert-details-page-menu-item",onClick:r,name:z}),{alertDetailsActionItems:i}})({alertId:pe,closePopover:Te,ruleId:ge}),{alertTagsItems:Ze,alertTagsPanels:Je}=Object($.a)({closePopover:Te,ecsRowData:l,refetch:Fe}),Xe=Object(n.useMemo)((()=>!Se&&ge?[...he,...$e,...Ze,...Ue,...We?Ye:[],...Ke]:[...he,...xe?He:[],...We?Ye:[]]),[Se,ge,he,$e,Ue,We,Ye,Ke,He,xe,Ze]),et=Object(n.useMemo)((()=>[{id:0,items:Xe},...Je]),[Je,Xe]),tt=Object(n.useMemo)((()=>i.a.createElement(f.a,{agentId:We,defaultValues:pe?{alertIds:[pe]}:void 0,onClose:Qe,ecsData:l})),[We,pe,l,Qe]);return i.a.createElement(i.a.Fragment,null,Xe.length>0&&i.a.createElement("div",{key:"actions-context-menu"},i.a.createElement(v.l,{textAlign:"center",width:p.b},i.a.createElement(r.EuiPopover,{id:"singlePanel",button:Ce,isOpen:oe,closePopover:Te,panelPaddingSize:"none",anchorPosition:"downLeft",repositionOnScroll:!0},i.a.createElement(r.EuiContextMenu,{size:"s",initialPanelId:0,panels:et,"data-test-subj":"actions-context-menu"})))),Ne&&ge&&ye&&null!=fe&&null!=(null==l?void 0:l._id)&&i.a.createElement(U,{ruleId:ge,ruleRuleId:ye,ruleIndices:De,ruleDataViewId:Ae,ruleName:fe,exceptionListType:_e,eventId:null==l?void 0:l._id,onCancel:Re,onConfirm:qe,alertStatus:ke}),Be&&null!=l&&i.a.createElement(I.a,{data:l,onCancel:Le}),le&&We&&null!=l&&tt)},G=Object(s.connect)((()=>{const e=S.d.globalQuery(),t=S.d.timelineQueryByIdSelector();return(a,{scopeId:n})=>({globalQuery:e(a),timelineQuery:t(a,n)})}))(i.a.memo(V)),U=({ruleId:e,ruleRuleId:t,ruleIndices:a,ruleDataViewId:r,ruleName:o,exceptionListType:s,eventId:c,onCancel:u,onConfirm:p,alertStatus:m})=>{const{loading:g,signalIndexName:y}=Object(O.a)(),{rule:f,loading:b}=Object(d.a)(e),{loading:E,data:v}=Object(w.a)({query:Object(h.a)(c),indexName:y,queryName:j.a.ADD_EXCEPTION_FLYOUT}),k=Object(n.useMemo)((()=>{if(!1===E){const e=null==v?void 0:v.hits.hits[0];if(!e)return;const{_id:t,_index:a,_source:n}=e;return{...n,_id:t,_index:a}}}),[null==v?void 0:v.hits.hits,E]),S=Object(n.useMemo)((()=>{var e,t,n;return null!=k&&null!=(null===(e=k["kibana.alert.rule.parameters"])||void 0===e?void 0:e.index)?Array.isArray(k["kibana.alert.rule.parameters"].index)?k["kibana.alert.rule.parameters"].index:[k["kibana.alert.rule.parameters"].index]:null!=k&&null!=(null==k||null===(t=k.signal)||void 0===t||null===(n=t.rule)||void 0===n?void 0:n.index)?Array.isArray(k.signal.rule.index)?k.signal.rule.index:[k.signal.rule.index]:a}),[k,a]),I=Object(n.useMemo)((()=>{var e;return null!=k&&null!=(null===(e=k["kibana.alert.rule.parameters"])||void 0===e?void 0:e.data_view_id)?k["kibana.alert.rule.parameters"].data_view_id:r}),[k,r]),T=Object(n.useMemo)((()=>f?[f]:null),[f]),C=E&&g||null==k||null==S&&null==I;return i.a.createElement(x.a,{rules:T,isEndpointItem:s===l.b.ENDPOINT,alertData:k,isAlertDataLoading:C||b,alertStatus:m,isBulkAction:!1,showAlertCloseOptions:!0,onCancel:u,onConfirm:p})}},function(e,t,a){"use strict";a.d(t,"a",(function(){return x}));var n=a(104),i=a.n(n),r=a(2),o=a.n(r),s=a(44),l=a(40),c=a(3),u=a(827),d=a(888),p=a(47),m=a(575);const g=e=>{var t,a,n,i,r,o,s;return null!=e&&null!==(t=e.agent)&&void 0!==t&&null!==(a=t.type)&&void 0!==a&&a.includes("endpoint")?((null==e||null===(n=e.host)||void 0===n||null===(i=n.os)||void 0===i?void 0:i.name)||["windows"]).map((e=>e.toLowerCase())):null!==(r=null==e||null===(o=e.host)||void 0===o||null===(s=o.os)||void 0===s?void 0:s.family)&&void 0!==r?r:["windows"]},y=e=>{var t,a;return{comments:[],description:"",entries:e&&e.event&&e.process?[{field:"event.category",operator:"included",type:"match",value:(null!==(t=e.event.category)&&void 0!==t?t:[])[0]},{field:"process.executable",operator:"included",type:"match",value:(null!==(a=e.process.executable)&&void 0!==a?a:[])[0]}]:[{field:"",operator:"included",type:"match",value:""}],item_id:void 0,list_id:m.a,meta:{temporaryUuid:Object(p.v4)()},name:"",namespace_type:"agnostic",tags:["policy:all"],type:"simple",os_types:g(e)}};var f=a(102),b=a(503),h=a(347),E=a(574),v=a(5);const x=Object(r.memo)((({onCancel:e,data:t,...a})=>{var n,p;const m=Object(f.n)(),g=Object(f.i)(),{isLoading:x,mutateAsync:k}=Object(u.a)(E.a.getInstance(g),"create"),[S,w]=Object(r.useState)(),[j,O]=Object(r.useState)(!1),{data:{search:I}}=Object(f.j)().services,T=Object(b.b)({perPage:1e3,onError:e=>{m.addWarning(Object(h.b)(e))}}),[C,M]=Object(r.useState)(y(t)),F=Object(r.useMemo)((()=>T.isLoading||T.isRefetching),[T]);Object(r.useEffect)((()=>(t&&(async()=>{var e;if(!t||!t._index)return;const a=await Object(c.lastValueFrom)(I.search({params:{index:t._index,body:{query:{match:{_id:t._id}}}}}));w({...t,host:{...t.host,os:{...(null==t||null===(e=t.host)||void 0===e?void 0:e.os)||{},name:[a.rawResponse.hits.hits[0]._source.host.os.name]}}})})(),()=>{M(y())})),[]);const D=Object(r.useCallback)((()=>{F||x||e()}),[x,F,e]),A=Object(r.useCallback)((()=>k(C,{onSuccess:t=>{var a;m.addSuccess((a=t,v.i18n.translate("xpack.securitySolution.eventFilter.flyoutForm.creationSuccessToastTitle",{defaultMessage:'"{name}" has been added to the event filters list.',values:{name:null==a?void 0:a.name}}))),e()},onError:e=>{m.addError(e,{title:'There was an error creating the new event filter: "{error}"',message:{error:e.message}})}})),[C,e,k,m]),_=Object(r.useMemo)((()=>o.a.createElement(l.EuiButton,{"data-test-subj":"add-exception-confirm-button",fill:!0,disabled:!j||x||!!t&&!S||F,onClick:A,isLoading:F},t?o.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.eventFiltersFlyout.actions.confirm.update.withData",defaultMessage:"Add endpoint event filter"}):o.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.eventFiltersFlyout.actions.confirm.create",defaultMessage:"Add event filter"}))),[t,S,A,j,x,F]),N=Object(r.useCallback)((e=>{e&&(O(e.isValid),M(e.item))}),[]);return o.a.createElement(l.EuiFlyout,i()({size:"l",onClose:D,"data-test-subj":"eventFiltersCreateFlyout"},a),o.a.createElement(l.EuiFlyoutHeader,{hasBorder:!0},o.a.createElement(l.EuiTitle,{size:"m"},o.a.createElement("h2",null,t?o.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.eventFiltersFlyout.title.create.withData",defaultMessage:"Add endpoint event filter"}):o.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.eventFiltersFlyout.subtitle.create",defaultMessage:"Add event filter"}))),t?o.a.createElement(l.EuiTextColor,{color:"subdued"},o.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.eventFiltersFlyout.subtitle.create.withData",defaultMessage:"Endpoint security"})):null),o.a.createElement(l.EuiFlyoutBody,null,o.a.createElement(d.a,{allowSelectOs:!t,error:void 0,disabled:!1,item:C,mode:"create",onChange:N,policies:null!==(n=null==T||null===(p=T.data)||void 0===p?void 0:p.items)&&void 0!==n?n:[],policiesIsLoading:F})),o.a.createElement(l.EuiFlyoutFooter,null,o.a.createElement(l.EuiFlexGroup,{justifyContent:"spaceBetween"},o.a.createElement(l.EuiFlexItem,{grow:!1},o.a.createElement(l.EuiButtonEmpty,{isDisabled:x,"data-test-subj":"cancelExceptionAddButton",onClick:D},o.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.eventFiltersFlyout.actions.cancel",defaultMessage:"Cancel"}))),o.a.createElement(l.EuiFlexItem,{grow:!1},_))))}));x.displayName="EventFiltersFlyout"},function(e,t,a){"use strict";a.d(t,"a",(function(){return x})),a.d(t,"b",(function(){return k})),a.d(t,"c",(function(){return S}));var n=a(40),i=a(2),r=a.n(i),o=a(42),s=a(109),l=a(148),c=a(170),u=a(104),d=a.n(u);const p=({rowIndex:e,colIndex:t,data:a,header:n,eventId:o,linkValues:s,renderCellValue:l,tabType:c,timelineId:u})=>{const[p,m]=Object(i.useState)({});return r.a.createElement("div",d()({"data-test-subj":"statefulCell"},p),l({columnId:n.id,eventId:o,data:a,header:n,isDraggable:!0,isExpandable:!0,isExpanded:!1,isDetails:!1,isTimeline:!0,linkValues:s,rowIndex:e,colIndex:t,setCellProps:m,scopeId:u,key:null!=c?`${u}-${c}`:u}))};p.displayName="StatefulCellComponent";const m=r.a.memo(p);var g=a(5);const y=({column:e,row:t})=>g.i18n.translate("xpack.securitySolution.timeline.youAreInATableCellScreenReaderOnly",{values:{column:e,row:t},defaultMessage:"You are in a table cell. row: {row}, column: {column}"}),f=e=>g.i18n.translate("xpack.securitySolution.timeline.eventHasEventRendererScreenReaderOnly",{values:{row:e},defaultMessage:"The event in row {row} has an event renderer. Press shift + down arrow to focus it."}),b=({notesCount:e,row:t})=>g.i18n.translate("xpack.securitySolution.timeline.eventHasNotesScreenReaderOnly",{values:{notesCount:e,row:t},defaultMessage:"The event in row {row} has {notesCount, plural, =1 {a note} other {{notesCount} notes}}. Press shift + right arrow to focus notes."}),h=e=>{var t;const{altKey:a,ctrlKey:n,key:i,metaKey:r,shiftKey:o,target:l,type:u}=e,d=l;if((e=>{switch(e){case" ":case"Enter":return!0;default:return!1}})(i)&&null!==(t=d.className)&&void 0!==t&&t.includes(c.b)){const t=d.querySelector(`.${s.a}`),l=new KeyboardEvent(u,{altKey:a,bubbles:!0,cancelable:!0,ctrlKey:n,key:i,metaKey:r,shiftKey:o});" "===i&&e.preventDefault(),null==t||t.dispatchEvent(l)}},E=({action:e,width:t,actionsColumnWidth:a,ariaRowindex:i,columnId:o,columnValues:s,data:u,ecsData:d,eventIdToNoteIds:p,index:m,isEventPinned:g,isEventViewer:E,eventId:v,loadingEventIds:x,notesCount:k,onEventDetailsPanelOpened:S,onRowSelected:w,refetch:j,rowIndex:O,hasRowRenderers:I,onRuleChange:T,selectedEventIds:C,showCheckboxes:M,showNotes:F,tabType:D,timelineId:A,toggleShowNotes:_,setEventsLoading:N,setEventsDeleted:R})=>{const q=t||a;return r.a.createElement(c.m,{width:q,"data-test-subj":"event-actions-container",tabIndex:0},r.a.createElement(c.k,{$ariaColumnIndex:m+l.c,key:null!=D?`${v}_${D}`:`${v}`,onKeyDown:h,role:"button",tabIndex:0,width:t},r.a.createElement(c.l,{"data-test-subj":"cell-container"},r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiScreenReaderOnly,{"data-test-subj":"screenReaderOnly"},r.a.createElement("p",null,y({row:i,column:m+2}))),e&&r.a.createElement(e,{ariaRowindex:i,width:t,checked:Object.keys(C).includes(v),columnId:o,columnValues:s,eventId:v,data:u,ecsData:d,eventIdToNoteIds:p,index:m,isEventPinned:g,isEventViewer:E,loadingEventIds:x,onEventDetailsPanelOpened:S,onRowSelected:w,refetch:j,rowIndex:O,onRuleChange:T,showCheckboxes:M,showNotes:F,timelineId:A,toggleShowNotes:_,setEventsLoading:N,setEventsDeleted:R}))),I?r.a.createElement(n.EuiScreenReaderOnly,{"data-test-subj":"hasRowRendererScreenReaderOnly"},r.a.createElement("p",null,f(i))):null,k?r.a.createElement(n.EuiScreenReaderOnly,{"data-test-subj":"hasNotesScreenReaderOnly"},r.a.createElement("p",null,b({row:i,notesCount:k}))):null))},v=({_id:e,ariaRowindex:t,index:a,header:i,data:s,ecsData:u,hasRowRenderers:d,notesCount:p,renderCellValue:g,tabType:E,timelineId:v})=>{var x;const k=a+l.c;return r.a.createElement(c.k,{$ariaColumnIndex:k,key:null!=E?`${i.id}_${E}`:`${i.id}`,onKeyDown:h,role:"button",tabIndex:0,width:i.initialWidth},r.a.createElement(c.l,{"data-test-subj":"cell-container"},r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiScreenReaderOnly,{"data-test-subj":"screenReaderOnly"},r.a.createElement("p",null,y({row:t,column:k}))),r.a.createElement(m,{rowIndex:t-1,colIndex:k-1,data:s,header:i,eventId:e,linkValues:Object(o.getOr)([],null!==(x=i.linkField)&&void 0!==x?x:"",u),renderCellValue:g,tabType:E,timelineId:v}))),d?r.a.createElement(n.EuiScreenReaderOnly,{"data-test-subj":"hasRowRendererScreenReaderOnly"},r.a.createElement("p",null,f(t))):null,p?r.a.createElement(n.EuiScreenReaderOnly,{"data-test-subj":"hasNotesScreenReaderOnly"},r.a.createElement("p",null,b({row:t,notesCount:p}))):null)},x=r.a.memo((({ariaRowindex:e,actionsColumnWidth:t,columnHeaders:a,columnValues:n,data:o,ecsData:s,eventIdToNoteIds:l,isEventPinned:u,isEventViewer:d,id:p,loadingEventIds:m,notesCount:g,onEventDetailsPanelOpened:y,onRowSelected:f,refetch:b,hasRowRenderers:h,onRuleChange:x,renderCellValue:k,selectedEventIds:S,showCheckboxes:w,showNotes:j,tabType:O,timelineId:I,toggleShowNotes:T,trailingControlColumns:C,leadingControlColumns:M,setEventsLoading:F,setEventsDeleted:D})=>{const A=Object(i.useMemo)((()=>C?C.map((e=>e.rowCellRender)):[]),[C]),_=Object(i.useMemo)((()=>M.length+a.length),[M,a]),N=Object(i.useMemo)((()=>A.map(((a,i)=>a&&r.a.createElement(E,{action:a,width:C[i].width,actionsColumnWidth:t,ariaRowindex:e,checked:Object.keys(S).includes(p),columnId:C[i].id||"",columnValues:n,onRowSelected:f,"data-test-subj":"actions",eventId:p,data:o,key:i,index:_+i,rowIndex:e,ecsData:s,loadingEventIds:m,onEventDetailsPanelOpened:y,showCheckboxes:w,eventIdToNoteIds:l,isEventPinned:u,isEventViewer:d,notesCount:g,refetch:b,hasRowRenderers:h,onRuleChange:x,selectedEventIds:S,showNotes:j,tabType:O,timelineId:I,toggleShowNotes:T,setEventsLoading:F,setEventsDeleted:D})))),[C,p,o,s,f,u,d,t,e,n,l,h,_,m,g,y,x,b,S,w,j,O,I,T,A,F,D]),R=Object(i.useMemo)((()=>a.map(((t,a)=>r.a.createElement(v,{_id:p,index:a,header:t,key:null!=O?`${t.id}_${O}`:`${t.id}`,ariaRowindex:e,data:o,ecsData:s,hasRowRenderers:h,notesCount:g,renderCellValue:k,tabType:O,timelineId:I})))),[p,e,a,o,s,h,g,k,O,I]);return r.a.createElement(c.n,{"data-test-subj":"data-driven-columns"},R,N)}));x.displayName="DataDrivenColumns";const k=({data:e,fieldName:t})=>{if(!e||0===e.length)return;const a=e.find((e=>e.field===t));return null!=a&&null!=a.value?a.value:void 0},S=({data:e,fieldName:t})=>Object(i.useMemo)((()=>k({data:e,fieldName:t})),[e,t])},function(e,t,a){"use strict";a.d(t,"a",(function(){return i})),a.d(t,"b",(function(){return r}));var n=a(278);const i={updateActiveGroups:({activeGroups:e,id:t})=>({payload:{activeGroups:e,id:t},type:n.a.updateActiveGroups}),updateGroupOptions:({newOptionList:e,id:t})=>({payload:{newOptionList:e,id:t},type:n.a.updateGroupOptions})};a(576);const r=(e,t)=>(e=>e.groups.groupById)(e)[t]},function(e,t,a){"use strict";a.d(t,"a",(function(){return P}));var n=a(40),i=a(48),r=a(42),o=a(2),s=a.n(o),l=a(41),c=a.n(l),u=a(134),d=a(113),p=a(4),m=a(102),g=a(117),y=a(224),f=a(393),b=a(149),h=a(274),E=a(123),v=a(231),x=a(162),k=a(473),S=a(168),w=a(926),j=a(889),O=a(330),I=a(5);const T=I.i18n.translate("xpack.securitySolution.host.details.endpoint.endpointPolicy",{defaultMessage:"Endpoint integration policy"}),C=I.i18n.translate("xpack.securitySolution.host.details.endpoint.policyStatus",{defaultMessage:"Policy Status"}),M=I.i18n.translate("xpack.securitySolution.host.details.endpoint.sensorversion",{defaultMessage:"Endpoint version"}),F=I.i18n.translate("xpack.securitySolution.host.details.endpoint.fleetAgentStatus",{defaultMessage:"Agent status"});var D=a(419);const A=s.a.memo((({contextID:e,data:t,sourcererScopeId:a})=>{const i=Object(o.useCallback)(((t,n,i)=>s.a.createElement(y.a,{rowItems:[Object(r.getOr)("",t,n)],attrName:i,idPrefix:e?`endpoint-overview-${e}`:"endpoint-overview",sourcererScopeId:a})),[e,a]),l=Object(o.useMemo)((()=>{var e,a,r;const o=null==t||null===(e=t.hostInfo)||void 0===e?void 0:e.metadata.Endpoint.policy.applied;return[[{title:T,description:null!==(a=null==o?void 0:o.name)&&void 0!==a?a:Object(g.d)()}],[{title:C,description:null!=o&&o.status?s.a.createElement(n.EuiHealth,{"aria-label":null==o?void 0:o.status,color:(null==o?void 0:o.status)===D.a.failure?"danger":null==o?void 0:o.status},null==o?void 0:o.status):Object(g.d)()}],[{title:M,description:null!=t&&null!==(r=t.hostInfo)&&void 0!==r&&r.metadata.agent.version?i("hostInfo.metadata.agent.version",t,"agent.version"):Object(g.d)()}],[{title:F,description:null!=t&&t.hostInfo?s.a.createElement(j.a,{endpointHostInfo:t.hostInfo,"data-test-subj":"endpointHostAgentStatus"}):Object(g.d)()}]]}),[t,i]);return s.a.createElement(s.a.Fragment,null,l.map(((e,t)=>s.a.createElement(O.a,{dataTestSubj:"endpoint-overview",descriptionList:e,key:t}))))}));A.displayName="EndpointOverview";var _=a(284),N=a(212),R=a(492);const q=c()(n.EuiFlexGroup).withConfig({displayName:"HostRiskOverviewWrapper",componentId:"sc-p9r0sg-0"})(["padding-top:",";width:",";"],(({theme:e})=>e.eui.euiSizeM),(({$width:e})=>e)),P=s.a.memo((({anomaliesData:e,contextID:t,sourcererScopeId:a,data:l,endDate:c,id:j,isDraggable:I=!1,isInDetailsSidePanel:T=!1,isLoadingAnomaliesData:C,indexNames:M,loading:F,narrowDateRange:D,startDate:P,hostName:L,jobNameById:B})=>{const z=Object(x.a)(),$=Object(v.a)(z),[V]=Object(m.p)(p.B),G=Object(o.useMemo)((()=>L?Object(d.D)([L]):void 0),[L]),{from:U,to:H}=Object(u.a)(),W=Object(o.useMemo)((()=>({from:U,to:H})),[U,H]),{data:Q,isAuthorized:Y}=Object(_.c)({filterQuery:G,riskEntity:d.w.host,skip:null==L,timerange:W}),K=Object(o.useCallback)(((e,n)=>s.a.createElement(y.a,{rowItems:Object(r.getOr)([],e,n),attrName:e,idPrefix:t?`host-overview-${t}`:"host-overview",isDraggable:I,sourcererScopeId:a})),[t,I,a]),[Z,J]=Object(o.useMemo)((()=>{const e=Q&&Q.length>0?Q[0]:void 0;return[{title:s.a.createElement(R.a,{title:w.g,riskScoreEntity:d.w.host}),description:s.a.createElement(s.a.Fragment,null,e?Math.round(e.host.risk.calculated_score_norm):Object(g.d)())},{title:s.a.createElement(R.a,{title:w.f,riskScoreEntity:d.w.host}),description:s.a.createElement(s.a.Fragment,null,e?s.a.createElement(N.b,{severity:e.host.risk.calculated_level,hideBackgroundColor:!0}):Object(g.d)())}]}),[Q]),X=Object(o.useMemo)((()=>[{title:w.e,description:l&&l.host?Object(y.e)({host:l.host,isDraggable:I,noLink:!0}):Object(g.d)()},{title:w.d,description:s.a.createElement(f.a,{indexPatterns:M,field:"host.name",value:L,type:f.b.FIRST_SEEN})},{title:w.k,description:s.a.createElement(f.a,{indexPatterns:M,field:"host.name",value:L,type:f.b.LAST_SEEN})}]),[l,M,L,I]),ee=Object(o.useMemo)((()=>$?[...X,{title:w.n,description:s.a.createElement(k.a,{anomalies:e,startDate:P,endDate:c,isLoading:C,narrowDateRange:D,jobNameById:B})}]:X),[e,X,c,C,D,P,$,B]),te=Object(o.useMemo)((()=>[ee,[{title:w.j,description:s.a.createElement(y.a,{rowItems:Object(r.getOr)([],"host.ip",l),attrName:"host.ip",idPrefix:t?`host-overview-${t}`:"host-overview",sourcererScopeId:a,isDraggable:I,render:e=>null!=e?s.a.createElement(E.h,{ip:e}):Object(g.d)()})},{title:w.m,description:K("host.mac",l)},{title:w.p,description:K("host.os.platform",l)}],[{title:w.o,description:K("host.os.name",l)},{title:w.c,description:K("host.os.family",l)},{title:w.r,description:K("host.os.version",l)},{title:w.a,description:K("host.architecture",l)}],[{title:w.b,description:K("cloud.provider",l)},{title:w.q,description:K("cloud.region",l)},{title:w.i,description:K("cloud.instance.id",l)},{title:w.l,description:K("cloud.machine.type",l)}]]),[t,a,l,ee,K,I]);return s.a.createElement(s.a.Fragment,null,s.a.createElement(b.c,null,s.a.createElement(S.g,{direction:T?"column":"row","data-test-subj":"host-overview"},!T&&s.a.createElement(b.b,{queryId:j,title:w.h,inspectIndex:0}),te.map(((e,t)=>s.a.createElement(O.a,{descriptionList:e,key:t}))),F&&s.a.createElement(h.a,{overlay:!0,overlayBackground:V?i.euiDarkVars.euiPageBackgroundColor:i.euiLightVars.euiPageBackgroundColor,size:"xl"}))),Y&&s.a.createElement(q,{gutterSize:T?"m":"none",direction:T?"column":"row","data-test-subj":"host-risk-overview",$width:T?"100%":"50%"},s.a.createElement(n.EuiFlexItem,null,s.a.createElement(S.d,{listItems:[Z]})),s.a.createElement(n.EuiFlexItem,null,s.a.createElement(S.d,{listItems:[J]}))),l&&null!=l.endpoint?s.a.createElement(s.a.Fragment,null,s.a.createElement(n.EuiHorizontalRule,null),s.a.createElement(S.g,{direction:T?"column":"row"},s.a.createElement(A,{contextID:t,data:l.endpoint,sourcererScopeId:a}),F&&s.a.createElement(h.a,{overlay:!0,overlayBackground:V?i.euiDarkVars.euiPageBackgroundColor:i.euiLightVars.euiPageBackgroundColor,size:"xl"}))):null)}));P.displayName="HostOverview"},function(e,t,a){"use strict";a.d(t,"a",(function(){return h}));var n=a(40),i=a(2),r=a.n(i),o=a(699),s=a(670),l=a(53),c=a.n(l),u=a(516),d=a.n(u),p=a(5);p.i18n.translate("xpack.securitySolution.clipboard.copy",{defaultMessage:"Copy"});const m=p.i18n.translate("xpack.securitySolution.clipboard.copied",{defaultMessage:"Copied"}),g=p.i18n.translate("xpack.securitySolution.clipboard.to.the.clipboard",{defaultMessage:"to the clipboard"}),y=p.i18n.translate("xpack.securitySolution.clipboard.copy.to.the.clipboard",{defaultMessage:"Copy to the clipboard"});var f=a(108);const b=({children:e,content:t,isHoverAction:a,onCopy:i,titleSummary:o,toastLifeTimeMs:s})=>{const{addSuccess:l}=Object(f.a)(),u=c()("copy-to-clipboard",{securitySolution__hoverActionButton:a});return r.a.createElement(n.EuiButtonIcon,{"aria-label":y,className:u,"data-test-subj":"clipboard",iconType:"copyClipboard",onClick:e=>{e.preventDefault(),e.stopPropagation();const a=d()(`${t}`,{debug:!0});null!=i&&i({content:t,isSuccess:a}),a&&l(`${m} ${o} ${g}`,{toastLifeTimeMs:s})}},e)},h=r.a.memo((({isHoverAction:e,keyboardShortcut:t="",text:a,titleSummary:i})=>r.a.createElement(n.EuiToolTip,{content:r.a.createElement(o.a,{additionalScreenReaderOnlyContext:a,content:s.a,shortcut:t,showShortcut:""!==t})},r.a.createElement(b,{content:a,isHoverAction:e,titleSummary:i,toastLifeTimeMs:800}))));h.displayName="WithCopyToClipboard"},function(e,t,a){"use strict";a.d(t,"a",(function(){return m}));var n=a(2),i=a(474),r=a(141),o=a(231),s=a(486),l=a(108),c=a(102),u=a(162),d=a(1041);const p=Object(r.d)((async({http:e,jobIds:t,signal:a})=>e.fetch("/internal/ml/jobs/jobs",{method:"POST",version:"1",body:JSON.stringify({jobIds:t}),asSystemRequest:!0,signal:a}))),m=(e,t)=>{const a=Object(n.useMemo)((()=>null!=e?e:[]),[e]),{loading:m,jobs:g}=Object(i.a)(),y=Object(n.useMemo)((()=>g.filter((({id:e})=>a.includes(e)))),[g,a]),f=Object(n.useMemo)((()=>y.filter((({isInstalled:e})=>e)).map((e=>e.id))),[y]),{loading:b,jobs:h}=(e=>{const[t,a]=Object(n.useState)([]),{addError:i}=Object(l.a)(),m=Object(u.a)(),g=Object(c.i)(),{error:y,loading:f,result:b,start:h}=Object(r.a)(p),E=Object(o.a)(m),v=Object(s.a)(m);return Object(n.useEffect)((()=>{E&&v&&e.length>0&&h({http:g,jobIds:e})}),[g,E,v,h,e]),Object(n.useEffect)((()=>{b&&a(b)}),[b]),Object(n.useEffect)((()=>{y&&i(y,{title:d.a})}),[i,y]),{isLicensed:v,isMlUser:E,jobs:t,loading:f}})(f),E=Object(n.useMemo)((()=>{const e=h.map((e=>`.ml-anomalies-${e.results_index_name}`));return[...new Set(e)]}),[h]);return{mlJobLoading:m||b,ruleIndices:Object(n.useMemo)((()=>E.length>0?E:null!=t?t:[]),[t,E])}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return x}));var n=a(2),i=a.n(n),r=a(41),o=a.n(r),s=a(40),l=a(299),c=a(183),u=a(120),d=a(210),p=a(5);const m=p.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.alertsActions.sectionTitle",{defaultMessage:"Alerts actions"}),g=p.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.alertsActions.singleAlertCloseLabel",{defaultMessage:"Close this alert"}),y=p.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.alertsActions.bulkCloseLabel.disabled",{defaultMessage:"Close all alerts that match this exception and were generated by this rule (Lists and non-ECS fields are not supported)"}),f=p.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.alertsActions.bulkCloseLabel",{defaultMessage:"Close all alerts that match this exception and were generated by selected rule/s"}),b=p.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.alertsActions.endpointQuarantineText",{defaultMessage:"On all Endpoint hosts, quarantined files that match the exception are automatically restored to their original locations. This exception applies to all rules using Endpoint exceptions."}),h=o.a.section.withConfig({displayName:"FlyoutCheckboxesSection",componentId:"sc-1ggwgok-0"})(["overflow-y:inherit;height:auto;.euiFlyoutBody__overflowContent{padding-top:0;}"]),E=o()(s.EuiTitle).withConfig({displayName:"SectionHeader",componentId:"sc-1ggwgok-1"})(["",""],(()=>Object(r.css)(["font-weight:",";"],(({theme:e})=>e.eui.euiFontWeightSemiBold)))),v=({isAlertDataLoading:e,exceptionListItems:t,exceptionListType:a,shouldCloseSingleAlert:r,shouldBulkCloseAlert:o,disableBulkClose:p,alertData:v,alertStatus:x,onDisableBulkClose:k,onUpdateBulkCloseIndex:S,onBulkCloseCheckboxChange:w,onSingleAlertCloseCheckboxChange:j})=>{const{loading:O,signalIndexName:I}=Object(l.a)(),T=Object(n.useMemo)((()=>null!==I?[I]:[]),[I]),[C,{indexPatterns:M}]=Object(c.b)(T),F=Object(n.useCallback)((e=>{w(e.currentTarget.checked)}),[w]),D=Object(n.useCallback)((e=>{null!=j&&j(e.currentTarget.checked)}),[j]);return Object(n.useEffect)((()=>{S(o&&null!=T?T:void 0)}),[T,S,o]),Object(n.useEffect)((()=>{!0===p&&w(!1)}),[p,w]),Object(n.useEffect)((()=>{!1===C&&!1===O&&k((e=>{for(const{entries:t}of e)for(const e of null!=t?t:[])if(Object(d.l)(e)===u.d.LIST)return!0;return!1})(t)||((e,t)=>{const a=e=>t.fields.some((({name:t})=>t===e.field));if(0===e.length)return!1;for(const{entries:t}of e)for(const e of null!=t?t:[])if("nested"===e.type){for(const t of e.entries)if(!1===a(t))return!0}else if(!1===a(e))return!0;return!1})(t,M)||t.every((e=>0===e.entries.length)))}),[k,t,C,O,M]),i.a.createElement(h,null,i.a.createElement(E,{size:"xs"},i.a.createElement("h3",null,m)),i.a.createElement(s.EuiSpacer,{size:"s"}),null!=v&&"closed"!==x&&i.a.createElement(s.EuiFormRow,{fullWidth:!0},i.a.createElement(s.EuiCheckbox,{"data-test-subj":"closeAlertOnAddExceptionCheckbox",id:"close-alert-on-add-add-exception-checkbox",label:g,checked:r,onChange:D,disabled:O||C||e})),i.a.createElement(s.EuiFormRow,{fullWidth:!0},i.a.createElement(s.EuiCheckbox,{"data-test-subj":"bulkCloseAlertOnAddExceptionCheckbox",id:"bulk-close-alert-on-add-add-exception-checkbox",label:p?y:f,checked:o,onChange:F,disabled:p||O||C||e})),"endpoint"===a&&i.a.createElement(i.a.Fragment,null,i.a.createElement(s.EuiSpacer,{size:"s"}),i.a.createElement(s.EuiText,{"data-test-subj":"addExceptionEndpointText",color:"subdued",size:"s"},b)))},x=i.a.memo(v);x.displayName="ExceptionItemsFlyoutAlertsActions"},function(e,t,a){"use strict";a.d(t,"a",(function(){return g}));var n=a(2),i=a(312),r=a(156),o=a(49),s=a(102);var l=a(281),c=a(19),u=a(5);const d=u.i18n.translate("xpack.securitySolution.ruleExceptions.logic.closeAlerts.error",{defaultMessage:"Failed to close alerts"});var p=a(108),m=a(410);const g=()=>{const{addSuccess:e,addError:t,addWarning:a}=Object(p.a)(),[g,y]=Object(n.useState)(!1),f=Object(n.useRef)(null);return Object(n.useEffect)((()=>{let n=!0;const p=new AbortController;return f.current=async(g,f,b,h)=>{try{var E,v,x,k,S,w,j,O;let t,d;if(y(!0),null!=b&&(t=await Object(m.a)({signalIds:[b],status:"closed",signal:p.signal})),null!=h){const e=Object(i.b)(["open","acknowledged","in-progress"]),t=await(async(e,t,a,n,i,l=!0)=>{const c={fields:[],title:n.join()},{filter:u}=await Object(r.q)({http:s.b.get().http,exceptions:i,excludeExceptions:l,chunkSize:10}),d={query:e,language:t},p=((e,t)=>null!=t?[...e,t]:[...e])(a,u);return Object(o.buildEsQuery)(c,d,p,{allowLeadingWildcards:!0,queryStringOptions:{analyze_wildcard:!0},ignoreFilterIfFieldNotInIndex:!1,dateFormatTZ:"Zulu"})})("","kuery",[...g.flatMap((e=>Object(i.c)(e))),...e],h,Object(l.m)(f),!1);d=await Object(m.a)({query:t,status:"closed",signal:p.signal})}const T=(null!==(E=null===(v=t)||void 0===v?void 0:v.updated)&&void 0!==E?E:0)+(null!==(x=null===(k=d)||void 0===k?void 0:k.updated)&&void 0!==x?x:0),C=null!==(S=null===(w=t)||void 0===w?void 0:w.version_conflicts)&&void 0!==S?S:0+(null!==(j=null===(O=d)||void 0===O?void 0:O.version_conflicts)&&void 0!==j?j:0);n&&(y(!1),e((I=T,u.i18n.translate("xpack.securitySolution.ruleExceptions.logic.closeAlerts.success",{values:{numAlerts:I},defaultMessage:"Successfully updated {numAlerts} {numAlerts, plural, =1 {alert} other {alerts}}"}))),C>0&&a({title:c.f(C),text:c.g(T,C)}))}catch(e){n&&(y(!1),t(e,{title:d}))}var I},()=>{n=!1,p.abort()}}),[e,t,a]),[g,f.current]}},,,function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(2),i=a(5);i.i18n.translate("xpack.securitySolution.firstLastSeenHost.errorSearchDescription",{defaultMessage:"An error has occurred on first last seen host search"});const r=i.i18n.translate("xpack.securitySolution.firstLastSeenHost.failSearchDescription",{defaultMessage:"Failed to run search on first last seen host"});var o=a(194),s=a(113);const l=({field:e,value:t,order:a,defaultIndex:i,filterQuery:l})=>{const{loading:c,result:u,search:d,error:p}=Object(o.a)({factoryQueryType:s.d,initialResult:{firstSeen:null,lastSeen:null},errorMessage:r});return Object(n.useEffect)((()=>{d({defaultIndex:i,factoryQueryType:s.d,field:e,value:t,order:a,filterQuery:l})}),[i,e,t,a,d,l]),[c,Object(n.useMemo)((()=>({firstSeen:u.firstSeen,lastSeen:u.lastSeen,errorMessage:p?p.toString():null})),[u,p])]}},function(e,t,a){"use strict";a.d(t,"a",(function(){return m}));var n=a(2),i=a.n(n),r=a(63),o=a(199),s=a(291);const l=()=>document.querySelector('[tour-step="create-case-submit"]'),c=()=>{const[e,t]=Object(n.useState)(o.a.createCase),a=Object(n.useCallback)((()=>{var e;null===(e=l())||void 0===e||e.scrollIntoView()}),[]),r=Object(n.useCallback)((()=>{t(o.a.submitCase),a(),setTimeout((()=>{var e;null===(e=l())||void 0===e||e.focus()}),500)}),[a]);return i.a.createElement(i.a.Fragment,null,e===o.a.createCase&&i.a.createElement(s.a,{onClick:r,step:o.a.createCase,tourId:o.b.alertsCases}),e===o.a.submitCase&&i.a.createElement(s.a,{step:o.a.submitCase,tourId:o.b.alertsCases}))};var u=a(363),d=a(102),p=a(135);const m=({onMenuItemClick:e,ariaLabel:t,ecsData:a,nonEcsData:s,onSuccess:l,isActiveTimelines:m,isInDetections:g,refetch:y})=>{const{cases:f}=Object(d.j)().services,b=Object(d.h)(),h=Object(n.useMemo)((()=>{var e,t;return null==a||null===(e=a.event)||void 0===e||null===(t=e.kind)||void 0===t?void 0:t.includes("signal")}),[a]),E=Object(n.useMemo)((()=>{var e,t;return null!=a&&a._id?[{alertId:null!==(e=null==a?void 0:a._id)&&void 0!==e?e:"",index:null!==(t=null==a?void 0:a._index)&&void 0!==t?t:"",type:r.AttachmentType.alert,rule:f.helpers.getRuleIdFromEvent({ecs:a,data:null!=s?s:[]})}]:[]}),[f.helpers,a,s]),{activeStep:v,incrementStep:x,setStep:k,isTourShown:S}=Object(u.b)(),w=()=>{l&&l(),y&&y()},j=Object(n.useCallback)((async()=>{S(o.b.alertsCases)&&k(o.b.alertsCases,o.a.viewCase)}),[k,S]),O=Object(n.useMemo)((()=>!S(o.b.alertsCases)||v!==o.a.addAlertToCase&&v!==o.a.createCase&&v!==o.a.submitCase?{}:{initialValue:o.d}),[v,S]),I=f.hooks.useCasesAddToNewCaseFlyout({onClose:e,onSuccess:w,afterCaseCreated:j,...O}),T=f.hooks.useCasesAddToExistingCaseModal({onClose:e,onSuccess:w}),C=Object(n.useCallback)((()=>{e(),I.open({attachments:E,...S(o.b.alertsCases)?{headerContent:i.a.createElement(c,null)}:{}}),S(o.b.alertsCases)&&v===o.a.addAlertToCase&&x(o.b.alertsCases)}),[e,I,E,S,v,x]),M=Object(n.useCallback)((()=>{e(),T.open({getAttachments:()=>E})}),[E,e,T]);return{addToCaseActionItems:Object(n.useMemo)((()=>(m||g)&&b.create&&b.read&&h?[{"aria-label":t,"data-test-subj":"add-to-existing-case-action",key:"add-to-existing-case-action",onClick:M,size:"s",name:p.j},{"aria-label":t,"data-test-subj":"add-to-new-case-action",key:"add-to-new-case-action",onClick:C,size:"s",name:p.k}]:[]),[t,M,C,b.create,b.read,g,m,h]),handleAddToNewCaseClick:C}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return I}));var n=a(2),i=a.n(n),r=a(8),o=a(40),s=a(44),l=a(210),c=a(174),u=a(80),d=a(215),p=a(107),m=a(183),g=a(274),y=a(17),f=a(102),b=a(487),h=a(1097),E=a(347),v=a(575),x=a(953),k=a(830),S=a(611),w=a(574);const j=[c.c.MAC,c.c.WINDOWS,c.c.LINUX].map((e=>({value:e,inputDisplay:E.a[e]}))),O=e=>e.entries.map((e=>(delete e.id,e))),I=Object(n.memo)((({allowSelectOs:e=!0,item:t,policies:a,policiesIsLoading:E,onChange:I,mode:T})=>{const C=Object(p.a)("eventFilters-form"),{http:M}=Object(f.j)().services,F=Object(n.useCallback)((({field:e,query:t})=>new w.a(M).getSuggestions({field:e.name,query:t})),[M]),D=(A=F,Object(n.useMemo)((()=>({getQuerySuggestions:()=>{},hasQuerySuggestions:e=>!1,getValueSuggestions:A})),[A]));var A;const[_,N]=Object(n.useState)(!1),[R,q]=Object(n.useState)(!t.name),[P,L]=Object(n.useState)(""),[B,z]=Object(n.useState)(!1),[$,V]=Object(n.useState)([]),G=Object(y.b)().isPlatinumPlus(),U=Object(n.useMemo)((()=>Object(b.e)(t)),[t]),[H,W]=Object(n.useState)(!Object(k.d)(null==t?void 0:t.tags)),[Q,Y]=Object(n.useState)(!1),K=Object(n.useMemo)((()=>[d.z]),[]),[Z,{indexPatterns:J}]=Object(m.b)(K,void 0,d.k),[X,ee]=Object(n.useState)(!!t.entries.length||!1),te=Object(n.useMemo)((()=>null==t?void 0:t.comments),[]),ae=Object(n.useMemo)((()=>G||"edit"===T&&(!U||H&&U&&_)),[T,U,_,G,H]),ne=Object(n.useMemo)((()=>!R&&!!t.entries.length&&t.entries.some((e=>""!==e.value||e.value.length))),[R,t.entries]),ie=Object(n.useCallback)((e=>{const a=e?{...t,...e}:t;O(a),I({item:a,isValid:ne&&X})}),[X,t,ne,I]);Object(n.useEffect)((()=>{!_&&t.tags&&W(!Object(k.d)(t.tags))}),[t.tags,_]),Object(n.useEffect)((()=>{if(_)return;const e=t.tags?Object(b.c)({tags:t.tags}):[];if(!e.length)return;const n=a.filter((t=>e.includes(t.id)));V(n)}),[_,t,a]);const re=Object(n.useMemo)((()=>{const e=t;return e.entries=t.entries.length?t.entries:[{field:"",operator:"included",type:"match",value:""}],O(e),ee(!!t.entries.length),e}),[t]),oe=Object(n.useCallback)((e=>{if(!t)return;const a=e.target.value.trim();q(!a),ie({name:a}),_||N(!0)}),[t,_,ie]),se=Object(n.useMemo)((()=>{var e;return i.a.createElement(o.EuiFormRow,{label:h.e,fullWidth:!0,isInvalid:R&&B,error:h.d},i.a.createElement(o.EuiFieldText,{"aria-label":h.e,id:"eventFiltersFormInputName",defaultValue:null!==(e=null==t?void 0:t.name)&&void 0!==e?e:"","data-test-subj":C("name-input"),fullWidth:!0,maxLength:256,required:B,onChange:oe,onBlur:()=>!B&&z(!0)}))}),[C,R,oe,B,null==t?void 0:t.name]),le=Object(n.useCallback)((e=>{t&&(_||N(!0),ie({description:e.target.value.toString().trim()}))}),[t,_,ie]),ce=Object(n.useMemo)((()=>{var e;return i.a.createElement(o.EuiFormRow,{label:h.b,fullWidth:!0},i.a.createElement(o.EuiTextArea,{id:"eventFiltersFormInputDescription",defaultValue:null!==(e=null==t?void 0:t.description)&&void 0!==e?e:"",onChange:le,fullWidth:!0,"data-test-subj":C("description-input"),"aria-label":h.b,maxLength:256}))}),[null==t?void 0:t.description,C,le]),ue=Object(n.useMemo)((()=>{var e;return null!=t&&null!==(e=t.os_types)&&void 0!==e&&e.length?t.os_types[0]:c.c.WINDOWS}),[null==t?void 0:t.os_types]),de=Object(n.useCallback)((e=>{t&&(ie({os_types:[e],entries:t.entries}),_||N(!0))}),[t,_,ie]),pe=Object(n.useMemo)((()=>i.a.createElement(o.EuiFormRow,{label:h.f,fullWidth:!0},i.a.createElement(o.EuiSuperSelect,{name:"os",options:j,fullWidth:!0,valueOfSelected:ue,onChange:de}))),[de,ue]),me=Object(n.useCallback)((e=>{t&&(L(e),ie({comments:[{comment:e}]}),_||N(!0))}),[t,_,ie]),ge=Object(n.useMemo)((()=>i.a.createElement(S.a,{exceptionItemComments:te,newCommentValue:P,newCommentOnChange:me})),[te,me,P]),ye=Object(n.useMemo)((()=>i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiText,{size:"xs"},i.a.createElement("h3",null,i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.commentsSectionTitle",defaultMessage:"Comments"}))),i.a.createElement(o.EuiSpacer,{size:"xs"}),i.a.createElement(o.EuiText,{size:"s"},i.a.createElement("p",null,i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.commentsSectionDescription",defaultMessage:"Add a comment to your event filter."}))),i.a.createElement(o.EuiSpacer,{size:"m"}),ge)),[ge]),fe=Object(n.useMemo)((()=>i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiText,{size:"xs"},i.a.createElement("h3",null,i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.detailsSectionTitle",defaultMessage:"Details"}))),i.a.createElement(o.EuiSpacer,{size:"xs"}),i.a.createElement(o.EuiText,{size:"s"},i.a.createElement("p",null,h.a)),i.a.createElement(o.EuiSpacer,{size:"m"}),se,ce)),[se,ce]),be=Object(n.useCallback)((e=>{var a,n,i,o,s,l,u,d,p;if(!_&&void 0===e.exceptionItems[0]||Object(r.isEqual)(null===(a=e.exceptionItems[0])||void 0===a?void 0:a.entries,null==t?void 0:t.entries)){var m;const t=(null===(m=e.exceptionItems[0])||void 0===m?void 0:m.entries.map((e=>e.field)))||[""];return Y((p=t.reduce(((e,t)=>(t in e?e[t]++:e[t]=1,e)),{}),Object.values(p).some((e=>e>1)))),void(_||N(!0))}const g=void 0!==e.exceptionItems[0]?{...e.exceptionItems[0],name:null!==(n=null==t?void 0:t.name)&&void 0!==n?n:"",description:null!==(i=null==t?void 0:t.description)&&void 0!==i?i:"",comments:null!==(o=null==t?void 0:t.comments)&&void 0!==o?o:[],os_types:null!==(s=null==t?void 0:t.os_types)&&void 0!==s?s:[c.c.WINDOWS],tags:null!==(l=null==t?void 0:t.tags)&&void 0!==l?l:[],meta:t.meta}:t,y=void 0!==e.exceptionItems[0]&&!(e.errorExists&&(null===(u=e.exceptionItems[0])||void 0===u||null===(d=u.entries)||void 0===d||!d.length));ee(y),ie(g),_||N(!0)}),[t,_,ie]),he=Object(n.useMemo)((()=>Object(u.getExceptionBuilderComponentLazy)({allowLargeValueLists:!1,httpService:M,autocompleteService:D,exceptionListItems:[re],listType:v.c,listId:v.a,listNamespaceType:"agnostic",ruleName:h.g,indexPatterns:J,isOrDisabled:!0,isOrHidden:!0,isAndDisabled:!1,isNestedDisabled:!1,dataTestSubj:"alert-exception-builder",idAria:"alert-exception-builder",onChange:be,operatorsList:l.b,osTypes:t.os_types})),[D,be,M,J,t,re]),Ee=Object(n.useMemo)((()=>i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiText,{size:"xs"},i.a.createElement("h3",null,i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.criteriaSectionTitle",defaultMessage:"Conditions"}))),i.a.createElement(o.EuiSpacer,{size:"xs"}),i.a.createElement(o.EuiText,{size:"s"},i.a.createElement("p",null,e?i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.criteriaSectionDescription.withOs",defaultMessage:"Select an operating system and add conditions."}):i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.criteriaSectionDescription.withoutOs",defaultMessage:"Add conditions."}))),i.a.createElement(o.EuiSpacer,{size:"m"}),e?i.a.createElement(i.a.Fragment,null,pe,i.a.createElement(o.EuiSpacer,null)):null,he)),[e,he,pe]),ve=Object(n.useCallback)((e=>{const t=e.isGlobal?[b.b]:e.selected.map((e=>`${b.a}${e.id}`));e.isGlobal||V(e.selected),ie({tags:t}),_||N(!0)}),[ie,_,V]),xe=Object(n.useMemo)((()=>i.a.createElement(x.a,{selected:$,options:a,isGlobal:U,isLoading:E,isPlatinumPlus:G,onChange:ve,"data-test-subj":C("effectedPolicies")})),[$,a,U,E,G,ve,C]);return Object(n.useEffect)((()=>{ie()}),[ie]),Z||!t?i.a.createElement(g.a,{size:"xl"}):i.a.createElement(o.EuiForm,{component:"div"},fe,i.a.createElement(o.EuiHorizontalRule,null),Ee,Q&&i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiSpacer,{size:"xs"}),i.a.createElement(o.EuiText,{color:"subdued",size:"xs","data-test-subj":"duplicate-fields-warning-message"},i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.eventFilters.warningMessage.duplicateFields",defaultMessage:"Using multiples of the same filed values can degrade Endpoint performance and/or create ineffective rules"}))),ae&&i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiHorizontalRule,null),xe),i.a.createElement(o.EuiHorizontalRule,null),ye)}));I.displayName="EventFiltersForm"},,function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(2),i=a.n(n),r=a(40),o=a(5);const s=o.i18n.translate("xpack.securitySolution.rule_exceptions.itemMeta.nameLabel",{defaultMessage:"Exception name"}),l=o.i18n.translate("xpack.securitySolution.rule_exceptions.itemMeta.namePlaceholder",{defaultMessage:"Name your exception"}),c=({exceptionItemName:e,onChange:t})=>{const a=Object(n.useCallback)((e=>{t(["name",e.target.value])}),[t]);return i.a.createElement(r.EuiFormRow,{label:s,"data-test-subj":"exceptionFlyoutName"},i.a.createElement(r.EuiFieldText,{placeholder:l,value:e,onChange:a,"data-test-subj":"exceptionFlyoutNameInput"}))},u=i.a.memo(c);u.displayName="ExceptionsFlyoutMeta"},function(e,t,a){"use strict";a.d(t,"a",(function(){return S}));var n=a(2),i=a.n(n),r=a(40),o=a(80),s=a(120),l=a(41),c=a.n(l),u=a(163),d=a(197),p=a(102),m=a(5);const g=m.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.itemConditions.conditionsTitle",{defaultMessage:"Conditions"}),y=m.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.itemConditions.infoLabel",{defaultMessage:"Alerts are generated when the rule's conditions are met, except when:"}),f=m.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.itemConditions.sequenceWarningAdd",{defaultMessage:"This rule's query contains an EQL sequence statement. The exception created will apply to all events in the sequence."}),b=m.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.itemConditions.sequenceWarningEdit",{defaultMessage:"This rule's query contains an EQL sequence statement. The exception modified will apply to all events in the sequence."}),h=m.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.itemConditions.operatingSystemPlaceHolder",{defaultMessage:"Select an operating system"});var E=a(458);const v=[{label:E.g,value:["windows"]},{label:E.f,value:["macos"]},{label:E.e,value:["linux"]},{label:E.h,value:["windows","macos"]}],x=c()(r.EuiTitle).withConfig({displayName:"SectionHeader",componentId:"sc-x9h592-0"})(["",""],(()=>Object(l.css)(["font-weight:",";"],(({theme:e})=>e.eui.euiFontWeightSemiBold)))),k=({exceptionItemName:e,allowLargeValueLists:t,exceptionListItems:a,indexPatterns:l,rules:c,exceptionListType:m,showOsTypeOptions:k,selectedOs:S,isEdit:w,onOsChange:j,onExceptionItemAdd:O,onSetErrorExists:I,getExtendedFields:T})=>{const{http:C,unifiedSearch:M}=Object(p.j)().services,F=Object(n.useMemo)((()=>m===s.b.ENDPOINT),[m]),D=Object(n.useMemo)((()=>null!=c&&c.some((e=>Object(d.b)(e.type)&&Object(d.a)(e.query)))),[c]),A=Object(n.useMemo)((()=>{if(F)return"endpoint_list";const e=F?u.k:void 0;return w?a[0].list_id:e}),[F,w,a]),_=Object(n.useMemo)((()=>{const e=F?"agnostic":void 0;return w?a[0].namespace_type:e}),[a,w,F]),N=Object(n.useCallback)((({exceptionItems:e,errorExists:t})=>{O(e),I(t)}),[I,O]),R=Object(n.useCallback)((e=>{const t=e[0].value;null!=j&&j(t||void 0)}),[j]),q=Object(n.useMemo)((()=>({asPlainText:!0})),[]),P=Object(n.useMemo)((()=>v.filter((e=>S===e.value))),[S]),L=Object(n.useMemo)((()=>k&&void 0===S),[k,S]),B=Object(n.useMemo)((()=>w?b:f),[w]),z=Object(n.useMemo)((()=>{var e;return null!==(e=w?a[0].os_types:S)&&void 0!==e?e:[]}),[a,w,S]);return i.a.createElement(i.a.Fragment,null,i.a.createElement(x,{size:"xs"},i.a.createElement("h3",null,g)),D&&i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiCallOut,{"data-test-subj":"eqlSequenceCallout",title:B}),i.a.createElement(r.EuiSpacer,null)),i.a.createElement(r.EuiSpacer,{size:"s"}),i.a.createElement(r.EuiText,{size:"s"},y),i.a.createElement(r.EuiSpacer,{size:"s"}),k&&!w&&i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiFormRow,{label:E.d},i.a.createElement(r.EuiComboBox,{placeholder:h,singleSelection:q,options:v,selectedOptions:P,onChange:R,isClearable:!1,"data-test-subj":"osSelectionDropdown"})),i.a.createElement(r.EuiSpacer,{size:"l"})),k&&w&&i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiText,{size:"xs","data-test-subj":"exceptionItemSelectedOs"},i.a.createElement("dl",null,i.a.createElement("dt",null,E.d),i.a.createElement("dd",null,(e=>e.reduce(((e,t)=>`${(e=>"linux"===e?E.e:"macos"===e?E.f:E.g)(t)}, ${e}`),"").slice(0,-2))(z)))),i.a.createElement(r.EuiSpacer,null)),Object(o.getExceptionBuilderComponentLazy)({allowLargeValueLists:t,httpService:C,autocompleteService:M.autocomplete,exceptionListItems:a,listType:m,osTypes:z,listId:A,listNamespaceType:_,exceptionItemName:e,indexPatterns:l,isOrDisabled:L,isAndDisabled:L,isNestedDisabled:L,dataTestSubj:"alertExceptionBuilder",idAria:"alertExceptionBuilder",onChange:N,isDisabled:L,allowCustomFieldOptions:!F,getExtendedFields:T}))},S=i.a.memo(k);S.displayName="ExceptionsConditions"},function(e,t,a){"use strict";a.d(t,"a",(function(){return f}));var n=a(40),i=a(50),r=a.n(i),o=a(2),s=a.n(o),l=a(41),c=a.n(l),u=a(5);const d=u.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.expireTime.expireTimeLabel",{defaultMessage:"Exception will expire at"}),p=u.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.expireTime.exceptionExpireTime",{defaultMessage:"Exception Expiration"}),m=u.i18n.translate("xpack.securitySolution.rule_exceptions.flyoutComponents.expireTime.exceptionExpireTimeError",{defaultMessage:"Selected date and time must be in the future."}),g=c()(n.EuiTitle).withConfig({displayName:"SectionHeader",componentId:"sc-1t4zrw1-0"})(["",""],(()=>Object(l.css)(["font-weight:",";"],(({theme:e})=>e.eui.euiFontWeightSemiBold)))),y=({expireTime:e,setExpireTime:t,setExpireError:a})=>{const[i,l]=Object(o.useState)(e),[c,u]=Object(o.useState)(!1),[y,f]=Object(o.useState)([]),b=Object(o.useCallback)((e=>{l(null!=e?e:void 0),t(null!=e?e:void 0),null!=e&&e.isBefore()?(u(!0),f([m]),a(!0)):(u(!1),f([]),a(!1))}),[l,t,a]);return s.a.createElement("div",null,s.a.createElement(g,{size:"xs"},s.a.createElement("h3",null,p)),s.a.createElement(n.EuiSpacer,{size:"s"}),s.a.createElement(n.EuiFormRow,{error:y,isInvalid:c,label:d},s.a.createElement(n.EuiDatePicker,{showTimeSelect:!0,selected:i,isInvalid:c,onChange:b,onClear:()=>b(null),minDate:r()()})))},f=s.a.memo(y);f.displayName="ExceptionsExpireTime"},function(e,t,a){"use strict";a.d(t,"a",(function(){return m})),a.d(t,"b",(function(){return y}));var n=a(5),i=a(125),r=a(40),o=a(2),s=a.n(o),l=a(137);const c=s.a.createElement(r.EuiText,{color:"subdued",size:"xs"},l.Zb);var u=a(228),d=a(589);const{emptyField:p}=i.h,m={author:{type:i.a.COMBO_BOX,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldAuthorLabel",{defaultMessage:"Author"}),helpText:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldAuthorHelpText",{defaultMessage:"Type one or more authors for this rule. Press enter after each author to add a new one."}),labelAppend:c,validations:[{validator:p(n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.authorFieldEmptyError",{defaultMessage:"An author must not be empty"})),type:i.g.ARRAY_ITEM,isBlocking:!1}]},name:{type:i.a.TEXT,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldNameLabel",{defaultMessage:"Name"}),validations:[{validator:p(n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.nameFieldRequiredError",{defaultMessage:"A name is required."}))}]},description:{type:i.a.TEXTAREA,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldDescriptionLabel",{defaultMessage:"Description"}),validations:[{validator:p(n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.descriptionFieldRequiredError",{defaultMessage:"A description is required."}))}]},isBuildingBlock:{type:i.a.CHECKBOX,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldBuildingBlockLabel",{defaultMessage:'Mark all generated alerts as "building block" alerts'}),labelAppend:c},isAssociatedToEndpointList:{type:i.a.CHECKBOX,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldAssociatedToEndpointListLabel",{defaultMessage:"Add existing Endpoint exceptions to the rule"}),labelAppend:c},severity:{value:{},mapping:{},isMappingChecked:{}},riskScore:{value:{},mapping:{},isMappingChecked:{}},references:{label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldReferenceUrlsLabel",{defaultMessage:"Reference URLs"}),labelAppend:c,validations:[{validator:(...e)=>{const[{value:t,path:a}]=e;let n=!1;return t.forEach((e=>{Object(u.c)(e)&&(n=!0)})),n?{code:"ERR_FIELD_FORMAT",path:a,message:d.k}:void 0}}]},falsePositives:{label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldFalsePositiveLabel",{defaultMessage:"False positive examples"}),labelAppend:c},investigationFields:{type:i.a.COMBO_BOX,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldCustomHighlightedFieldsLabel",{defaultMessage:"Custom highlighted fields"}),labelAppend:c},license:{type:i.a.TEXT,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldLicenseLabel",{defaultMessage:"License"}),helpText:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldLicenseHelpText",{defaultMessage:"Add a license name"}),labelAppend:c},ruleNameOverride:{type:i.a.TEXT,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldRuleNameOverrideLabel",{defaultMessage:"Rule name override"}),helpText:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldRuleNameOverrideHelpText",{defaultMessage:"Choose a field from the source event to populate the rule name in the alert list."}),labelAppend:c},threat:{label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldMitreThreatLabel",{defaultMessage:"MITRE ATT&CK\\u2122"}),labelAppend:c},threatIndicatorPath:{type:i.a.TEXT,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThreatIndicatorPathLabel",{defaultMessage:"Indicator prefix override"}),helpText:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThreatIndicatorPathHelpText",{defaultMessage:"Specify the document prefix containing your indicator fields. Used for enrichment of indicator match alerts."}),labelAppend:c},timestampOverride:{type:i.a.TEXT,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTimestampOverrideLabel",{defaultMessage:"Timestamp override"}),helpText:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTimestampOverrideHelpText",{defaultMessage:"Choose timestamp field used when executing rule. Pick field with timestamp closest to ingest time (e.g. event.ingested)."}),labelAppend:c},timestampOverrideFallbackDisabled:{type:i.a.CHECKBOX,defaultValue:!1,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTimestampOverrideFallbackDisabledLabel",{defaultMessage:"Do not use @timestamp as a fallback timestamp field"}),labelAppend:c},tags:{type:i.a.COMBO_BOX,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTagsLabel",{defaultMessage:"Tags"}),helpText:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTagsHelpText",{defaultMessage:"Type one or more custom identifying tags for this rule. Press enter after each tag to begin a new one."}),labelAppend:c,validations:[{validator:p(n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.tagFieldEmptyError",{defaultMessage:"A tag must not be empty"})),type:i.g.ARRAY_ITEM,isBlocking:!1}]},note:{type:i.a.TEXTAREA,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.guideLabel",{defaultMessage:"Investigation guide"}),helpText:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.guideHelpText",{defaultMessage:"Provide helpful information for analysts that are investigating detection alerts. This guide will appear on the rule details page and in timelines (as notes) created from detection alerts generated by this rule."}),labelAppend:c}},g={type:i.a.TEXT,label:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThreatIndicatorPathLabel",{defaultMessage:"Indicator prefix override"}),helpText:n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThreatIndicatorPathHelpText",{defaultMessage:"Specify the document prefix containing your indicator fields. Used for enrichment of indicator match alerts."}),validations:[{validator:p(n.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepAboutRule.threatIndicatorPathFieldEmptyError",{defaultMessage:"Indicator prefix override must not be empty"})),type:i.g.FIELD}]},y={...m,threatIndicatorPath:g}},function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(2),i=a.n(n),r=a(40),o=a(125);const s=a(5).i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepDefineRule.multiSelectFields.placeholderText",{defaultMessage:"Select a field"}),l=({browserFields:e,disabledText:t,isDisabled:a,field:l,fullWidth:c=!1})=>{const u=Object(n.useMemo)((()=>({fullWidth:!0,noSuggestions:!1,options:e.map((e=>({label:e.name}))),placeholder:s,onCreateOption:void 0,...c?{}:{style:{width:"410px"}},isDisabled:a})),[e,a,c]),d=i.a.createElement(o.b,{field:l,idAria:"detectionEngineMultiSelectAutocompleteField",euiFieldProps:u});return a?i.a.createElement(r.EuiToolTip,{position:"right",content:t},d):d},c=i.a.memo(l)},function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(2),i=a.n(n),r=a(102),o=a(40);const s=({url:e,children:t,ariaLabel:a})=>t?i.a.createElement(o.EuiToolTip,{content:e,position:"top","data-test-subj":"externalLinkTooltip"},i.a.createElement(o.EuiLink,{href:e,"aria-label":a,external:!0,target:"_blank",rel:"noopener","data-test-subj":"externalLink"},t)):null;var l=a(854);const c=({guidePath:e="security",docPath:t,linkText:a})=>{const{services:n}=Object(r.j)(),{ELASTIC_WEBSITE_URL:o,DOC_LINK_VERSION:c}=n.docLinks,u=`${o}guide/en/${e}/${c}/${t}`,d=`${a} - ${l.a}`;return i.a.createElement(s,{url:u,ariaLabel:d},a)},u=Object(n.memo)(c)},function(e,t,a){"use strict";a.d(t,"g",(function(){return T})),a.d(t,"d",(function(){return C})),a.d(t,"m",(function(){return M})),a.d(t,"p",(function(){return F})),a.d(t,"e",(function(){return D})),a.d(t,"l",(function(){return A})),a.d(t,"k",(function(){return R})),a.d(t,"i",(function(){return q})),a.d(t,"q",(function(){return L})),a.d(t,"f",(function(){return B})),a.d(t,"j",(function(){return z})),a.d(t,"o",(function(){return $})),a.d(t,"n",(function(){return V})),a.d(t,"h",(function(){return U})),a.d(t,"a",(function(){return H})),a.d(t,"c",(function(){return W})),a.d(t,"b",(function(){return Q}));var n=a(41),i=a.n(n),r=a(40),o=a(129),s=a(374),l=a(42),c=a(2),u=a.n(c),d=a(751),p=a(72),m=a(522),g=a(145),y=a(810),f=a(811),b=a(415),h=a(329),E=a(213),v=a(117),x=a(1094),k=a(207);const S=({label:e,license:t})=>u.a.createElement(u.a.Fragment,null,e,u.a.createElement(r.EuiBetaBadge,{label:b.e,style:{verticalAlign:"middle",marginLeft:"8px"},size:"s"}),!t.isAtLeast(k.ab)&&u.a.createElement(r.EuiToolTip,{position:"top",content:b.b},u.a.createElement(r.EuiIcon,{type:"warning",size:"l",color:"#BD271E",style:{marginLeft:"8px"}}))),w=i()(r.EuiFlexItem).withConfig({displayName:"NoteDescriptionContainer",componentId:"sc-1i3nngy-0"})(["height:105px;overflow-y:hidden;"]),j=e=>!Object(l.isEmpty)(e.join("")),O=i()(r.EuiBadge).withConfig({displayName:"EuiBadgeWrap",componentId:"sc-1i3nngy-1"})([".euiBadge__text{white-space:pre-wrap !important;}"]),I=i.a.div.withConfig({displayName:"Query",componentId:"sc-1i3nngy-2"})(["white-space:pre-wrap;"]),T=({field:e,filters:t,filterManager:a,query:n,savedId:i,savedQueryName:o,indexPatterns:s,queryLabel:c})=>{let d=[];const m=!Object(l.isEmpty)(i)&&!Object(l.isEmpty)(o);return m&&(d=[...d,{title:u.a.createElement(u.a.Fragment,null,b.s," "),description:u.a.createElement(u.a.Fragment,null,o," ")}]),Object(l.isEmpty)(t)||(a.setFilters(t),d=[...d,{title:u.a.createElement(u.a.Fragment,null,m?b.q:b.l," "),description:u.a.createElement(r.EuiFlexGroup,{wrap:!0,responsive:!1,gutterSize:"xs"},a.getFilters().map(((t,a)=>u.a.createElement(Y,{grow:!1,key:`${e}-filter-${a}`},u.a.createElement(O,{color:"hollow"},null!=s?u.a.createElement(p.FilterBadgeGroup,{filters:[t],dataViews:[s]}):u.a.createElement(r.EuiLoadingSpinner,{size:"m"}))))))}]),Object(l.isEmpty)(n)||(d=[...d,{title:u.a.createElement(u.a.Fragment,null,m?b.r:null!=c?c:b.o),description:u.a.createElement(I,null,n)}]),d},C=e=>{let t=[];return Object(l.isEmpty)(e.eventCategoryField)||(t=[...t,{title:u.a.createElement(u.a.Fragment,null,b.h),description:u.a.createElement(u.a.Fragment,null,e.eventCategoryField)}]),Object(l.isEmpty)(e.tiebreakerField)||(t=[...t,{title:u.a.createElement(u.a.Fragment,null,b.i),description:u.a.createElement(u.a.Fragment,null,e.tiebreakerField)}]),Object(l.isEmpty)(e.timestampField)||(t=[...t,{title:u.a.createElement(u.a.Fragment,null,b.j),description:u.a.createElement(u.a.Fragment,null,e.timestampField)}]),t},M=({label:e,threat:t})=>t.length>0?[{title:e,description:u.a.createElement(x.a,{label:e,threat:t})}]:[],F=(e,t,a)=>j(a)?[{title:e,description:u.a.createElement(r.EuiText,{size:"s"},u.a.createElement("ul",null,a.map((e=>Object(l.isEmpty)(e)?null:u.a.createElement("li",{"data-test-subj":"unorderedListArrayDescriptionItem",key:`${t}-${e}`},e)))))}]:[],D=(e,t)=>{if(Object(l.isEmpty)(t))return[];const a=u.a.createElement(r.EuiFlexGroup,{responsive:!1,gutterSize:"xs",wrap:!0},t.map((t=>Object(l.isEmpty)(t)?null:u.a.createElement(r.EuiFlexItem,{grow:!1,key:`${e}-${t}`},u.a.createElement(O,{"data-test-subj":"customHighlightedFieldsStringArrayDescriptionBadgeItem",color:"hollow"},t)))));return[{title:e,description:a}]},A=(e,t,a)=>j(a)?[{title:e,description:u.a.createElement(r.EuiFlexGroup,{responsive:!1,gutterSize:"xs",wrap:!0},a.map((e=>Object(l.isEmpty)(e)?null:u.a.createElement(r.EuiFlexItem,{grow:!1,key:`${t}-${e}`},u.a.createElement(O,{"data-test-subj":"stringArrayDescriptionBadgeItem",color:"hollow"},e)))))}]:[],_=i()(r.EuiFlexItem).withConfig({displayName:"OverrideColumn",componentId:"sc-1i3nngy-3"})(["width:125px;max-width:125px;overflow:hidden;text-overflow:ellipsis;"]),N=i()(r.EuiFlexItem).withConfig({displayName:"OverrideValueColumn",componentId:"sc-1i3nngy-4"})(["width:30px;max-width:30px;overflow:hidden;text-overflow:ellipsis;"]),R=e=>[{title:y.a,description:u.a.createElement(h.a,{value:e.value})},...e.isMappingChecked?e.mapping.filter((e=>""!==e.field)).map(((e,t)=>({title:0===t?y.d:"",description:u.a.createElement(r.EuiFlexGroup,{alignItems:"center",gutterSize:"s"},u.a.createElement(_,null,u.a.createElement(r.EuiToolTip,{content:e.field,"data-test-subj":`severityOverrideField${t}`},u.a.createElement(u.a.Fragment,null,`${e.field}:`))),u.a.createElement(N,null,u.a.createElement(r.EuiToolTip,{content:e.value,"data-test-subj":`severityOverrideValue${t}`},Object(v.a)(e.value))),u.a.createElement(r.EuiFlexItem,{grow:!1},u.a.createElement(r.EuiIcon,{type:"sortRight"})),u.a.createElement(r.EuiFlexItem,null,u.a.createElement(h.a,{"data-test-subj":`severityOverrideSeverity${t}`,value:e.severity})))}))):[]],q=e=>[{title:f.b,description:e.value},...e.isMappingChecked?e.mapping.filter((e=>""!==e.field)).map(((e,t)=>({title:0===t?f.e:"",description:u.a.createElement(r.EuiFlexGroup,{alignItems:"center",gutterSize:"s"},u.a.createElement(_,null,u.a.createElement(r.EuiToolTip,{content:e.field,"data-test-subj":`riskScoreOverrideField${t}`},u.a.createElement(u.a.Fragment,null,e.field))),u.a.createElement(r.EuiFlexItem,{grow:!1},u.a.createElement(r.EuiIcon,{type:"sortRight"})),u.a.createElement(r.EuiFlexItem,null,o.q))}))):[]],P=i()(r.EuiLink).withConfig({displayName:"MyRefUrlLink",componentId:"sc-1i3nngy-5"})(["word-break:break-word;"]),L=(e,t)=>j(t)?[{title:e,description:u.a.createElement(r.EuiText,{size:"s"},u.a.createElement("ul",null,t.filter((e=>!Object(l.isEmpty)(e))).map(((e,t)=>u.a.createElement("li",{"data-test-subj":"urlsDescriptionReferenceLinkItem",key:`${t}-${e}`},u.a.createElement(P,{href:e,external:!0,target:"_blank"},e))))))}]:[],B=(e,t)=>""!==t.trim()?[{title:e,description:u.a.createElement(w,null,u.a.createElement("div",{"data-test-subj":"noteDescriptionItem",className:"eui-yScrollWithShadows"},t))}]:[],z=(e,t)=>{switch(t){case"machine_learning":return[{title:e,description:b.m}];case"query":case"saved_query":return[{title:e,description:b.p}];case"threshold":return[{title:e,description:b.x}];case"eql":return[{title:e,description:b.k}];case"threat_match":return[{title:e,description:b.t}];case"new_terms":return[{title:e,description:b.n}];default:return Object(g.a)(t)}},$=(e,t)=>[{title:e,description:u.a.createElement(u.a.Fragment,null,Object(l.isEmpty)(t.field[0])?`${b.w} >= ${t.value}`:`${b.v} ${Array.isArray(t.field)?t.field.join(","):t.field} >= ${t.value}`)}],V=(e,t)=>[{title:e,description:t.reduce(((e,t,a,{length:n})=>{const i=t.entries.reduce(((e,t,a,{length:n})=>1===n?`${t.field} ${m.d} ${t.value}`:0===a?`(${t.field} ${m.d} ${t.value})`:`${e} ${m.a} (${t.field} ${m.d} ${t.value})`),"");return 1===n?`${i}`:0===a?`(${i})`:`${e} ${m.e} (${i})`}),"")}],G=i()(r.EuiText).withConfig({displayName:"FieldTypeText",componentId:"sc-1i3nngy-6"})(["font-size:",";font-family:",";display:inline;"],(({theme:e})=>e.eui.euiFontSizeXS),(({theme:e})=>e.eui.euiCodeFontFamily)),U=(e,t)=>Object(l.isEmpty)(t)?[]:[{title:e,description:u.a.createElement(r.EuiFlexGrid,{gutterSize:"s"},t.map(((e,a)=>u.a.createElement(r.EuiFlexItem,{grow:!1},u.a.createElement(r.EuiFlexGroup,{alignItems:"center",gutterSize:"xs"},u.a.createElement(r.EuiFlexItem,{grow:!1},u.a.createElement(d.a,{"data-test-subj":"field-type-icon",type:Object(s.c)(e.type),label:e.type})),u.a.createElement(r.EuiFlexItem,{grow:!1},u.a.createElement(G,{grow:!1,size:"s"},` ${e.name}${a+1!==t.length?", ":""}`)))))))}],H=(e,t,a)=>{if(Object(l.isEmpty)(t))return[];const n=u.a.createElement(r.EuiFlexGroup,{responsive:!1,gutterSize:"xs",wrap:!0},t.map((t=>Object(l.isEmpty)(t)?null:u.a.createElement(r.EuiFlexItem,{grow:!1,key:`${e}-${t}`},u.a.createElement(O,{"data-test-subj":"stringArrayDescriptionBadgeItem",color:"hollow"},t)))));return[{title:u.a.createElement(S,{label:e,license:a}),description:n}]},W=(e,t,a,n)=>{const i=n===E.b.PerTimePeriod?`${t.value}${t.unit}`:b.c;return[{title:u.a.createElement(S,{label:e,license:a}),description:i}]},Q=(e,t,a)=>{if(Object(l.isEmpty)(t))return[];const n=t===k.b.Suppress?b.d:b.a;return[{title:u.a.createElement(S,{label:e,license:a}),description:n}]};var Y=i()(r.EuiFlexItem).withConfig({displayName:"_StyledEuiFlexItem",componentId:"sc-1i3nngy-7"})({width:"100%"})},,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return r})),a.d(t,"b",(function(){return o}));var n=a(120);const i=["endpoint_list"],r=e=>!!i.find((t=>t===e.list_id)),o=e=>n.o.is(e)},,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(40),i=a(2),r=a.n(i),o=a(558),s=a(135),l=a(337),c=a(122),u=a(105);const d=r.a.memo((({eventId:e,contextId:t,enrichedFieldInfo:a,scopeId:d,handleOnEventClosed:p})=>{const[m,g]=Object(i.useState)(!1),y=Object(i.useCallback)((()=>g(!m)),[m]),f=Object(i.useCallback)((()=>g(!1)),[]),b=Object(i.useCallback)((()=>{f(),p()}),[f,p]),h=Object(i.useMemo)((()=>c.d.globalQuery()),[]),E=Object(u.a)(h),v=Object(i.useCallback)((()=>{E.forEach((e=>e.refetch&&e.refetch()))}),[E]),{actionItems:x}=Object(o.a)({closePopover:b,eventId:e,scopeId:d,alertStatus:a.values[0],refetch:v}),k=Object(i.useMemo)((()=>[{id:0,items:x}]),[x]),S=Object(i.useMemo)((()=>x.length>0),[x]),w=Object(i.useMemo)((()=>r.a.createElement(l.a,{contextId:t,eventId:e,value:a.values[0],fieldName:a.data.field,linkValue:a.linkValue,fieldType:a.data.type,fieldFormat:a.data.format,isDraggable:!1,truncate:!1,isButton:S,onClick:S?y:void 0,onClickAriaLabel:s.x})),[t,e,a,y,S]);return S?r.a.createElement(n.EuiPopover,{button:w,isOpen:m,closePopover:f,panelPaddingSize:"none","data-test-subj":"alertStatus"},r.a.createElement(n.EuiPopoverTitle,{paddingSize:"m"},s.w),r.a.createElement(n.EuiContextMenu,{panels:k,initialPanelId:0,"data-test-subj":"event-details-alertStatusPopover"})):w}));d.displayName="StatusPopoverButton"},,,,,,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(2),i=a.n(n),r=a(103),o=a(1430),s=a(709);const l=i.a.memo((e=>{const t=Object(r.useSelector)((t=>t.analyzer[e.resolverComponentInstanceID])),a=Object(r.useDispatch)();return t||a(Object(s.createResolver)({id:e.resolverComponentInstanceID})),Object(n.useEffect)((()=>{e.shouldUpdate&&a(Object(s.createResolver)({id:e.resolverComponentInstanceID}))}),[a,e.shouldUpdate,e.resolverComponentInstanceID]),i.a.createElement(o.a,e)}))},function(e,t,a){"use strict";a.d(t,"i",(function(){return i})),a.d(t,"h",(function(){return r})),a.d(t,"b",(function(){return o})),a.d(t,"c",(function(){return s})),a.d(t,"d",(function(){return l})),a.d(t,"a",(function(){return c})),a.d(t,"f",(function(){return u})),a.d(t,"e",(function(){return d})),a.d(t,"g",(function(){return p})),a.d(t,"k",(function(){return m})),a.d(t,"j",(function(){return g}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.user.details.overview.userIdTitle",{defaultMessage:"User ID"}),r=n.i18n.translate("xpack.securitySolution.user.details.overview.userDomainTitle",{defaultMessage:"Domain"}),o=n.i18n.translate("xpack.securitySolution.user.details.overview.familyTitle",{defaultMessage:"Family"}),s=n.i18n.translate("xpack.securitySolution.user.details.overview.ipAddressesTitle",{defaultMessage:"IP addresses"}),l=n.i18n.translate("xpack.securitySolution.user.details.overview.osTitle",{defaultMessage:"Operating system"}),c=n.i18n.translate("xpack.securitySolution.network.ipDetails.ipOverview.firstSeenTitle",{defaultMessage:"First seen"}),u=n.i18n.translate("xpack.securitySolution.user.ipDetails.ipOverview.lastSeenTitle",{defaultMessage:"Last seen"}),d=n.i18n.translate("xpack.securitySolution.user.details.overview.inspectTitle",{defaultMessage:"User overview"}),p=n.i18n.translate("xpack.securitySolution.user.details.overview.maxAnomalyScoreByJobTitle",{defaultMessage:"Max anomaly score by job"}),m=n.i18n.translate("xpack.securitySolution.user.details.overview.userRiskScoreTitle",{defaultMessage:"User risk score"}),g=n.i18n.translate("xpack.securitySolution.user.details.overview.userRiskClassification",{defaultMessage:"User risk classification"})},function(e,t,a){"use strict";a.d(t,"e",(function(){return i})),a.d(t,"d",(function(){return r})),a.d(t,"k",(function(){return o})),a.d(t,"n",(function(){return s})),a.d(t,"g",(function(){return l})),a.d(t,"f",(function(){return c})),a.d(t,"j",(function(){return u})),a.d(t,"m",(function(){return d})),a.d(t,"p",(function(){return p})),a.d(t,"o",(function(){return m})),a.d(t,"c",(function(){return g})),a.d(t,"r",(function(){return y})),a.d(t,"a",(function(){return f})),a.d(t,"b",(function(){return b})),a.d(t,"q",(function(){return h})),a.d(t,"i",(function(){return E})),a.d(t,"l",(function(){return v})),a.d(t,"h",(function(){return x}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.host.details.overview.hostIdTitle",{defaultMessage:"Host ID"}),r=n.i18n.translate("xpack.securitySolution.host.details.firstSeenTitle",{defaultMessage:"First seen"}),o=n.i18n.translate("xpack.securitySolution.host.details.lastSeenTitle",{defaultMessage:"Last seen"}),s=n.i18n.translate("xpack.securitySolution.host.details.overview.maxAnomalyScoreByJobTitle",{defaultMessage:"Max anomaly score by job"}),l=n.i18n.translate("xpack.securitySolution.host.details.overview.hostRiskScoreTitle",{defaultMessage:"Host risk score"}),c=n.i18n.translate("xpack.securitySolution.host.details.overview.hostRiskClassification",{defaultMessage:"Host risk classification"}),u=n.i18n.translate("xpack.securitySolution.host.details.overview.ipAddressesTitle",{defaultMessage:"IP addresses"}),d=n.i18n.translate("xpack.securitySolution.host.details.overview.macAddressesTitle",{defaultMessage:"MAC addresses"}),p=n.i18n.translate("xpack.securitySolution.host.details.overview.platformTitle",{defaultMessage:"Platform"}),m=n.i18n.translate("xpack.securitySolution.host.details.overview.osTitle",{defaultMessage:"Operating system"}),g=n.i18n.translate("xpack.securitySolution.host.details.overview.familyTitle",{defaultMessage:"Family"}),y=n.i18n.translate("xpack.securitySolution.host.details.versionLabel",{defaultMessage:"Version"}),f=n.i18n.translate("xpack.securitySolution.host.details.architectureLabel",{defaultMessage:"Architecture"}),b=n.i18n.translate("xpack.securitySolution.host.details.overview.cloudProviderTitle",{defaultMessage:"Cloud provider"}),h=n.i18n.translate("xpack.securitySolution.host.details.overview.regionTitle",{defaultMessage:"Region"}),E=n.i18n.translate("xpack.securitySolution.host.details.overview.instanceIdTitle",{defaultMessage:"Instance ID"}),v=n.i18n.translate("xpack.securitySolution.host.details.overview.machineTypeTitle",{defaultMessage:"Machine type"}),x=n.i18n.translate("xpack.securitySolution.host.details.overview.inspectTitle",{defaultMessage:"Host overview"})},function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(50),i=a.n(n),r=a(2),o=a.n(r),s=a(40),l=a(236),c=a(167);const u=({range:e,setRange:t,loading:a})=>{const[n,u]=Object(r.useState)(e.from===c.a?i()().subtract(30,"d"):i()(e.from)),[d,p]=Object(r.useState)(e.to===c.b?i()():i()(e.to)),m=Object(r.useCallback)((()=>{n&&d&&n.isBefore(d)&&t({from:n.toISOString(),to:d.toISOString()})}),[d,t,n]),g=Object(r.useMemo)((()=>null==n?void 0:n.isBefore(d)),[n,d]);return o.a.createElement(s.EuiFlexGroup,null,o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(s.EuiDatePickerRange,{"data-test-subj":"enrichment-query-range-picker",startDateControl:o.a.createElement(s.EuiDatePicker,{className:"start-picker",selected:n,onChange:u,startDate:n,endDate:d,isInvalid:!g,"aria-label":l.d,showTimeSelect:!0}),endDateControl:o.a.createElement(s.EuiDatePicker,{className:"end-picker",selected:d,onChange:p,startDate:n,endDate:d,isInvalid:!g,"aria-label":l.c,showTimeSelect:!0})})),o.a.createElement(s.EuiFlexItem,{grow:!1},o.a.createElement(s.EuiButton,{iconType:"refresh",onClick:m,isLoading:a,"data-test-subj":"enrichment-button",isDisabled:!g},l.n)))}},function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(2),i=a.n(n),r=a(803),o=a(135),s=a(500);const l=({ariaLabel:e=o.i,ecsRowData:t,buttonType:a,onInvestigateInTimelineAlertClick:n})=>{const{investigateInTimelineAlertClick:l}=Object(s.a)({ecsRowData:t,onInvestigateInTimelineAlertClick:n});return i.a.createElement(r.a,{ariaLabel:e,content:o.h,dataTestSubj:"send-alert-to-timeline",iconType:"timeline",onClick:l,isDisabled:!1,buttonType:a})},c=i.a.memo(l)},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(896);const i=e=>{var t;const a=null!=e&&e.fields?null==e?void 0:e.fields["kibana.alert.rule.parameters"]:null,i=a?null===(t=a[0])||void 0===t?void 0:t.threat:null;return i&&i.length>0?Object(n.m)({label:i[0].framework,threat:i}):null}},function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(40),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(346);const c=s.a.div.withConfig({displayName:"EuiCodeEditorContainer",componentId:"sc-a6c5kq-0"})([".euiCodeEditorWrapper{position:absolute;}"]),u=r.a.memo((({rawEventData:e})=>{const t=Object(i.useMemo)((()=>JSON.stringify(e,l.i,2)),[e]);return r.a.createElement(c,null,r.a.createElement(n.EuiCodeBlock,{language:"json",fontSize:"m",paddingSize:"m",isCopyable:!0,"data-test-subj":"jsonView"},t))}));u.displayName="JsonView"},function(e,t,a){"use strict";a.d(t,"a",(function(){return y}));var n=a(40),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(255),c=a(124),u=a(102),d=a(596),p=a(155),m=a(238);const g=s.a.div.withConfig({displayName:"TabContentWrapper",componentId:"sc-woclj6-0"})(["height:100%;position:relative;"]),y=({rawEventData:e,ecsData:t})=>{var a,i,o,s,y,f,b,h,E;const{services:{osquery:v}}=Object(u.j)(),x=Object(c.a)("responseActionsEnabled"),k=Object(c.a)("endpointResponseActionsEnabled"),S=e?Object(l.a)(e.fields):void 0,w=null==S||null===(a=S.kibana)||void 0===a||null===(i=a.alert)||void 0===i||null===(o=i.rule)||void 0===o||null===(s=o.parameters)||void 0===s?void 0:s[0].response_actions,j=!e||!x||k||!t||!(null!=w&&w.length),O=null!==(y=null==e?void 0:e._id)&&void 0!==y?y:"",{OsqueryResults:I,fetchAllLiveQueries:T}=v,{data:C}=T({filterQuery:{term:{alert_ids:O}},alertId:O,skip:j});if(j)return;const M=w.filter((e=>e.action_type_id===m.a.OSQUERY));if(null==M||!M.length)return;const F=(null==C?void 0:C.data.items)||[],D=null==S||null===(f=S.kibana)||void 0===f||null===(b=f.alert)||void 0===b||null===(h=b.rule)||void 0===h||null===(E=h.name)||void 0===E?void 0:E[0],A=r.a.createElement(g,{"data-test-subj":"osqueryViewWrapper"},r.a.createElement(I,{ruleName:D,actionItems:F,ecsData:t}),r.a.createElement(n.EuiSpacer,{size:"s"}));return{id:d.b.osqueryView,"data-test-subj":"osqueryViewTab",name:p.u,append:r.a.createElement(n.EuiNotificationBadge,{"data-test-subj":"osquery-actions-notification"},F.length),content:A}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(396),i=a.n(n);const r={macos:!0,windows:!0};function o(e){return e.includes("-")?e.substring(0,e.indexOf("-")):e}const s=({osName:e,version:t,capabilities:a})=>!(!t||!(({currentVersion:e,minVersionRequired:t="7.14.0"})=>{try{const a=o(e);return i()(t,a)}catch(a){return window&&window.console&&window.console.warn(`SecuritySolution: isVersionSupported(): Unable to determine if current version [${e}] meets minimum version [${t}]. Error: ${a.message}`),!1}})({currentVersion:t}))&&(function(e){const t=o(e);return i()("7.15.0",t)}(t)?function(e=[]){return e.includes("isolation")}(a):function(e){return(({currentOs:e,supportedOss:t=r})=>!!t[e])({currentOs:e.toLowerCase()})}(e))},,function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(65),i=a(504);const r=(e,t={})=>{var a;return e.get(i.a,{...t,query:{...t.query,kuery:`${null!=t&&null!==(a=t.query)&&void 0!==a&&a.kuery?`${t.query.kuery} and `:""}${n.PACKAGE_POLICY_SAVED_OBJECT_TYPE}.package.name: endpoint`}})}},function(e,t,a){"use strict";a.d(t,"b",(function(){return s})),a.d(t,"a",(function(){return l})),a.d(t,"d",(function(){return c})),a.d(t,"c",(function(){return u}));var n=a(2),i=a.n(n),r=a(5),o=a(44);const s={FORM_TITLE:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.applyTimelineTemplate.formTitle",{defaultMessage:"Apply Timeline template"}),TEMPLATE_SELECTOR_LABEL:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.applyTimelineTemplate.templateSelectorLabel",{defaultMessage:"Apply Timeline template to selected rules"}),TEMPLATE_SELECTOR_HELP_TEXT:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.applyTimelineTemplate.templateSelectorHelpText",{defaultMessage:"Select which Timeline to apply to selected rules when investigating generated alerts."}),TEMPLATE_SELECTOR_PLACEHOLDER:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.applyTimelineTemplate.templateSelectorPlaceholder",{defaultMessage:"Search Timeline template"}),TEMPLATE_SELECTOR_DEFAULT_VALUE:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.applyTimelineTemplate.templateSelectorDefaultValue",{defaultMessage:"None"}),warningCalloutMessage:e=>i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.applyTimelineTemplate.warningCalloutMessage",defaultMessage:"You're about to apply changes to {rulesCount, plural, one {# selected rule} other {# selected rules}}. If you previously applied Timeline templates to these rules, they will be overwritten or (if you select 'None') reset to none.",values:{rulesCount:e}})},l={FORM_TITLE:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.addRuleActions.formTitle",{defaultMessage:"Add rule actions"}),OVERWRITE_LABEL:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.addRuleActions.overwriteCheckboxLabel",{defaultMessage:"Overwrite all selected rules actions"}),RULE_VARIABLES_DETAIL:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.addRuleActions.ruleVariablesDetail",{defaultMessage:"Rule variables may affect only some of the rules you select, based on the rule types (for example, \\u007b\\u007bcontext.rule.threshold\\u007d\\u007d will only display values for threshold rules)."})},c={FORM_TITLE:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.setSchedule.formTitle",{defaultMessage:"Update rule schedules"}),INTERVAL_LABEL:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.setSchedule.intervalLabel",{defaultMessage:"Runs every"}),INTERVAL_HELP_TEXT:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.setSchedule.intervalHelpText",{defaultMessage:"Rules run periodically and detect alerts within the specified time frame."}),LOOKBACK_LABEL:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.setSchedule.lookbackLabel",{defaultMessage:"Additional look-back time"}),LOOKBACK_HELP_TEXT:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.setSchedule.lookbackHelpText",{defaultMessage:"Adds time to the look-back period to prevent missed alerts."}),warningCalloutMessage:e=>i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.edit.setSchedule.warningCalloutMessage",defaultMessage:"You're about to apply changes to {rulesCount, plural, one {# selected rule} other {# selected rules}}. The changes you make will overwrite the existing rule schedules and additional look-back time (if any).",values:{rulesCount:e}})},u={MODAL_TITLE:e=>i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.duplicate.exception.confirmation.modalTitle",defaultMessage:"Duplicate {rulesCount, plural, one {the rule} other {rules}}?",values:{rulesCount:e}}),MODAL_TEXT:e=>i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.duplicate.exceptionsConfirmation.modalBody",defaultMessage:"You're duplicating {rulesCount, plural, one {# rule} other {# rules}}. Choose what to duplicate:",values:{rulesCount:e}}),DUPLICATE_EXCEPTIONS_TEXT:e=>i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.duplicate.exceptionsConfirmation.with",defaultMessage:"The {rulesCount, plural, one {rule} other {rules}} and {rulesCount, plural, one {its} other {their}} active exceptions",values:{rulesCount:e}}),DUPLICATE_EXCEPTIONS_INCLUDE_EXPIRED_EXCEPTIONS_LABEL:e=>i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.duplicate.includeExpiredExceptionsCheckboxLabel",defaultMessage:"The {rulesCount, plural, one {rule} other {rules}} and {rulesCount, plural, one {its} other {their}} exceptions",values:{rulesCount:e}}),DUPLICATE_WITHOUT_EXCEPTIONS_TEXT:e=>i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.duplicate.exceptionsConfirmation.without",defaultMessage:"Only the {rulesCount, plural, one {rule} other {rules}}",values:{rulesCount:e}}),CONTINUE_BUTTON:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.duplicate.exceptionsConfirmation.continueButton",{defaultMessage:"Duplicate"}),CANCEL_BUTTON:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.duplicate.exceptionsConfirmation.cancelButton",{defaultMessage:"Cancel"}),DUPLICATE_TOOLTIP:r.i18n.translate("xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.duplicate.exceptionsConfirmation.tooltip",{defaultMessage:"Exception items associated with individual rules are duplicated. Exception items linked to shared exception lists are not. Instead, duplicated rules will reference the shared exception lists that contain the exception items."})}},,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return U}));var n=a(2),i=a.n(n),r=a(40),o=a(45),s=a(141),l=a(828),c=a(1135),u=a(653),d=a(5),p=a(755),m=a(104),g=a.n(m);const y=Object(n.memo)((e=>{const t=Object(n.useRef)(null),a=i.a.createElement(r.EuiButton,g()({buttonRef:t},e));return Object(n.useEffect)((()=>{t.current&&t.current.focus()}),[]),a}));y.displayName="AutoFocusButton";var f=a(107),b=a(487),h=a(102),E=a(381);const v=Object.freeze({deleteActionFailure:(e,t)=>d.i18n.translate("xpack.securitySolution.artifactListPage.deleteActionFailure",{defaultMessage:'Unable to remove "{itemName}". Reason: {errorMessage}',values:{itemName:e,errorMessage:t}}),deleteActionSuccess:e=>d.i18n.translate("xpack.securitySolution.artifactListPage.deleteActionSuccess",{defaultMessage:'"{itemName}" has been removed',values:{itemName:e}})}),x=Object.freeze({deleteModalTitle:e=>d.i18n.translate("xpack.securitySolution.artifactListPage.deleteModalTitle",{defaultMessage:"Delete {itemName}",values:{itemName:e}}),deleteModalImpactTitle:d.i18n.translate("xpack.securitySolution.artifactListPage.deleteModalImpactTitle",{defaultMessage:"Warning"}),deleteModalImpactInfo:e=>d.i18n.translate("xpack.securitySolution.artifactListPage.deleteModalImpactInfo",{defaultMessage:"Deleting this entry will remove it from {count} associated {count, plural, one {policy} other {policies}}.",values:{count:Object(b.e)(e)?d.i18n.translate("xpack.securitySolution.artifactListPage.deleteModalImpactInfoAll",{defaultMessage:"all"}):Object(b.c)(e).length}}),deleteModalConfirmInfo:d.i18n.translate("xpack.securitySolution.artifactListPage.deleteModalConfirmInfo",{defaultMessage:"This action cannot be undone. Are you sure you wish to continue?"}),deleteModalSubmitButtonTitle:d.i18n.translate("xpack.securitySolution.artifactListPage.deleteModalSubmitButtonTitle",{defaultMessage:"Delete"}),deleteModalCancelButtonTitle:d.i18n.translate("xpack.securitySolution.artifactListPage.deleteModalCancelButtonTitle",{defaultMessage:"Cancel"})}),k=Object(n.memo)((({apiClient:e,item:t,onCancel:a,onSuccess:o,"data-test-subj":s,labels:l})=>{const c=Object(f.a)(s),{deleteArtifactItem:u,isLoading:d}=((e,t,a)=>{const i=Object(h.n)(),r=Object(E.c)(e,{onError:e=>{var n;i.addDanger(a.deleteActionFailure(t.name,(null===(n=e.body)||void 0===n?void 0:n.message)||e.message))},onSuccess:e=>{i.addSuccess(a.deleteActionSuccess(e.name))}});return Object(n.useMemo)((()=>({...r,deleteArtifactItem:r.mutateAsync})),[r])})(e,t,l),p=Object(n.useCallback)((()=>{u(t).then((()=>o()))}),[u,t,o]),m=Object(n.useCallback)((()=>{d||a()}),[d,a]);return i.a.createElement(r.EuiModal,{onClose:m,"data-test-subj":s},i.a.createElement(r.EuiModalHeader,{"data-test-subj":c("header")},i.a.createElement(r.EuiModalHeaderTitle,null,l.deleteModalTitle(t.name))),i.a.createElement(r.EuiModalBody,{"data-test-subj":c("body")},i.a.createElement(r.EuiText,null,i.a.createElement(r.EuiCallOut,{"data-test-subj":c("impactCallout"),title:l.deleteModalImpactTitle,color:"danger",iconType:"warning"},i.a.createElement("p",{"data-test-subj":c("impactCalloutInfo")},l.deleteModalImpactInfo(t))),i.a.createElement(r.EuiSpacer,{size:"m"}),i.a.createElement("p",null,l.deleteModalConfirmInfo))),i.a.createElement(r.EuiModalFooter,null,i.a.createElement(r.EuiButtonEmpty,{onClick:m,isDisabled:d,"data-test-subj":c("cancelButton")},l.deleteModalCancelButtonTitle),i.a.createElement(y,{fill:!0,color:"danger",onClick:p,isLoading:d,isDisabled:d,"data-test-subj":c("submitButton")},l.deleteModalSubmitButtonTitle)))}));k.displayName="ArtifactDeleteModal";const S=Object.freeze({pageTitle:d.i18n.translate("xpack.securitySolution.artifactListPage.pageTitle",{defaultMessage:"Artifact"}),pageAboutInfo:d.i18n.translate("xpack.securitySolution.artifactListPage.aboutInfo",{defaultMessage:"A list of artifacts for endpoint"}),pageAddButtonTitle:d.i18n.translate("xpack.securitySolution.artifactListPage.addButtonTitle",{defaultMessage:"Add artifact"}),emptyStateTitleNoEntries:d.i18n.translate("xpack.securitySolution.artifactListPage.emptyStateTitleNoEntries",{defaultMessage:"There are no entries to display."}),emptyStateTitle:d.i18n.translate("xpack.securitySolution.artifactListPage.emptyStateTitle",{defaultMessage:"Add your first artifact"}),emptyStateInfo:d.i18n.translate("xpack.securitySolution.artifactListPage.emptyStateInfo",{defaultMessage:"Add an artifact"}),emptyStatePrimaryButtonLabel:d.i18n.translate("xpack.securitySolution.artifactListPage.emptyStatePrimaryButtonLabel",{defaultMessage:"Add"}),searchPlaceholderInfo:d.i18n.translate("xpack.securitySolution.artifactListPage.searchPlaceholderInfo",{defaultMessage:"Search on the fields below: name, description, comments, value"}),getShowingCountLabel:e=>d.i18n.translate("xpack.securitySolution.artifactListPage.showingTotal",{defaultMessage:"Showing {total, plural, one {# artifact} other {# artifacts}}",values:{total:e}}),cardActionEditLabel:d.i18n.translate("xpack.securitySolution.artifactListPage.cardActionEditLabel",{defaultMessage:"Edit artifact"}),cardActionDeleteLabel:d.i18n.translate("xpack.securitySolution.artifactListPage.cardActionDeleteLabel",{defaultMessage:"Delete event filter"}),...p.a,...x,...v});var w=a(794),j=a(1062),O=a(503),I=a(347),T=a(41),C=a.n(T),M=a(1036);const F=C()(r.EuiEmptyPrompt).withConfig({displayName:"EmptyPrompt",componentId:"sc-1flznkw-0"})(["",""],(()=>Object(T.css)(["max-width:100%;"]))),D=Object(n.memo)((({onAdd:e,isAddDisabled:t=!1,backComponent:a,"data-test-subj":n,titleLabel:o,titleNoEntriesLabel:s,aboutInfo:l,primaryButtonLabel:c,secondaryAboutInfo:u,canCreateItems:d=!0})=>{const p=Object(f.a)(n);return i.a.createElement(M.a,null,d?i.a.createElement(F,{"data-test-subj":n,iconType:"plusInCircle",title:i.a.createElement("h2",{"data-test-subj":p("title")},o),body:i.a.createElement("div",{"data-test-subj":p("aboutInfo")},l,u?i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiSpacer,{size:"m"}),u):void 0),actions:[i.a.createElement(r.EuiButton,{fill:!0,isDisabled:t,onClick:e,"data-test-subj":p("addButton")},c),...a?[a]:[]]}):i.a.createElement(F,{"data-test-subj":n,iconType:"iInCircle",title:i.a.createElement("h2",{"data-test-subj":p("title-no-entries")},s)}))}));D.displayName="NoDataEmptyState";var A=a(829),_=a(732),N=a(46),R=a(173),q=a(290),P=a(1390),L=a(720);var B=a(226),z=a(44),$=a(488);const V=Object(n.memo)((({backButtonLabel:e,backButtonUrl:t,onBackButtonNavigateTo:a,...n})=>{const o=Object($.a)(...a);return i.a.createElement(r.EuiButtonEmpty,g()({},n,{"data-test-subj":"backToOrigin",size:"s",href:t,onClick:o,textProps:{className:"text"}}),e||i.a.createElement(z.FormattedMessage,{id:"xpack.securitySolution.list.backButton",defaultMessage:"Back"}))}));V.displayName="BackToExternalAppSecondaryButton";var G=a(685);const U=Object(n.memo)((({apiClient:e,ArtifactFormComponent:t,searchableFields:a=B.c,labels:d={},secondaryPageInfo:m,onFormSubmit:g,flyoutSize:y,"data-test-subj":b,allowCardEditAction:v=!0,allowCardCreateAction:x=!0,allowCardDeleteAction:T=!0})=>{var C,M;const{state:F}=Object(o.useLocation)(),z=Object(f.a)(b),$=Object(h.n)(),U=Object(s.b)(),H=Object(A.a)(v,x),W=Object(_.a)(),{urlParams:{filter:Q,includedPolicies:Y}}=Object(q.a)(),{isPageInitializing:K,isFetching:Z,data:J,uiPagination:X,doesDataExist:ee,error:te,refetch:ae}=((e,t)=>{const a=Object(s.b)(),{urlParams:{filter:i,includedPolicies:r}}=Object(q.a)(),{pagination:{page:o,pageSize:l}}=Object(L.b)(),c=((e,t,a)=>Object(n.useMemo)((()=>Object(P.a)({kuery:Object(P.b)(e,t),policies:a?a.split(","):[]})),[t,e,a]))(i,t,r),{data:u,isFetching:d,refetch:p}=Object(N.useQuery)(["does-data-exists",e],(async()=>e.hasData()),{enabled:!0,keepPreviousData:!0,refetchOnWindowFocus:!1}),[m,g]=Object(n.useState)({totalItemCount:0,pageSize:l,pageSizeOptions:[...R.f],pageIndex:o-1}),[y,f]=Object(n.useState)(!0),b=Object(E.e)(e,{page:o,perPage:l,filter:i,policies:r?r.split(","):[]},t),{data:h,isFetching:v,error:x,isSuccess:k}=b;return Object(n.useEffect)((()=>{a()&&y&&!d&&f(!1)}),[d,a,y]),Object(n.useEffect)((()=>{a()&&h&&!v&&k&&g((e=>({...e,pageIndex:h.page-1,pageSize:h.per_page,totalItemCount:h.total})))}),[v,a,k,h]),Object(n.useEffect)((()=>{!a()||v||d||x||"1"!==String(o)||c||!(h&&0===h.total&&u||h&&h.total>0&&!u)||p()}),[p,u,i,r,d,v,a,c,h,x,o]),Object(n.useMemo)((()=>({isPageInitializing:y,doesDataExist:null!=u&&u,uiPagination:m,...b})),[u,y,b,m])})(e,a);Object(n.useEffect)((()=>{var e;!Z&&te&&$.addDanger((null==te||null===(e=te.body)||void 0===e?void 0:e.message)||te.message)}),[te,$,Z]);const ne=Object(n.useMemo)((()=>{var e;return null!==(e=null==J?void 0:J.data)&&void 0!==e?e:[]}),[null==J?void 0:J.data]),[ie,re]=Object(n.useState)(void 0),[oe,se]=Object(n.useState)(void 0),le=Object(n.useMemo)((()=>({...S,...d})),[d]),ce=(({items:e,onAction:t,cardActionDeleteLabel:a,cardActionEditLabel:i,dataTestSubj:r,allowCardDeleteAction:o=!0,allowCardEditAction:s=!0})=>{const l=Object(f.a)(r),c=Object(h.n)(),{data:d}=Object(O.b)({onError:e=>{c.addDanger(Object(I.b)(e))}}),p=Object(u.f)(null==d?void 0:d.items),m=Object(n.useMemo)((()=>{const n={};for(const c of e){const e=[];s&&e.push({icon:"controlsHorizontal",onClick:()=>{t({type:"edit",item:c})},"data-test-subj":l("cardEditAction"),children:i}),o&&e.push({icon:"trash",onClick:()=>{t({type:"delete",item:c})},"data-test-subj":l("cardDeleteAction"),children:a}),n[c.id]={item:c,policies:p,"data-test-subj":r,actions:e.length>0?e:void 0,hideDescription:!c.description,hideComments:!c.comments.length}}return n}),[e,s,o,p,r,l,i,t,a]);return Object(n.useCallback)((e=>m[e.id]),[m])})({items:ne,onAction:Object(n.useCallback)((({type:e,item:t})=>{switch(e){case"edit":se(t),W({show:"edit",itemId:t.item_id});break;case"delete":re(t)}}),[W]),cardActionDeleteLabel:le.cardActionDeleteLabel,cardActionEditLabel:le.cardActionEditLabel,dataTestSubj:z("card"),allowCardDeleteAction:T,allowCardEditAction:v}),ue=Object(O.b)({onError:e=>{$.addWarning(Object(I.b)(e))}}),de=function(e){const[t,a]=Object(n.useState)();return Object(n.useEffect)((()=>{e&&e.onBackButtonNavigateTo&&a(e)}),[e]),t}(F),pe=Object(n.useMemo)((()=>{if(de&&de.onBackButtonNavigateTo)return i.a.createElement(V,de)}),[de]),me=Object(n.useMemo)((()=>{if(de&&de.onBackButtonNavigateTo)return i.a.createElement(G.a,de)}),[de]),ge=Object(n.useCallback)((()=>{W({show:"create"})}),[W]),ye=Object(n.useCallback)((({pageIndex:e,pageSize:t})=>{W({page:e+1,pageSize:t}),window.scrollTo({top:0,left:0,behavior:"smooth"})}),[W]),fe=Object(n.useCallback)(((e,t,a)=>{const n=e!==(null!=Q?Q:"")||t!==(null!=Y?Y:"");W({filter:""===e.trim()?void 0:e,includedPolicies:""===t.trim()?void 0:t}),a&&!n&&ae()}),[Q,Y,ae,W]),be=Object(n.useCallback)((()=>{U()&&(re(void 0),ae())}),[U,ae]),he=Object(n.useCallback)((()=>{re(void 0)}),[]),Ee=Object(n.useCallback)((()=>{se(void 0),ae()}),[ae]),ve=Object(n.useCallback)((()=>{se(void 0)}),[]),xe=Object(n.useMemo)((()=>{const e=le.pageAboutInfo?i.a.createElement("span",{"data-test-subj":"header-panel-subtitle"},le.pageAboutInfo):void 0,t=m?i.a.createElement(i.a.Fragment,null,i.a.createElement(r.EuiSpacer,{size:"m"}),m):void 0;return i.a.createElement(i.a.Fragment,null,e,t)}),[le.pageAboutInfo,m]);return K?i.a.createElement(w.a,{"data-test-subj":z("pageLoader")}):i.a.createElement(l.a,{headerBackComponent:me,hideHeader:!ee,title:le.pageTitle,subtitle:xe,actions:x&&i.a.createElement(r.EuiButton,{fill:!0,iconType:"plusInCircle",isDisabled:H,onClick:ge,"data-test-subj":z("pageAddButton")},le.pageAddButtonTitle),"data-test-subj":z("container")},H&&i.a.createElement(p.b,{apiClient:e,item:oe,onSuccess:Ee,onClose:ve,FormComponent:t,labels:le,size:y,submitHandler:g,policies:(null===(C=ue.data)||void 0===C?void 0:C.items)||[],policiesIsLoading:ue.isLoading,"data-test-subj":z("flyout")}),ie&&i.a.createElement(k,{apiClient:e,item:ie,labels:le,"data-test-subj":z("deleteModal"),onSuccess:be,onCancel:he}),ee?i.a.createElement(i.a.Fragment,null,i.a.createElement(j.a,{defaultValue:Q,onSearch:fe,placeholder:le.searchPlaceholderInfo,hasPolicyFilter:!0,policyList:null===(M=ue.data)||void 0===M?void 0:M.items,defaultIncludedPolicies:Y}),i.a.createElement(r.EuiSpacer,{size:"m"}),i.a.createElement(r.EuiText,{color:"subdued",size:"xs","data-test-subj":z("showCount")},le.getShowingCountLabel(X.totalItemCount)),i.a.createElement(r.EuiSpacer,{size:"s"}),i.a.createElement(c.a,{items:ne,ItemComponent:u.a,itemComponentProps:ce,onChange:ye,error:te,loading:Z,pagination:X,contentClassName:"card-container","data-test-subj":z("list")})):i.a.createElement(D,{onAdd:ge,titleNoEntriesLabel:le.emptyStateTitleNoEntries,titleLabel:le.emptyStateTitle,aboutInfo:le.emptyStateInfo,primaryButtonLabel:le.emptyStatePrimaryButtonLabel,backComponent:pe,"data-test-subj":z("emptyState"),secondaryAboutInfo:m,canCreateItems:x}))}));U.displayName="ArtifactListPage"},,,function(e,t,a){"use strict";a.d(t,"a",(function(){return N}));var n=a(40),i=a(2),r=a.n(i),o=a(8),s=a(167),l=a(236),c=a(336);const u=e=>Object(c.e)(e)?l.k:l.g,d=({type:e})=>r.a.createElement(n.EuiToolTip,{content:u(e)},r.a.createElement(n.EuiIcon,{type:"iInCircle",size:"m"}));var p=a(41),m=a.n(p);const g=m.a.div.withConfig({displayName:"OverflowParent",componentId:"sc-sjnml3-0"})(["display:inline-grid;"]),y=m.a.div.withConfig({displayName:"OverflowContainer",componentId:"sc-sjnml3-1"})(["white-space:nowrap;overflow:hidden;text-overflow:ellipsis;font-weight:bold;"]),f=({field:e="",feedName:t="",value:a=""})=>{const i=`${e} ${a}${t?` ${l.e} ${t}`:""}`;return r.a.createElement(n.EuiToolTip,{content:a},r.a.createElement(g,{"data-test-subj":"enrichment-button-content"},r.a.createElement(y,null,i)))},b=m.a.h5.withConfig({displayName:"StyledH5",componentId:"sc-1i38kio-0"})(["line-height:1.7rem;"]),h=e=>r.a.createElement(n.EuiTitle,{size:"xxxs"},r.a.createElement(b,null,e));h.displayName="ThreatSummaryTitle";var E=a(149),v=a(509);const x=m()(n.EuiInMemoryTable).withConfig({displayName:"ThreatSummaryTable",componentId:"sc-1pwinz3-0"})([".euiTableHeaderCell,.euiTableRowCell{border:none;}.euiTableHeaderCell .euiTableCellContent{padding:0;}"]);var k=a(4),S=a(802);const w=m()(n.EuiAccordion).withConfig({displayName:"StyledEuiAccordion",componentId:"sc-mlcc85-0"})([".euiAccordion__triggerWrapper{background:",";border-radius:",";height:",";margin-bottom:",";padding-left:",";}"],(({theme:e})=>e.eui.euiColorLightestShade),(({theme:e})=>e.eui.euiSizeXS),(({theme:e})=>e.eui.euiSizeXL),(({theme:e})=>e.eui.euiSizeS),(({theme:e})=>e.eui.euiSizeS)),j=[{field:"title",truncateText:!1,render:h,width:"220px",name:""},{field:"description",truncateText:!1,render:({fieldName:e,value:t})=>{const a=e.match(s.p)?r.a.createElement(n.EuiLink,{href:t,target:"_blank"},t):r.a.createElement("span",null,t);return r.a.createElement(n.EuiToolTip,{"data-test-subj":"message-tool-tip",content:r.a.createElement(n.EuiFlexGroup,{direction:"column",gutterSize:"none"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement("span",null,e)))},a)},name:""}],O=e=>Object.keys(e).sort().map((t=>({title:t.startsWith(k.I)?t.replace(`${k.I}`,"indicator"):t,description:{fieldName:t,value:Object(S.a)(e[t])}}))),I=({enrichment:e,index:t})=>{const{id:a="threat-details-item",field:i,feedName:o,type:s,value:u}=Object(c.c)(e),d=`${a}${i}`;return r.a.createElement(w,{id:d,key:d,initialIsOpen:!0,arrowDisplay:"right",buttonContent:r.a.createElement(f,{field:i,feedName:o,value:u}),extraAction:Object(c.e)(s)&&r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(E.b,{queryId:v.a,title:l.j}))},r.a.createElement(x,{columns:j,compressed:!0,"data-test-subj":`threat-details-view-${t}`,items:O(e)}))},T=({enrichments:e})=>r.a.createElement(r.a.Fragment,null,e.sort(((e,t)=>Object(c.d)(t)-Object(c.d)(e))).map(((t,a)=>r.a.createElement(r.a.Fragment,{key:`${t.id}`},r.a.createElement(I,{enrichment:t,index:a}),a<e.length-1&&r.a.createElement(n.EuiSpacer,{size:"m"})))));var C=a(44);const M=m.a.div.withConfig({displayName:"InlineBlock",componentId:"sc-oksmx3-0"})(["display:inline-block;line-height:1.7em;"]),F=({type:e})=>e?r.a.createElement(M,{"data-test-subj":"no-enrichments-found"},e===s.c.IndicatorMatchRule?l.l:r.a.createElement(C.FormattedMessage,{id:"xpack.securitySolution.enrichment.noInvestigationEnrichment",defaultMessage:"Additional threat intelligence wasn't found within the selected time frame. Try a different time frame, or {link} to collect threat intelligence for threat detection and matching.",values:{link:r.a.createElement(n.EuiLink,{href:"https://www.elastic.co/guide/en/security/current/es-threat-intel-integrations.html",target:"_blank"},r.a.createElement(C.FormattedMessage,{id:"xpack.securitySolution.enrichment.investigationEnrichmentDocumentationLink",defaultMessage:"enable threat intelligence integrations"}))}})):null,D=({type:e})=>e?r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiFlexGroup,{direction:"row",gutterSize:"xs",alignItems:"baseline"},r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiTitle,{size:"xxxs"},r.a.createElement("h5",null,e===s.c.IndicatorMatchRule?l.f:l.i))),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(d,{type:e}))),r.a.createElement(n.EuiSpacer,{size:"s"})):null,A=({enrichments:e,type:t,loading:a,dataTestSubj:i,children:o})=>r.a.createElement("div",{"data-test-subj":i},r.a.createElement(D,{type:t}),o,Array.isArray(e)?r.a.createElement(T,{enrichments:e}):r.a.createElement(r.a.Fragment,null,r.a.createElement(F,{type:t}),a&&r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSpacer,{size:"m"}),r.a.createElement(n.EuiSkeletonText,{"data-test-subj":"loading-enrichments",lines:4})))),_=({enrichments:e,before:t=null,showInvestigationTimeEnrichments:a,loading:i,children:l})=>{const{[s.c.IndicatorMatchRule]:c,[s.c.InvestigationTime]:u,undefined:d}=Object(o.groupBy)(e,"matched.type");return r.a.createElement(r.a.Fragment,null,t,r.a.createElement(A,{dataTestSubj:"threat-match-detected",enrichments:c,type:s.c.IndicatorMatchRule}),a&&r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiHorizontalRule,null),r.a.createElement(A,{dataTestSubj:"enriched-with-threat-intel",enrichments:u,type:s.c.InvestigationTime,loading:i},l)),d&&r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiHorizontalRule,null),c&&r.a.createElement(n.EuiSpacer,{size:"l"}),r.a.createElement(A,{enrichments:d,dataTestSubj:"matches-with-no-type"})))},N=r.a.memo(_)},function(e,t,a){"use strict";a.d(t,"a",(function(){return M}));var n=a(2),i=a.n(n),r=a(41),o=a.n(r),s=a(40),l=a(44),c=a(126),u=a(46),d=a(3),p=a(8),m=a(215),g=a(255);let y,f;!function(e){e.asc="asc",e.desc="desc"}(y||(y={})),function(e){e.actions="responseActions",e.results="responseActionsResults"}(f||(f={}));var b=a(102);var h=a(1406),E=a(155),v=a(809);const x=({type:e})=>{const t=Object(n.useMemo)((()=>{if("endpoint"===e)return{icon:"logoSecurity",name:"Elastic Defend"}}),[e]);return i.a.createElement(s.EuiEmptyPrompt,{iconType:t.icon,title:i.a.createElement("h2",null,v.b),titleSize:"xs",body:i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.responseActions.results.missingPrivileges",defaultMessage:"To access these results, ask your administrator for {integration} Kibana privileges.",values:{integration:i.a.createElement(s.EuiCode,null,t.name)}})})},k=({action:e,ruleName:t})=>{const{agent:a}=e,{action_id:r,expiration:o}=e.EndpointActions,{endpointPrivileges:{canAccessEndpointActionsLogManagement:p}}=Object(c.a)(),[g,E]=Object(n.useState)(!0),{data:v}=((e,{enabled:t,action:a,isLive:n=!1})=>{const{data:i}=Object(b.j)().services,{expiration:r,actionId:o,agent:s}=e;return Object(u.useQuery)({queryKey:["allResponsesResults",{actionId:o}],queryFn:async()=>{var e,t,a;const n=await Object(d.lastValueFrom)(i.search.search({actionId:o,expiration:r,sort:{order:y.desc,field:"@timestamp"},agents:(Array.isArray(s.id)?s.id:[s.id]).length,factoryQueryType:f.results},{strategy:m.l}));return{action_id:o,completedAt:null===(e=n.edges[0])||void 0===e||null===(t=e.fields)||void 0===t||null===(a=t["EndpointActions.completed_at"])||void 0===a?void 0:a[0],isExpired:n.isExpired,wasSuccessful:n.wasSuccessful,isCompleted:n.isCompleted,status:n.status}},select:e=>((e,t)=>{var a;const{rule:n}=e,{parameters:i,alert_id:r,comment:o,command:s,hosts:l}=e.EndpointActions.data;return{id:e.EndpointActions.action_id,agents:e.agent.id,parameters:i,...null!=r&&r.length?{alertIds:r}:{},...n?{ruleId:n.id,ruleName:n.name}:{},createdBy:(null===(a=e.rule)||void 0===a?void 0:a.name)||"unknown",comment:o,command:s,hosts:l,startedAt:e["@timestamp"],completedAt:null==t?void 0:t.completedAt,isCompleted:!(null==t||!t.isCompleted),isExpired:!(null==t||!t.isExpired),wasSuccessful:!(null==t||!t.isCompleted),status:t.status,agentState:{},errors:e.error?[e.error.message]:void 0}})(a,e),keepPreviousData:!0,enabled:t,refetchInterval:!!n&&5e3})})({actionId:r,expiration:o,agent:a},{enabled:p,action:e,isLive:g});Object(n.useEffect)((()=>{E((()=>{var e;return!v||!(null!==(e=v.errors)&&void 0!==e&&e.length)&&"pending"===v.status}))}),[v]);const k=v?S(v):"",w=Object(n.useMemo)((()=>null!=v&&v.hosts?Object.values(v.hosts)[0].name:""),[null==v?void 0:v.hosts]);return i.a.createElement(s.EuiComment,{username:t,timestamp:i.a.createElement(l.FormattedRelative,{value:e["@timestamp"]}),event:k,"data-test-subj":"endpoint-results-comment"},p?v?i.a.createElement(h.a,{action:v,"data-test-subj":`response-results-${w}`}):i.a.createElement(s.EuiLoadingSpinner,null):i.a.createElement(x,{type:"endpoint"}))},S=e=>{var t;return null!==(t=e.errors)&&void 0!==t&&t.length?E.g.failed(e.command):"pending"===e.status?E.g.pending(e.command):"successful"===e.status?E.g.executed(e.command):E.g.tried(e.command)},w=i.a.memo((({actions:e,ruleName:t,ecsData:a})=>{const{services:{osquery:r}}=Object(b.j)(),{OsqueryResult:o}=r,l=Object(n.useCallback)((e=>{if(j(e)){const n=e.action_id,r=e["@timestamp"];return i.a.createElement(o,{key:n,actionId:n,startDate:r,ruleName:t,ecsData:a})}return O(e)?i.a.createElement(k,{action:e,ruleName:t,key:e.EndpointActions.action_id}):null}),[o,a,t]);return i.a.createElement(i.a.Fragment,null,e.map((e=>i.a.createElement(i.a.Fragment,null,i.a.createElement(s.EuiSpacer,{size:"s"}),l(e),i.a.createElement(s.EuiSpacer,{size:"s"})))))}));w.displayName="ResponseActionsResults";const j=e=>e&&"input_type"in e&&"osquery"===(null==e?void 0:e.input_type),O=e=>e&&"EndpointActions"in e&&"endpoint"===(null==e?void 0:e.EndpointActions.input_type);var I=a(596),T=a(124);const C=o.a.div.withConfig({displayName:"TabContentWrapper",componentId:"sc-1y7ogme-0"})(["height:100%;position:relative;"]),M=({rawEventData:e,ecsData:t})=>{var a,n,r,o,c,h,v,x,k,S,j;const O=Object(T.a)("endpointResponseActionsEnabled"),M=e?Object(g.a)(e.fields):void 0,F=null==M||null===(a=M.kibana)||void 0===a||null===(n=a.alert)||void 0===n||null===(r=n.rule)||void 0===r||null===(o=r.parameters)||void 0===o?void 0:o[0].response_actions,D=!e||!O||!(null!=F&&F.length),A=null!==(c=null==e?void 0:e._id)&&void 0!==c?c:"",{data:_,isFetched:N}=((e,{enabled:t})=>{const{data:a}=Object(b.j)().services,{alertIds:n}=e;return Object(u.useQuery)({queryKey:["actions",{alertId:n[0]}],queryFn:async()=>{const e=await Object(d.lastValueFrom)(a.search.search({alertIds:n,sort:{order:y.desc,field:"@timestamp"},factoryQueryType:f.actions},{strategy:m.l})),t=Object(p.map)(Object(p.filter)(e.edges,"fields"),(e=>Object(g.a)(e.fields,!0)));return{...e,items:Object(p.compact)(t)}},enabled:t,keepPreviousData:!0})})({alertIds:[A]},{enabled:!D});if(D)return;const R=null==M||null===(h=M.kibana)||void 0===h||null===(v=h.alert)||void 0===v||null===(x=v.rule)||void 0===x||null===(k=x.name)||void 0===k?void 0:k[0],q=null!==(S=null==_||null===(j=_.items)||void 0===j?void 0:j.length)&&void 0!==S?S:0,P=i.a.createElement(i.a.Fragment,null,i.a.createElement(s.EuiSpacer,{size:"s"}),i.a.createElement(C,{"data-test-subj":"responseActionsViewWrapper"},N&&q&&null!=_&&_.items.length?i.a.createElement(w,{actions:_.items,ruleName:R,ecsData:t}):i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.eventDetails.responseActionsViewNoActions",defaultMessage:"There are no response actions defined for this event."})));return{id:I.b.responseActionsView,"data-test-subj":"responseActionsViewTab",name:E.y,append:i.a.createElement(s.EuiNotificationBadge,{"data-test-subj":"response-actions-notification"},q),content:P}}},,function(e,t,a){"use strict";a.d(t,"a",(function(){return w}));var n=a(2),i=a.n(n),r=a(41),o=a.n(r),s=a(877),l=a(382);var c=a(5);c.i18n.translate("xpack.securitySolution.expandedValue.showTopN.showTopValues",{defaultMessage:"Show top values"}),c.i18n.translate("xpack.securitySolution.expandedValue.hideTopValues.HideTopValues",{defaultMessage:"Hide top values"});const u=c.i18n.translate("xpack.securitySolution.expandedValue.links.viewHostSummary",{defaultMessage:"View host summary"}),d=c.i18n.translate("xpack.securitySolution.expandedValue.links.viewUserSummary",{defaultMessage:"View user summary"}),p=c.i18n.translate("xpack.securitySolution.expandedValue.links.expandIpDetails",{defaultMessage:"Expand ip details"}),m=c.i18n.translate("xpack.securitySolution.expandedValue.links.viewRuleDetails",{defaultMessage:"View rule details"}),g=c.i18n.translate("xpack.securitySolution.expandedValue.links.viewPortDetails",{defaultMessage:"View port details"}),y=c.i18n.translate("xpack.securitySolution.expandedValue.links.viewRuleReference",{defaultMessage:"View rule reference"}),f=c.i18n.translate("xpack.securitySolution.expandedValue.links.viewEventReference",{defaultMessage:"View event reference"}),b=c.i18n.translate("xpack.securitySolution.expandedValue.links.viewIndicatorReference",{defaultMessage:"View indicator reference"});var h=a(188),E=a(167),v=a(395),x=a(380);a(102);const k=[{columnId:h.g,label:u},{columnId:"source.ip",fieldType:v.b,label:p},{columnId:"destination.ip",fieldType:v.b,label:p},{columnId:"signal.rule.name",label:m,linkField:"signal.rule.id"},...x.b.map((e=>({columnId:e,label:g}))),{columnId:h.m,label:y},{columnId:h.l,label:y},{columnId:h.e,label:f},{columnId:E.j,label:b},{columnId:h.p,label:d}],S=o.a.div.withConfig({displayName:"StyledContent",componentId:"sc-18lfxbd-0"})(["padding:",";width:100%;margin:0 auto;"],(({$isDetails:e})=>e?"0 8px":void 0)),w=({data:e,ecsData:t,eventId:a,header:r,isDetails:o,isDraggable:c,isTimeline:u,linkValues:d,rowRenderers:p,scopeId:m,truncate:g,asPlainText:y})=>{const f=Object(n.useMemo)((()=>{return void 0!==(e=r.id,t=r.type,a=r.linkField,k.find((n=>n.columnId===e||!(!n.fieldType||t!==n.fieldType||void 0===a&&void 0===n.linkField))))&&!u;var e,t,a}),[r.id,r.linkField,r.type,u]),b=Object(s.c)({data:e,fieldName:r.id}),h=o?"eui-textBreakWord":"eui-displayInlineBlock eui-textTruncate";return i.a.createElement(S,{className:h,$isDetails:o},((e,t,a)=>{const n=t.find((t=>t.isInstance(e,a)));return null!=n?n:(()=>{throw new Error("Unhandled Column Renderer")})()})(r.id,l.a,e).renderColumn({asPlainText:null!=y?y:f,columnName:r.id,ecsData:t,eventId:a,field:r,isDetails:o,isDraggable:c,linkValues:d,rowRenderers:p,scopeId:m,truncate:g,values:b}))}},,function(e,t,a){"use strict";a.d(t,"a",(function(){return A}));var n=a(42),i=a(40),r=a(2),o=a.n(r),s=a(287),l=a(41),c=a.n(l),u=a(59),d=a(119),p=a(115),m=a(701),g=a(111),y=a(183),f=a(730),b=a(133),h=a(8),E=a(240),v=a.n(E),x=a(165),k=a(155),S=a(812),w=a(751),j=a(217),O=a(5);const I=o.a.memo((({data:e,field:t,fieldMapping:a,scripted:n})=>{const r=function(e){switch(e){case"boolean":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.booleanAriaLabel",{defaultMessage:"Boolean field"});case"conflict":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.conflictFieldAriaLabel",{defaultMessage:"Conflicting field"});case"date":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.dateFieldAriaLabel",{defaultMessage:"Date field"});case"geo_point":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.geoPointFieldAriaLabel",{defaultMessage:"Geo point field"});case"geo_shape":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.geoShapeFieldAriaLabel",{defaultMessage:"Geo shape field"});case"ip":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.ipAddressFieldAriaLabel",{defaultMessage:"IP address field"});case"murmur3":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.murmur3FieldAriaLabel",{defaultMessage:"Murmur3 field"});case"number":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.numberFieldAriaLabel",{defaultMessage:"Number field"});case"source":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.sourceFieldAriaLabel",{defaultMessage:"Source field"});case"string":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.stringFieldAriaLabel",{defaultMessage:"String field"});case"nested":return O.i18n.translate("xpack.securitySolution.fieldNameIcons.nestedFieldAriaLabel",{defaultMessage:"Nested field"});default:return O.i18n.translate("xpack.securitySolution.fieldNameIcons.unknownFieldAriaLabel",{defaultMessage:"Unknown field"})}}(e.type),s=a&&a.displayName?a.displayName:t,l=s!==t?`${t} (${s})`:t,c=null==a?void 0:a.isSubtypeMulti();return o.a.createElement(o.a.Fragment,null,o.a.createElement(i.EuiFlexItem,{grow:!1,className:"eventFieldsTable__fieldIcon"},o.a.createElement(w.a,{"data-test-subj":"field-type-icon",type:e.type,label:r,scripted:n})),o.a.createElement(i.EuiFlexGroup,{wrap:!0,gutterSize:"none",responsive:!1,alignItems:"flexStart","data-test-subj":"field-name-cell"},o.a.createElement(i.EuiFlexItem,{className:"eventFieldsTable__fieldName eui-textBreakAll",grow:!1},o.a.createElement(i.EuiToolTip,{position:"top",content:Object(h.isEmpty)(e.description)?l:`${e.description} ${Object(j.c)(e.example)}`,delay:"long",anchorClassName:"eui-textBreakAll"},o.a.createElement(i.EuiText,{size:"xs","data-test-subj":"field-name"},t))),c&&o.a.createElement(i.EuiToolTip,{position:"top",delay:"long",content:k.t},o.a.createElement(i.EuiBadge,{title:"",className:"eventFieldsTable__multiFieldBadge",color:"default","data-test-subj":`eventFieldsTableRow-${t}-multifieldBadge`},k.s))))}));I.displayName="FieldNameCell",c()(i.EuiPanel).withConfig({displayName:"HoverActionsContainer",componentId:"sc-172eod5-0"})(["align-items:center;display:flex;flex-direction:row;height:25px;justify-content:center;left:5px;position:absolute;top:-10px;width:30px;"]).displayName="HoverActionsContainer";const T=v()(((e,t)=>Object(h.get)(t,e)),((e,t)=>e[0].join()===t[0].join()));var C=a(105);const M=c.a.div.withConfig({displayName:"TableWrapper",componentId:"sc-ljv1sr-0"})(["display:flex;flex:1;overflow:hidden;> div{display:flex;flex-direction:column;flex:1;overflow:hidden;> .euiFlexGroup:first-of-type{flex:0;}}"]),F=c()(i.EuiInMemoryTable).withConfig({displayName:"StyledEuiInMemoryTable",componentId:"sc-ljv1sr-1"})(["flex:1;overflow:auto;overflow-x:hidden;&::-webkit-scrollbar{height:",";width:",";}&::-webkit-scrollbar-thumb{background-clip:content-box;background-color:",";border:"," solid transparent;}&::-webkit-scrollbar-corner,&::-webkit-scrollbar-track{background-color:transparent;}.eventFieldsTable__fieldIcon{padding-top:","px;}.eventFieldsTable__fieldName{line-height:",";padding:",";}.inlineActions{opacity:0;}.eventFieldsTable__tableRow{font-size:",";font-family:",";.inlineActions-popoverOpen{opacity:1;}&:hover{.inlineActions{opacity:1;}}}.eventFieldsTable__actionCell,.eventFieldsTable__fieldNameCell{align-items:flex-start;padding:",";}.eventFieldsTable__fieldValue{display:inline-block;word-break:break-all;word-wrap:break-word;white-space:pre-wrap;line-height:",";color:",";vertical-align:top;}"],(({theme:e})=>e.eui.euiScrollBar),(({theme:e})=>e.eui.euiScrollBar),(({theme:e})=>Object(s.rgba)(e.eui.euiColorDarkShade,.5)),(({theme:e})=>e.eui.euiScrollBarCorner),(({theme:e})=>1.5*parseFloat(e.eui.euiSizeXS)),(({theme:e})=>e.eui.euiLineHeight),(({theme:e})=>e.eui.euiSizeXS),(({theme:e})=>e.eui.euiFontSizeXS),(({theme:e})=>e.eui.euiCodeFontFamily),(({theme:e})=>e.eui.euiSizeXS),(({theme:e})=>e.eui.euiLineHeight),(({theme:e})=>e.eui.euiColorFullShade)),D=[25,50,100],A=o.a.memo((({browserFields:e,data:t,eventId:a,isDraggable:s,timelineTabType:l,scopeId:c,isReadOnly:h})=>{const E=Object(r.useRef)(null),v=Object(r.useMemo)((()=>Object(p.isTimelineScope)(c)?g.b.getTimelineByIdSelector():Object(p.isInTableScope)(c)?d.j.getTableByIdSelector():void 0),[c]),w=Object(p.isTimelineScope)(c)?b.b:d.q,O=Object(C.a)((t=>{var a;const{columns:n}=null!==(a=v&&v(t,c))&&void 0!==a?a:w;return Object(f.b)(n,e)})),A=Object(r.useMemo)((()=>Object(y.a)(e)),[e]),_=Object(r.useMemo)((()=>Object(n.sortBy)(["field"],t).map(((e,t)=>({...e,...A[e.field],valuesConcatenated:null!=e.values?e.values.join():"",ariaRowindex:Object(u.arrayIndexToAriaIndex)(t)})))),[t,A]),N=Object(r.useCallback)((e=>{var a;const i=(null!==(a=O.find((t=>t.id===e)))&&void 0!==a?a:{}).linkField;if(!i)return null;const r=(null!=t?t:[]).find((e=>e.field===i)),o=Object(n.getOr)(null,"originalValue",r);return Array.isArray(o)?o[0]:o}),[t,O]),R=Object(r.useCallback)((({ariaRowindex:e,field:t})=>({...null!=e?{"data-rowindex":e}:{},className:"eventFieldsTable__tableRow","data-test-subj":`event-fields-table-row-${t}`})),[]),q=Object(r.useMemo)((()=>(({browserFields:e,eventId:t,contextId:a,scopeId:n,getLinkValue:r,isDraggable:s,isReadOnly:l})=>[...l?[]:[{field:"values",name:o.a.createElement(i.EuiText,{size:"xs"},o.a.createElement("strong",null,k.a)),sortable:!1,truncateText:!1,width:"132px",render:(e,t)=>o.a.createElement(x.c,{data:{field:t.field,value:e},triggerId:x.d.DETAILS_FLYOUT,mode:x.a.INLINE,visibleCellActions:3,sourcererScopeId:Object(p.getSourcererScopeId)(n),metadata:{scopeId:n,isObjectArray:t.isObjectArray}})}],{field:"field",className:"eventFieldsTable__fieldNameCell",name:o.a.createElement(i.EuiText,{size:"xs"},o.a.createElement("strong",null,k.k)),sortable:!0,truncateText:!1,render:(e,t)=>o.a.createElement(I,{data:t,field:e,fieldMapping:void 0})},{field:"values",className:"eventFieldsTable__fieldValueCell",name:o.a.createElement(i.EuiText,{size:"xs"},o.a.createElement("strong",null,k.E)),sortable:!0,truncateText:!1,render:(n,i)=>{const l=T([i.category,"fields",i.field],e);return o.a.createElement(S.a,{contextId:a,data:i,eventId:t,fieldFromBrowserField:l,getLinkValue:r,isDraggable:s,values:n})}}])({browserFields:e,eventId:a,contextId:`event-fields-browser-for-${c}-${l}`,scopeId:c,getLinkValue:N,isDraggable:s,isReadOnly:h})),[e,a,c,l,N,s,h]),P=Object(r.useCallback)((()=>{var e,t;null===(e=E.current)||void 0===e||null===(t=e.querySelector('input[type="search"]'))||void 0===t||t.focus()}),[]),L=Object(r.useCallback)((()=>{var e;null===(e=document.querySelector(`.${m.a}`))||void 0===e||e.focus()}),[]),B=Object(r.useCallback)((e=>{Object(u.isTab)(e)?Object(j.f)({containerElement:E.current,keyboardEvent:e,onSkipFocusBeforeEventsTable:P,onSkipFocusAfterEventsTable:L}):Object(u.onKeyDownFocusHandler)({colindexAttribute:u.DATA_COLINDEX_ATTRIBUTE,containerElement:null==E?void 0:E.current,event:e,maxAriaColindex:3,maxAriaRowindex:t.length,onColumnFocused:n.noop,rowindexAttribute:u.DATA_ROWINDEX_ATTRIBUTE})}),[t,L,P]);Object(r.useEffect)((()=>{P()}),[P]);const{onTableChange:z,paginationTableProp:$}=(()=>{const[e,t]=Object(r.useState)({pageIndex:0});return{onTableChange:Object(r.useCallback)((({page:{index:e}})=>{t({pageIndex:e})}),[]),paginationTableProp:Object(r.useMemo)((()=>({...e,pageSizeOptions:D})),[e])}})();return o.a.createElement(M,{onKeyDown:B,ref:E},o.a.createElement(F,{className:j.a,items:_,itemId:"field",columns:q,onTableChange:z,pagination:$,rowProps:R,search:j.g,sorting:!1,"data-test-subj":"event-fields-browser"}))}));A.displayName="EventFieldsBrowser"},,,function(e,t,a){"use strict";a.d(t,"b",(function(){return A})),a.d(t,"a",(function(){return _}));var n=a(2),i=a.n(n),r=a(40),o=a(41),s=a.n(o),l=a(103),c=a(119),u=a(115),d=a(102),p=a(5);const m=p.i18n.translate("xpack.securitySolution.timeline.graphOverlay.closeAnalyzerButton",{defaultMessage:"Close analyzer"}),g=p.i18n.translate("xpack.securitySolution.timeline.graphOverlay.closeSessionButton",{defaultMessage:"Close session viewer"});var y=a(118),f=a(111),b=a(116),h=a(302),E=a(133),v=a(105),x=a(690),k=a(110),S=a(529),w=a(4),j=a(459),O=a(497),I=a(178),T=a(518),C=a(126);const M=s()(r.EuiButtonIcon).withConfig({displayName:"FullScreenButtonIcon",componentId:"sc-tyt961-0"})(["margin:4px 0 4px 0;"]),F=({fullScreen:e,globalFullScreen:t,onCloseOverlay:a,isActiveTimelines:n,timelineFullScreen:o,toggleFullScreen:s,graphEventId:l,activeTab:c})=>i.a.createElement(r.EuiFlexGroup,{alignItems:"center",gutterSize:"none"},i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButtonEmpty,{iconType:"cross",onClick:a,size:"xs","data-test-subj":"close-overlay"},n?c===y.d.graph?m:g:l?m:g)),!1===n&&i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiToolTip,{content:e?O.a:j.d},i.a.createElement(M,{"aria-label":Object(S.b)({globalFullScreen:t,isActiveTimelines:n,timelineFullScreen:o})?O.a:j.d,className:e?w.yb:"",color:e?"ghost":"primary","data-test-subj":"full-screen",iconType:"fullScreen",onClick:s}))));F.displayName="NavigationComponent";const D=i.a.memo(F),A=({scopeId:e})=>{const t=Object(l.useDispatch)(),a=Object(n.useMemo)((()=>Object(u.isTimelineScope)(e)?f.b.getTimelineByIdSelector():Object(u.isInTableScope)(e)?c.j.getTableByIdSelector():void 0),[e]),{globalFullScreen:r,setGlobalFullScreen:o}=Object(I.a)(),{timelineFullScreen:s,setTimelineFullScreen:d}=Object(I.c)(),p=Object(u.isTimelineScope)(e)?E.b:c.q,{graphEventId:m,sessionViewConfig:g,activeTab:b,prevActiveTab:h}=Object(v.a)((t=>{var n;return{activeTab:E.b.activeTab,prevActiveTab:E.b.prevActiveTab,...null!==(n=a&&a(t,e))&&void 0!==n?n:p}})),x=Object(u.getScopedActions)(e),k=Object(n.useCallback)((()=>{null!==document.querySelector(".euiDataGrid--fullScreen")?Object(u.isActiveTimeline)(e)?document.body.classList.add("euiDataGrid__restrictBody"):document.body.classList.add(w.pc,"euiDataGrid__restrictBody"):Object(u.isActiveTimeline)(e)?d(!1):o(!1),!1===Object(u.isActiveTimeline)(e)?x&&(t(x.updateGraphEventId({id:e,graphEventId:""})),t(x.updateSessionViewConfig({id:e,sessionViewConfig:null}))):b===y.d.graph?(x&&t(x.updateGraphEventId({id:e,graphEventId:""})),h!==y.d.session||g||t(f.a.setActiveTabTimeline({id:e,activeTab:y.d.query}))):b===y.d.session&&(Object(u.isTimelineScope)(e)&&(h!==y.d.graph||m?t(f.a.setActiveTabTimeline({id:e,activeTab:h})):t(f.a.setActiveTabTimeline({id:e,activeTab:y.d.query}))),x&&t(x.updateSessionViewConfig({id:e,sessionViewConfig:null})))}),[d,o,x,t,e,b,h,g,m]),j=Object(n.useMemo)((()=>Object(S.b)({globalFullScreen:r,isActiveTimelines:Object(u.isActiveTimeline)(e),timelineFullScreen:s})),[r,e,s]),O=Object(n.useCallback)((()=>{Object(u.isActiveTimeline)(e)?d(!s):o(!r)}),[e,d,s,o,r]),T=Object(n.useMemo)((()=>i.a.createElement(D,{fullScreen:j,globalFullScreen:r,activeTab:b,onCloseOverlay:k,isActiveTimelines:Object(u.isActiveTimeline)(e),timelineFullScreen:s,toggleFullScreen:O,graphEventId:m})),[j,r,b,k,e,s,O,m]);return{onCloseOverlay:k,Navigation:T}},_=({scopeId:e,entityType:t,height:a})=>{const{sessionView:r}=Object(d.j)().services,o=Object(n.useMemo)((()=>Object(u.isTimelineScope)(e)?f.b.getTimelineByIdSelector():Object(u.isInTableScope)(e)?c.j.getTableByIdSelector():void 0),[e]),{globalFullScreen:s}=Object(I.a)(),{timelineFullScreen:p}=Object(I.c)(),{canReadPolicyManagement:m}=Object(C.a)().endpointPrivileges,g=Object(u.isTimelineScope)(e)?E.b:c.q,{sessionViewConfig:w,activeTab:j}=Object(v.a)((t=>{var a;return{activeTab:E.b.activeTab,prevActiveTab:E.b.prevActiveTab,...null!==(a=o&&o(t,e))&&void 0!==a?a:g}})),O=Object(n.useMemo)((()=>Object(S.b)({globalFullScreen:s,isActiveTimelines:Object(u.isActiveTimeline)(e),timelineFullScreen:p})),[s,e,p]),M=Object(n.useMemo)((()=>Object(u.isActiveTimeline)(e)?k.SourcererScopeName.timeline:T.a.includes(e)?k.SourcererScopeName.detections:k.SourcererScopeName.default),[e]),{openEventDetailsPanel:F,shouldShowDetailsPanel:D,DetailsPanel:A}=(({entityType:e,isFlyoutView:t,sourcererScope:a,scopeId:r,tabType:o=y.d.query})=>{const{browserFields:s,selectedPatterns:d,runtimeMappings:p}=Object(b.d)(a),m=Object(l.useDispatch)(),g=Object(n.useMemo)((()=>Object(u.isTimelineScope)(r)?f.b.getTimelineByIdSelector():Object(u.isInTableScope)(r)?c.j.getTableByIdSelector():void 0),[r]),k=Object(n.useMemo)((()=>d.join(",")),[d]),S=Object(v.a)((e=>{var t,a;return null===(t=null!==(a=g&&g(e,r))&&void 0!==a?a:E.b)||void 0===t?void 0:t.expandedDetail})),w=Object(n.useRef)((()=>{})),j=()=>{},O=Object(n.useMemo)((()=>{var e;return!!(o&&S&&S[o]&&null!==(e=S[o])&&void 0!==e&&e.panelView)}),[S,o]),I=Object(u.getScopedActions)(r),T=Object(n.useCallback)((e=>{e&&I&&m(I.toggleDetailPanel({...e,tabType:o,id:r}))}),[I,r,m,o]),C=Object(n.useCallback)(((e,t)=>{e&&T({panelView:"eventDetail",params:{eventId:e,indexName:k}}),w.current=null!=t?t:j}),[T,k]),M=Object(n.useCallback)(((e,t)=>{T({panelView:"hostDetail",params:{hostName:e}}),w.current=null!=t?t:j}),[T]),F=Object(n.useCallback)(((e,t,a)=>{T({panelView:"networkDetail",params:{ip:e,flowTarget:t}}),w.current=null!=a?a:j}),[T]),D=Object(n.useCallback)(((e,t)=>{T({panelView:"userDetail",params:{userName:e}}),w.current=null!=t?t:j}),[T]),A=Object(n.useCallback)((()=>{var e;w.current&&w.current(),I&&m(I.toggleDetailPanel({tabType:o,id:r})),o&&null!==(e=S[o])&&void 0!==e&&e.panelView&&r===y.c.active&&O&&h.a.toggleExpandedDetail({})}),[I,o,S,r,O,m]),_=Object(n.useMemo)((()=>O?i.a.createElement(x.a,{browserFields:s,entityType:e,handleOnPanelClosed:A,isFlyoutView:t,runtimeMappings:p,tabType:o,scopeId:r}):null),[s,e,A,t,p,O,o,r]);return{openEventDetailsPanel:C,openHostDetailsPanel:M,openNetworkDetailsPanel:F,openUserDetailsPanel:D,handleOnDetailsPanelClosed:A,shouldShowDetailsPanel:O,DetailsPanel:_}})({isFlyoutView:!Object(u.isActiveTimeline)(e),entityType:t,sourcererScope:M,scopeId:e,tabType:Object(u.isActiveTimeline)(e)?j:y.d.query}),_=Object(n.useMemo)((()=>{const e=a?a-118:void 0;return null!==w?r.getSessionView({...w,loadAlertDetails:F,isFullScreen:O,height:e,canReadPolicyManagement:m}):null}),[a,w,r,F,O,m]);return{openEventDetailsPanel:F,shouldShowDetailsPanel:D,SessionView:_,DetailsPanel:A}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(2),i=a(4);a(84);var r=a(323);const o=({_id:e,_index:t,timestamp:a})=>{const{getAppUrl:o}=Object(r.a)(),s=(({alertId:e,index:t,timestamp:a})=>`${i.g}/${e}?index=${t}&timestamp=${a}`)({alertId:e,index:t,timestamp:a}),l=t.includes(i.P);return Object(n.useMemo)((()=>{if(l)return null;const e=o({path:s});return`${window.location.origin}${e}`}),[l,o,s])}},function(e,t,a){"use strict";a.d(t,"a",(function(){return j}));var n=a(104),i=a.n(n),r=a(2),o=a.n(r),s=a(40),l=a(5),c=a(44),u=a(41),d=a.n(u),p=a(126),m=a(1046),g=a(245),y=a(107),f=a(323),b=a(274);const h=()=>{},E={bordered:!0,showIcons:!1},v={className:"effected-policies-search"},x=d.a.div.withConfig({displayName:"StyledEuiSelectable",componentId:"sc-rb0j09-0"})([".effected-policies-search{border-bottom-left-radius:0;border-bottom-right-radius:0;}.euiSelectableList{border-top-left-radius:0;border-top-right-radius:0;border-top-width:0;}"]),k=d()(s.EuiFlexItem).withConfig({displayName:"StyledEuiFlexItemButtonGroup",componentId:"sc-rb0j09-1"})(["@media only screen and (max-width:","){align-items:center;}"],(e=>e.theme.eui.euiBreakpoints.m)),S=d()(s.EuiButtonGroup).withConfig({displayName:"StyledButtonGroup",componentId:"sc-rb0j09-2"})(["display:flex;justify-content:right;.euiButtonGroupButton{padding-right:",";}"],(e=>e.theme.eui.euiSizeL)),w=d.a.div.withConfig({displayName:"EffectivePolicyFormContainer",componentId:"sc-rb0j09-3"})([".policy-name .euiSelectableListItem__text{text-decoration:none !important;color:"," !important;}"],(e=>e.theme.eui.euiTextColor)),j=Object(r.memo)((({isGlobal:e,isPlatinumPlus:t,description:a,isLoading:n=!1,onChange:u,listProps:d,options:j,selected:O=[],disabled:I=!1,"data-test-subj":T,...C})=>{const{getAppUrl:M}=Object(f.a)(),{canReadPolicyManagement:F}=Object(p.a)().endpointPrivileges,D=Object(y.a)(T),A=Object(r.useMemo)((()=>[{id:"globalPolicy",label:l.i18n.translate("xpack.securitySolution.endpoint.effectedPolicySelect.global",{defaultMessage:"Global"}),iconType:e?"checkInCircleFilled":"empty","data-test-subj":D("global")},{id:"perPolicy",label:l.i18n.translate("xpack.securitySolution.endpoint.effectedPolicySelect.perPolicy",{defaultMessage:"Per Policy"}),iconType:e?"empty":"checkInCircleFilled","data-test-subj":D("perPolicy")}]),[D,e]),_=Object(r.useMemo)((()=>{const a=new Set(O.map((e=>e.id)));return j.map((n=>({label:n.name,className:"policy-name",prepend:o.a.createElement(s.EuiCheckbox,{id:Object(s.htmlIdGenerator)()(),onChange:h,checked:a.has(n.id),disabled:e||!t||I,"data-test-subj":`policy-${n.id}-checkbox`}),append:F?o.a.createElement(m.a,{href:M({path:Object(g.j)(n.id)}),appPath:Object(g.j)(n.id),target:"_blank","data-test-subj":D("policyLink")},o.a.createElement(c.FormattedMessage,{id:"xpack.securitySolution.effectedPolicySelect.viewPolicyLinkLabel",defaultMessage:"View policy"})):null,policy:n,checked:a.has(n.id)?"on":void 0,disabled:e||!t||I,"data-test-subj":`policy-${n.id}`}))).sort((({label:e},{label:t})=>e.localeCompare(t)))}),[F,I,M,D,e,t,j,O]),N=Object(r.useCallback)((t=>{u({isGlobal:e,selected:t.filter((e=>e.checked)).map((e=>e.policy))})}),[e,u]),R=Object(r.useCallback)((e=>{u({isGlobal:"globalPolicy"===e,selected:O})}),[u,O]),q=Object(r.useCallback)(((e,t)=>o.a.createElement(o.a.Fragment,null,t,e)),[]);return o.a.createElement(w,null,o.a.createElement(s.EuiText,{size:"xs"},o.a.createElement("h3",null,o.a.createElement(c.FormattedMessage,{id:"xpack.securitySolution.effectedPolicySelect.assignmentSectionTitle",defaultMessage:"Assignment"}))),o.a.createElement(s.EuiSpacer,{size:"xs"}),o.a.createElement(s.EuiFlexGroup,null,o.a.createElement(s.EuiFlexItem,{grow:2},o.a.createElement(s.EuiText,{size:"s"},o.a.createElement("p",null,a||l.i18n.translate("xpack.securitySolution.effectedPolicySelect.assignmentSectionDescription",{defaultMessage:"Assign globally across all policies, or assign it to specific policies."})))),o.a.createElement(k,{grow:1},o.a.createElement(s.EuiFormRow,{fullWidth:!0,isDisabled:I},o.a.createElement(S,{legend:"Global Policy Toggle",options:A,idSelected:e?"globalPolicy":"perPolicy",onChange:R,color:"primary","data-test-subj":D("byPolicyGlobalButtonGroup"),isDisabled:I})))),o.a.createElement(s.EuiSpacer,null),!e&&(n?o.a.createElement(b.a,{size:"l","data-test-subj":D("policiesLoader")}):o.a.createElement(s.EuiFormRow,{fullWidth:!0},o.a.createElement(x,null,o.a.createElement(s.EuiSelectable,i()({},C,{options:_,listProps:d||E,onChange:N,searchProps:v,searchable:!0,"data-test-subj":D("policiesSelectable")}),q)))))}));j.displayName="EffectedPolicySelect"},function(e,t,a){"use strict";a.d(t,"a",(function(){return l})),a.d(t,"b",(function(){return c}));var n=a(2),i=a.n(n),r=a(44);const o=a(5).i18n.translate("xpack.securitySolution.detectionEngine.ruleInfo.UnknownText",{defaultMessage:"Unknown"});var s=a(132);const l=({createdBy:e,createdAt:t,"data-test-subj":a})=>i.a.createElement("div",{"data-test-subj":a},i.a.createElement(r.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.ruleDetails.ruleCreationDescription",defaultMessage:"Created by: {by} on {date}",values:{by:null!=e?e:o,date:i.a.createElement(s.a,{value:null!=t?t:(new Date).toISOString(),fieldName:"createdAt"})}}));l.displayName="CreatedBy";const c=({updatedBy:e,updatedAt:t,"data-test-subj":a})=>i.a.createElement("div",{"data-test-subj":a},i.a.createElement(r.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.ruleDetails.ruleUpdateDescription",defaultMessage:"Updated by: {by} on {date}",values:{by:null!=e?e:o,date:i.a.createElement(s.a,{value:null!=t?t:(new Date).toISOString(),fieldName:"updatedAt"})}}));c.displayName="UpdatedBy"},function(e,t,a){"use strict";a.d(t,"a",(function(){return m}));var n=a(2),i=a.n(n),r=a(40),o=a(694),s=a(181),l=a(5),c=a(44),u=a(664);const d={type:"primary",id:"need-admin-for-update-rules",title:l.i18n.translate("xpack.securitySolution.detectionEngine.needAdminForUpdateCallOutBody.messageTitle",{defaultMessage:"Administration permissions required for alert migration"}),description:i.a.createElement(c.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.needAdminForUpdateCallOutBody.messageBody.messageDetail",defaultMessage:"{essence} Related documentation: {docs}",values:{essence:i.a.createElement("p",null,i.a.createElement(c.FormattedMessage,{id:"xpack.securitySolution.detectionEngine.needAdminForUpdateCallOutBody.messageBody.essenceDescription",defaultMessage:"You are currently missing the required permissions to auto migrate your alert data. Please have your administrator visit this page one time to auto migrate your alert data."})),docs:i.a.createElement("ul",null,i.a.createElement("li",null,i.a.createElement(u.b,null)),i.a.createElement("li",null,i.a.createElement(u.d,null)))}})},p=()=>{const[{signalIndexMappingOutdated:e,hasIndexManage:t}]=Object(s.b)();return null!=e&&e&&null!=t&&!t?i.a.createElement(i.a.Fragment,null,i.a.createElement(o.b,{condition:!0,message:d}),i.a.createElement(r.EuiSpacer,{size:"l"})):null},m=Object(n.memo)(p)},function(e,t,a){"use strict";a.d(t,"a",(function(){return m})),a.d(t,"b",(function(){return g}));var n=a(2),i=a(197),r=a(213),o=a(102),s=a(125),l=a(590),c=a(893),u=a(855),d=a(1125),p=a(183);const m=({defineStepDefault:e,aboutStepDefault:t,scheduleStepDefault:a,actionsStepDefault:r})=>{const{triggersActionsUi:{actionTypeRegistry:p}}=Object(o.j)().services,{form:m}=Object(s.k)({defaultValue:e,options:{stripEmptyFields:!1},schema:l.a}),[g,y]=Object(n.useState)(e.eqlOptions),[f]=Object(s.m)({form:m}),b=Object(n.useMemo)((()=>"index"in f?{...f,eqlOptions:g}:e),[e,f,g]),h=Object(n.useMemo)((()=>Object(i.f)(b.ruleType)?c.b:c.a),[b.ruleType]),{form:E}=Object(s.k)({defaultValue:t,options:{stripEmptyFields:!1},schema:h}),[v]=Object(s.m)({form:E}),x="name"in v?v:t,{form:k}=Object(s.k)({defaultValue:a,options:{stripEmptyFields:!1},schema:u.a}),[S]=Object(s.m)({form:k}),w="interval"in S?S:a,j=Object(n.useMemo)((()=>(({actionTypeRegistry:e})=>({actions:{validations:[{validator:Object(d.a)(e)}]},responseActions:{},enabled:{},kibanaSiemAppUrl:{}}))({actionTypeRegistry:p})),[p]),{form:O}=Object(s.k)({defaultValue:r,options:{stripEmptyFields:!1},schema:j}),[I]=Object(s.m)({form:O});return{defineStepForm:m,defineStepData:b,aboutStepForm:E,aboutStepData:x,scheduleStepForm:k,scheduleStepData:w,actionsStepForm:O,actionsStepData:"actions"in I?I:r,eqlOptionsSelected:g,setEqlOptionsSelected:y}},g=({dataSourceType:e,index:t,dataViewId:a})=>{const{data:i}=Object(o.j)().services,[s,{browserFields:l,indexPatterns:c}]=Object(p.b)(t),[u,d]=Object(n.useState)(c);return Object(n.useEffect)((()=>{e!==r.a.IndexPatterns||s||d(c),e===r.a.DataView&&(async()=>{if(null!=a){const e=await i.dataViews.get(a);d(e)}})()}),[e,s,i,a,c]),{indexPattern:u,isIndexPatternLoading:s,browserFields:l}}},,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a(537),r=a(105);const o=Object(i.getSelectedDataviewSelector)(),s=e=>{const t=Object(r.a)((t=>o(t,e)));return Object(n.useCallback)((e=>{const a=null==t?void 0:t.fields;return a&&a[e]}),[null==t?void 0:t.fields])}},,,,,,function(e,t,a){"use strict";a.d(t,"d",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"f",(function(){return o})),a.d(t,"a",(function(){return s})),a.d(t,"e",(function(){return l})),a.d(t,"c",(function(){return c}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.riskScore.technicalPreviewLabel",{defaultMessage:"Technical Preview"}),r=n.i18n.translate("xpack.securitySolution.riskScore.hostsDashboardWarningPanelTitle",{defaultMessage:"No host risk score data available to display"}),o=n.i18n.translate("xpack.securitySolution.riskScore.usersDashboardWarningPanelTitle",{defaultMessage:"No user risk score data available to display"}),s=n.i18n.translate("xpack.securitySolution.riskScore.hostsDashboardWarningPanelBody",{defaultMessage:"We haven’t found any host risk score data. Check if you have any global filters in the global KQL search bar. If you have just enabled the host risk module, the risk engine might need an hour to generate host risk score data and display in this panel."}),l=n.i18n.translate("xpack.securitySolution.riskScore.usersDashboardWarningPanelBody",{defaultMessage:"We haven’t found any user risk score data. Check if you have any global filters in the global KQL search bar. If you have just enabled the user risk module, the risk engine might need an hour to generate user risk score data and display in this panel."}),c=n.i18n.translate("xpack.securitySolution.riskScore.usersDashboardRestartTooltip",{defaultMessage:"The risk score calculation might take a while to run. However, by pressing restart, you can force it to run immediately."})},,function(e,t,a){"use strict";a.d(t,"a",(function(){return P}));var n=a(40),i=a(2),r=a.n(i),o=a(129),s=a(41),l=a.n(s),c=a(103),u=a(13),d=a(119),p=a(134),m=a(17),g=a(4),y=a(176),f=a(1066),b=a(1043),h=a(951),E=a(122),v=a(161),x=a(273),k=a(923),S=a(116),w=a(110),j=a(102),O=a(105),I=a(1047),T=a(501),C=a(832),M=a(135),F=a(328),D=a(312);const{updateIsLoading:A,updateTotalCount:_}=d.h,N=e=>!!e[o.b],R=l()(n.EuiFlexGroup).withConfig({displayName:"FullWidthFlexGroupTable",componentId:"sc-ikpuyo-0"})(["overflow:hidden;margin:0;display:",";"],(({$visible:e})=>e?"flex":"none")),q=l.a.div.withConfig({displayName:"EuiDataGridContainer",componentId:"sc-ikpuyo-1"})(["ul.euiPagination__list{li.euiPagination__item:last-child{",";}}div .euiDataGridRowCell__contentByHeight{height:auto;align-self:center;}div .euiDataGridRowCell--lastColumn .euiDataGridRowCell__contentByHeight{flex-grow:0;width:100%;}div .siemEventsTable__trSupplement--summary{display:block;}width:100%;"],(({hideLastPage:e})=>e?"display:none":"")),P=({configId:e,flyoutSize:t,inputFilters:a,tableId:n=d.e.alertsOnAlertsPage,sourcererScope:o=w.SourcererScopeName.detections,isLoading:s,onRuleChange:l})=>{const{triggersActionsUi:P,uiSettings:L}=Object(j.j)().services,{from:B,to:z,setQuery:$}=Object(p.a)(),V=Object(i.useRef)(null),G=Object(c.useDispatch)(),[U]=Object(i.useState)({timelineID:n,tabType:"query",enableHostDetailsFlyout:!0,enableIpDetailsFlyout:!0,onRuleChange:l}),{browserFields:H,indexPattern:W,runtimeMappings:Q}=Object(S.d)(o),Y=Object(m.b)(),K=Object(i.useMemo)((()=>E.d.globalFiltersQuerySelector()),[]),Z=Object(i.useMemo)((()=>E.d.globalQuerySelector()),[]),J=Object(O.a)(Z),X=Object(O.a)(K),ee=Object(i.useMemo)((()=>d.j.getTableByIdSelector()),[]),te=Object(O.b)((e=>{var t;return(null!==(t=ee(e,n))&&void 0!==t?t:d.q).initialized})),ae=Object(i.useMemo)((()=>Object(T.a)(B,z)),[B,z]),ne=Object(i.useMemo)((()=>[...a,...null!=X?X:[],...null!=ae?ae:[]]),[a,X,ae]),{dataTable:{graphEventId:ie,sessionViewConfig:re,viewMode:oe=f.a.viewMode,columns:se}=Object(D.f)(Y)}=Object(O.b)((e=>Object(C.a)(e,n))),le=Object(i.useMemo)((()=>null!=H&&null!=W?Object(v.d)({config:Object(u.getEsQueryConfig)(L),dataProviders:[],indexPattern:W,browserFields:H,filters:[...ne],kqlQuery:J,kqlMode:J.language}):null),[H,J,W,L,ne]);Object(x.a)({id:n,filterQuery:null==le?void 0:le.filterQuery,kqlError:null==le?void 0:le.kqlError,query:J,startDate:B,endDate:z});const ce=Object(i.useMemo)((()=>null!=le&&le.kqlError||null==le||!le.filterQuery?{bool:{}}:{bool:{filter:JSON.parse(null==le?void 0:le.filterQuery)}}),[null==le?void 0:le.filterQuery,null==le?void 0:le.kqlError]),ue=oe===g.Jc.eventRenderedView,de=Object(i.useMemo)((()=>({border:"none",fontSize:"s",header:"underline",stripes:ue})),[ue]),pe=Object(i.useMemo)((()=>{if(ue)return{defaultHeight:"auto"}}),[ue]),me=Object(i.useMemo)((()=>se.length?se:Object(I.b)(Y)),[se,Y]),ge=Object(i.useMemo)((()=>ue?{}:H),[ue,H]),ye=Object(i.useMemo)((()=>ue?F.a:me),[me,ue]),fe=Object(i.useCallback)((({isLoading:e,totalCount:t,refresh:a})=>{G(A({id:n,isLoading:e})),G(_({id:n,totalCount:t})),V.current=a,$({id:n,loading:e,refetch:a,inspect:null})}),[G,n,V,$]),be=Object(i.useMemo)((()=>({alertsTableConfigurationRegistry:P.alertsTableConfigurationRegistry,configurationId:e,id:`detection-engine-alert-table-${e}-${oe}`,flyoutSize:t,featureIds:["siem"],query:ce,showExpandToDetails:!1,gridStyle:de,shouldHighlightRow:N,rowHeightsOptions:pe,columns:ye,browserFields:ge,onUpdate:fe,runtimeMappings:Q,toolbarVisibility:{showColumnSelector:!ue,showSortSelector:!ue}})),[P.alertsTableConfigurationRegistry,e,oe,t,ce,de,pe,ye,ge,fe,Q,ue]);Object(i.useEffect)((()=>{te||G(d.h.initializeDataTableSettings({id:n,title:M.I,defaultColumns:ye.map((e=>({initialWidth:y.a,...e})))}))}),[G,n,ye,te]);const he=Object(i.useMemo)((()=>P.getAlertsStateTable(be)),[be,P]),{Navigation:Ee}=Object(h.b)({scopeId:n}),{DetailsPanel:ve,SessionView:xe}=Object(h.a)({entityType:"events",scopeId:n}),ke=Object(i.useMemo)((()=>null!=ie&&ie.length>0||null!=re?r.a.createElement(b.a,{scopeId:n,SessionView:xe,Navigation:Ee}):null),[ie,n,re,xe,Ee]);return s?null:r.a.createElement("div",null,ke,r.a.createElement(R,{$visible:!ie&&null==ke,gutterSize:"none"},r.a.createElement(k.a.Provider,{value:U},r.a.createElement(q,{hideLastPage:!1},he))),ve)}},function(e,t,a){"use strict";a.d(t,"a",(function(){return C}));var n=a(2),i=a.n(n),r=a(40),o=a(48),s=a(103),l=a(41),c=a.n(l),u=a(119),d=a(115),p=a(105),m=a(114),g=a(178),y=a(529),f=a(182),b=a(924),h=a(498),E=a(111),v=a(133);const x="sessionViewFullScreen",k=Object(l.css)(["display:flex;flex-direction:column;flex:1;width:100%;"]),S=c.a.div.withConfig({displayName:"OverlayContainer",componentId:"sc-jhq5kd-0"})(["",""],k),w=Object(l.css)(["background-color:"," position:fixed;top:0;bottom:2em;left:0;right:0;z-index:",";"],(({theme:e})=>`${e.eui.euiColorEmptyShade};`),o.euiThemeVars.euiZLevel3),j=c.a.div.withConfig({displayName:"FullScreenOverlayContainer",componentId:"sc-jhq5kd-1"})(["",""],w),O=c()(b.a).withConfig({displayName:"StyledResolver",componentId:"sc-jhq5kd-2"})(["height:100%;"]),I=c()(r.EuiFlexItem).withConfig({displayName:"ScrollableFlexItem",componentId:"sc-jhq5kd-3"})([""," overflow:hidden;width:100%;&.","{","}"],(({theme:e})=>`background-color: ${e.eui.euiColorEmptyShade};`),x,(({theme:e})=>`padding: 0 ${e.eui.euiSizeM}`)),T=({SessionView:e,Navigation:t,scopeId:a})=>{const o=Object(s.useDispatch)(),{globalFullScreen:l}=Object(g.a)(),{timelineFullScreen:c}=Object(g.c)(),b=Object(n.useMemo)((()=>Object(d.isInTableScope)(a)?u.j.getTableByIdSelector():Object(d.isTimelineScope)(a)?E.b.getTimelineByIdSelector():void 0),[a]),T=Object(d.isInTableScope)(a)?u.q:v.b,{graphEventId:C,sessionViewConfig:M}=Object(p.a)((e=>{var t;return null!==(t=b&&b(e,a))&&void 0!==t?t:T})),F=Object(n.useMemo)((()=>Object(y.b)({globalFullScreen:l,isActiveTimelines:Object(d.isActiveTimeline)(a),timelineFullScreen:c})),[l,a,c]);Object(n.useEffect)((()=>()=>{const e=Object(d.getScopedActions)(a);e&&o(e.updateGraphEventId({id:a,graphEventId:""})),Object(d.isActiveTimeline)(a)?o(f.c.setFullScreen({id:m.a.timeline,fullScreen:!1})):o(f.c.setFullScreen({id:m.a.global,fullScreen:!1}))}),[o,a]);const{from:D,to:A,shouldUpdate:_,selectedPatterns:N}=Object(h.a)(Object(d.isActiveTimeline)(a)),R=Object(n.useMemo)((()=>({from:D,to:A})),[D,A]),q=Object(n.useRef)(null);Object(n.useLayoutEffect)((()=>{F&&q.current?q.current.setAttribute("style",w.join("")):q.current&&q.current.setAttribute("style",k.join(""))}),[F]);const P=Object(n.useMemo)((()=>void 0!==C?i.a.createElement(O,{databaseDocumentID:C,resolverComponentInstanceID:a,indices:N,shouldUpdate:_,filters:R}):i.a.createElement(r.EuiFlexGroup,{alignItems:"center",justifyContent:"center",style:{height:"100%"}},i.a.createElement(r.EuiLoadingSpinner,{size:"xl"}))),[C,a,N,_,R]);return Object(d.isActiveTimeline)(a)||null===M?F&&!Object(d.isActiveTimeline)(a)?i.a.createElement(j,{"data-test-subj":"overlayContainer"},i.a.createElement(r.EuiHorizontalRule,{margin:"none"}),i.a.createElement(r.EuiFlexGroup,{gutterSize:"none",justifyContent:"spaceBetween"},i.a.createElement(r.EuiFlexItem,{grow:!1},t)),i.a.createElement(r.EuiHorizontalRule,{margin:"none"}),P):i.a.createElement(S,{"data-test-subj":"overlayContainer"},i.a.createElement(r.EuiHorizontalRule,{margin:"none"}),i.a.createElement(r.EuiFlexGroup,{gutterSize:"none",justifyContent:"spaceBetween"},i.a.createElement(r.EuiFlexItem,{grow:!1},t)),i.a.createElement(r.EuiHorizontalRule,{margin:"none"}),P):i.a.createElement(S,{"data-test-subj":"overlayContainer",ref:q},i.a.createElement(r.EuiFlexGroup,{alignItems:"flexStart",gutterSize:"none",direction:"column"},i.a.createElement(r.EuiHorizontalRule,{margin:"none"}),i.a.createElement(r.EuiFlexItem,{grow:!1},t),i.a.createElement(r.EuiHorizontalRule,{margin:"none"}),i.a.createElement(r.EuiSpacer,{size:"m"}),i.a.createElement(I,{grow:2,className:F?x:""},e)))},C=i.a.memo(T)},function(e,t,a){"use strict";a.d(t,"a",(function(){return m})),a.d(t,"b",(function(){return g}));var n=a(2),i=a.n(n),r=a(42),o=a(40),s=a(1280),l=a.n(s),c=a(1283),u=a(41);const d=a.n(u).a.span.withConfig({displayName:"FlagWrapper",componentId:"sc-pwsog3-0"})(["position:relative;top:1px;"]),p=e=>e&&2===e.length?e.toUpperCase().replace(/./g,(e=>String.fromCharCode(55356,56741+e.charCodeAt(0)))):null,m=Object(n.memo)((({countryCode:e,displayCountryNameOnHover:t=!1})=>{Object(n.useEffect)((()=>{t&&Object(r.isEmpty)(l.a.getNames("en"))&&l.a.registerLocale(c)}),[]);const a=p(e);return null!==a?t?i.a.createElement(o.EuiToolTip,{position:"top",content:l.a.getName(e,"en")},i.a.createElement(d,{"data-test-subj":"country-flag"},a)):i.a.createElement(d,{"data-test-subj":"country-flag"},a):null}));m.displayName="CountryFlag";const g=Object(n.memo)((({countryCode:e,displayCountryNameOnHover:t=!1})=>{const[a,s]=Object(n.useState)(!1);Object(n.useEffect)((()=>{Object(r.isEmpty)(l.a.getNames("en"))&&l.a.registerLocale(c),s(!0)}),[]);const u=p(e);return null!==u&&a?t?i.a.createElement(o.EuiToolTip,{position:"top",content:l.a.getName(e,"en")},i.a.createElement(d,{"data-test-subj":"country-flag"},u)):i.a.createElement(i.a.Fragment,null,i.a.createElement(d,{"data-test-subj":"country-flag"},u),` ${l.a.getName(e,"en")}`):null}));g.displayName="CountryFlagAndName"},function(e,t,a){"use strict";a.d(t,"b",(function(){return R})),a.d(t,"a",(function(){return q}));var n=a(42),i=a(50),r=a.n(i),o=a(62),s=a.n(o),l=a(49),c=a(5),u=a(129),d=a(3),p=a(563),m=a(118),g=a(106),y=a(530),f=a(133),b=a(164),h=a(161),E=a(115),v=a(501),x=a(209),k=a(102),S=a(4),w=a(534),j=a(286);a(410);const O=({ecs:e})=>{if(Array.isArray(e)){const t=e.reduce(((e,t)=>{const a=t.timestamp?new Date(t.timestamp):new Date;return e.includes(a.valueOf())?e:[...e,a.valueOf()]}),[]);return{from:new Date(Math.min(...t)).toISOString(),to:new Date(Math.max(...t)).toISOString()}}const t=e,a=Object(E.getField)(t,u.A),n=r.a.duration(r()().diff(s.a.parse(null!=a?a[0]:"now-1d"))),i=Object(E.getField)(t,u.sb),o=Array.isArray(i)?i[0]:i,l=r()(null!=o?o:new Date).toISOString();return{to:l,from:r()(l).subtract(n).toISOString()}},I=e=>{const t=Object(E.getField)(e,u.O);return"threshold"===t||Array.isArray(t)&&t.length>0&&"threshold"===t[0]},T=e=>{const t=Object(E.getField)(e,u.O);return"new_terms"===t||Array.isArray(t)&&t.length>0&&"new_terms"===t[0]},C=e=>null!=Object(E.getField)(e,u.Y),M=(e,t,a="Alert Ids")=>1===t.length?[{meta:{alias:null,negate:!1,disabled:!1,type:"phrase",key:e,params:{query:t[0]}},query:{match_phrase:{_id:t[0]}},$state:{store:l.FilterStateStore.APP_STATE}}]:[{query:{bool:{filter:{ids:{values:t}}}},meta:{alias:a,negate:!1,disabled:!1,type:"phrases",key:e,value:t.join(),params:t},$state:{store:l.FilterStateStore.APP_STATE}}],F=(e,t)=>{const a=1===t.length;return[{and:[],id:`send-alert-to-timeline-action-default-draggable-event-details-value-formatted-field-value-${m.c.active}-alert-id-${t.join(",")}`,name:t.join(","),enabled:!0,excluded:!1,kqlQuery:"",queryMatch:{field:e,value:a?t[0]:t,operator:a?":":"includes"}}]},D=(e,t,a)=>({filters:"KqlFilter"===t?M("_id",e,a):[],dataProviders:"dataProvider"===t?F("_id",e):[]}),A=async(e,t,a,n,i)=>{try{var o,l,d,g,y,b,h,v,x,O,I,T,C,M,F,D,A,_,N,R,q,P;const c=await k.b.get().http.fetch(S.db,{method:"POST",body:JSON.stringify(Object(w.a)([e._id]))}),j=(null!==(o=null==c?void 0:c.hits.hits.reduce(((e,{_id:t,_index:a,_source:n={}})=>[...e,{...Object(w.b)(n),_id:t,_index:a,timestamp:n["@timestamp"]}]),[]))&&void 0!==o?o:[])[0],L=Object(E.getField)(j,u.G),B=Object(E.getField)(j,u.v),z=(null!==(l=null!==(d=L.filters)&&void 0!==d?d:null===(g=j.signal)||void 0===g||null===(y=g.rule)||void 0===y?void 0:y.filters)&&void 0!==l?l:[]).map((e=>null!=e.meta?e:{...e,meta:{}})),$=null!==(b=null!==(h=L.language)&&void 0!==h?h:null===(v=j.signal)||void 0===v||null===(x=v.rule)||void 0===x?void 0:x.language)&&void 0!==b?b:"kuery",V=null!==(O=null!==(I=L.query)&&void 0!==I?I:null===(T=j.signal)||void 0===T||null===(C=T.rule)||void 0===C?void 0:C.query)&&void 0!==O?O:"",G=null!==(M=null!==(F=Object(E.getField)(j,p.f))&&void 0!==F?F:null===(D=j.signal)||void 0===D||null===(A=D.rule)||void 0===A?void 0:A.index)&&void 0!==M?M:[],{thresholdFrom:U,thresholdTo:H,dataProviders:W}=(e=>(Array.isArray(e)?e:[e]).reduce(((e,t)=>{var a,n,i,o;const l=null!==(a=Object(E.getField)(t,`${u.G}.threshold`))&&void 0!==a?a:null===(n=t.signal)||void 0===n||null===(i=n.rule)||void 0===i?void 0:i.threshold,c=Object(E.getField)(t,p.h),d=Object(E.getField)(t,p.e),g=Array.isArray(d)?d[0]:d,y=r()(g),f=((e,t)=>{const a=Object(E.getField)(e,u.A),n=Array.isArray(a)?a[0]:a,i=s.a.parse(n),o=r()(),l=r.a.duration(o.diff(i));return t.clone().subtract(l)})(t,y),b=Array.isArray(l.field)?l.field:[l.field];return{thresholdFrom:null!==(o=c.from)&&void 0!==o?o:f.toISOString(),thresholdTo:y.toISOString(),dataProviders:[...e.dataProviders,...b.reduce(((e,t,a)=>{const n=c.terms.filter((e=>e.field===t))[0].value,i=Array.isArray(n)?n[0]:n;if(!i)return e;const r=t.replace(".","-"),o={id:`send-alert-to-timeline-action-default-draggable-event-details-value-formatted-field-value-${m.c.active}-${r}-${i}`,name:t,enabled:!0,excluded:!1,kqlQuery:"",queryMatch:{field:t,value:i,operator:":"}};return 0===a?[...e,{...o,and:[]}]:(e[0].and.push(o),e)}),[])]}}),{dataProviders:[],thresholdFrom:"",thresholdTo:""}))(j),Q=await i(e),Y=(null!==(_=n.filters)&&void 0!==_?_:z).concat(Q?[Q]:[]);return t({from:U,notes:null,timeline:{...f.b,columns:null!==(N=n.columns)&&void 0!==N?N:f.b.columns,description:`_id: ${j._id}`,filters:Y,dataProviders:null!==(R=n.dataProviders)&&void 0!==R?R:W,id:m.c.active,indexNames:G,dateRange:{start:U,end:H},eventType:"all",kqlQuery:{filterQuery:{kuery:{kind:$,expression:null!==(q=n.query)&&void 0!==q?q:V},serializedQuery:null!==(P=n.query)&&void 0!==P?P:V}}},to:H,ruleNote:a,ruleAuthor:B})}catch(a){const{toasts:n}=k.b.get().notifications;n.addError(a,{toastMessage:c.i18n.translate("xpack.securitySolution.detectionEngine.alerts.createThresholdTimelineFailure",{defaultMessage:"Failed to create timeline for document _id: {id}",values:{id:e._id}}),title:c.i18n.translate("xpack.securitySolution.detectionEngine.alerts.createThresholdTimelineFailureTitle",{defaultMessage:"Failed to create threshold alert timeline"})});const i=j.a.toISOString(),r=j.b.toISOString();return t({from:i,notes:null,timeline:{...f.b,id:m.c.active,indexNames:[],dateRange:{start:i,end:r},eventType:"all"},to:r})}},_=async(e,t,a,n,i)=>{try{var o,s,l,d,g,y,b,h,v,x,O,I,T,C,M,F,D,A,_,N,R,q;const c=await k.b.get().http.fetch(S.db,{method:"POST",body:JSON.stringify(Object(w.a)([e._id]))}),j=(null!==(o=null==c?void 0:c.hits.hits.reduce(((e,{_id:t,_index:a,_source:n={}})=>[...e,{...Object(w.b)(n),_id:t,_index:a,timestamp:n["@timestamp"]}]),[]))&&void 0!==o?o:[])[0],P=Object(E.getField)(j,u.G),L=(null!==(s=null!==(l=P.filters)&&void 0!==l?l:null===(d=j.signal)||void 0===d||null===(g=d.rule)||void 0===g?void 0:g.filters)&&void 0!==s?s:[]).map((e=>null!=e.meta?e:{...e,meta:{}})),B=null!==(y=null!==(b=P.language)&&void 0!==b?b:null===(h=j.signal)||void 0===h||null===(v=h.rule)||void 0===v?void 0:v.language)&&void 0!==y?y:"kuery",z=null!==(x=null!==(O=P.query)&&void 0!==O?O:null===(I=j.signal)||void 0===I||null===(T=I.rule)||void 0===T?void 0:T.query)&&void 0!==x?x:"",$=null!==(C=null!==(M=Object(E.getField)(j,p.f))&&void 0!==M?M:null===(F=j.signal)||void 0===F||null===(D=F.rule)||void 0===D?void 0:D.index)&&void 0!==C?C:[],{from:V,to:G,dataProviders:U}=(e=>{var t;const a=Array.isArray(e)?e[0]:e,n=Object(E.getField)(a,p.e),i=(null!==(t=Object(E.getField)(a,`${u.G}.new_terms_fields`))&&void 0!==t?t:[]).map(((e,t)=>{const n=e.replace(".","-"),i=Object(E.getField)(a,p.b)[t];return{id:`send-alert-to-timeline-action-default-draggable-event-details-value-formatted-field-value-${m.c.active}-${n}-${i}`,name:e,enabled:!0,excluded:!1,kqlQuery:"",queryMatch:{field:e,value:i,operator:":"},and:[]}})),o=i.length?[{...i[0],and:i.slice(1)}]:[];return{from:n,to:r()().toISOString(),dataProviders:o}})(j),H=await i(e),W=(null!==(A=n.filters)&&void 0!==A?A:L).concat(H?[H]:[]);return t({from:V,notes:null,timeline:{...f.b,columns:null!==(_=n.columns)&&void 0!==_?_:f.b.columns,description:`_id: ${j._id}`,filters:W,dataProviders:null!==(N=n.dataProviders)&&void 0!==N?N:U,id:m.c.active,indexNames:$,dateRange:{start:V,end:G},eventType:"all",kqlQuery:{filterQuery:{kuery:{kind:B,expression:null!==(R=n.query)&&void 0!==R?R:z},serializedQuery:null!==(q=n.query)&&void 0!==q?q:z}}},to:G,ruleNote:a})}catch(a){const{toasts:n}=k.b.get().notifications;n.addError(a,{toastMessage:c.i18n.translate("xpack.securitySolution.detectionEngine.alerts.createNewTermsTimelineFailure",{defaultMessage:"Failed to create timeline for document _id: {id}",values:{id:e._id}}),title:c.i18n.translate("xpack.securitySolution.detectionEngine.alerts.createNewTermsTimelineFailureTitle",{defaultMessage:"Failed to create new terms alert timeline"})});const i=j.a.toISOString(),r=j.b.toISOString();return t({from:i,notes:null,timeline:{...f.b,id:m.c.active,indexNames:[],dateRange:{start:i,end:r},eventType:"all"},to:r})}},N=async(e,t,a,n,i)=>{try{var r,o,s,l,d,g,y,b,h,v,x,O,I,T,C,M,F,D,A,_,N,R;const c=await k.b.get().http.fetch(S.db,{method:"POST",body:JSON.stringify(Object(w.a)([e._id]))}),j=(null!==(r=null==c?void 0:c.hits.hits.reduce(((e,{_id:t,_index:a,_source:n={}})=>[...e,{...Object(w.b)(n),_id:t,_index:a,timestamp:n["@timestamp"]}]),[]))&&void 0!==r?r:[])[0],q=Object(E.getField)(j,u.G),P=(null!==(o=null!==(s=q.filters)&&void 0!==s?s:null===(l=j.signal)||void 0===l||null===(d=l.rule)||void 0===d?void 0:d.filters)&&void 0!==o?o:[]).map((e=>null!=e.meta?e:{...e,meta:{}})),L=null!==(g=null!==(y=q.language)&&void 0!==y?y:null===(b=j.signal)||void 0===b||null===(h=b.rule)||void 0===h?void 0:h.language)&&void 0!==g?g:"kuery",B=null!==(v=null!==(x=q.query)&&void 0!==x?x:null===(O=j.signal)||void 0===O||null===(I=O.rule)||void 0===I?void 0:I.query)&&void 0!==v?v:"",z=null!==(T=null!==(C=Object(E.getField)(j,p.f))&&void 0!==C?C:null===(M=j.signal)||void 0===M||null===(F=M.rule)||void 0===F?void 0:F.index)&&void 0!==T?T:[],{from:$,to:V,dataProviders:G}=(e=>{const t=Array.isArray(e)?e[0]:e,a=Object(E.getField)(t,u.bb),n=Object(E.getField)(t,u.Z),i=Object(E.getField)(t,u.cb).map((e=>{const t=e.field.replace(".","-"),a=`send-alert-to-timeline-action-default-draggable-event-details-value-formatted-field-value-${m.c.active}-${t}-${e.value}`;return null==e.value?{id:a,name:t,enabled:!0,excluded:!0,kqlQuery:"",queryMatch:{field:e.field,value:"",operator:":*"}}:{id:a,name:t,enabled:!0,excluded:!1,kqlQuery:"",queryMatch:{field:e.field,value:e.value,operator:":"}}}));return{from:a,to:n,dataProviders:[{...i[0],and:i.slice(1)}]}})(j),U=await i(e),H=(null!==(D=n.filters)&&void 0!==D?D:P).concat(U?[U]:[]);return t({from:$,notes:null,timeline:{...f.b,columns:null!==(A=n.columns)&&void 0!==A?A:f.b.columns,description:`_id: ${j._id}`,filters:H,dataProviders:null!==(_=n.dataProviders)&&void 0!==_?_:G,id:m.c.active,indexNames:z,dateRange:{start:$,end:V},eventType:"all",kqlQuery:{filterQuery:{kuery:{kind:L,expression:null!==(N=n.query)&&void 0!==N?N:B},serializedQuery:null!==(R=n.query)&&void 0!==R?R:B}}},to:V,ruleNote:a})}catch(a){const{toasts:n}=k.b.get().notifications;n.addError(a,{toastMessage:c.i18n.translate("xpack.securitySolution.detectionEngine.alerts.createSuppressedTimelineFailure",{defaultMessage:"Failed to create timeline for document _id: {id}",values:{id:e._id}}),title:c.i18n.translate("xpack.securitySolution.detectionEngine.alerts.createSuppressedTimelineFailureTitle",{defaultMessage:"Failed to create suppressed alert timeline"})});const i=j.a.toISOString(),r=j.b.toISOString();return t({from:i,notes:null,timeline:{...f.b,id:m.c.active,indexNames:[],dateRange:{start:i,end:r},eventType:"all"},to:r})}},R=(e,t,a="dataProvider",n)=>{const i=Array.isArray(t)?t.map((e=>e._id)):[],{to:r,from:o}=O({ecs:t}),{dataProviders:s,filters:l}=D(i,a,n||`${t.length} event IDs`);e({from:o,notes:null,timeline:{...f.b,dataProviders:s,id:m.c.active,indexNames:[],dateRange:{start:o,end:r},eventType:"all",filters:l,kqlQuery:{filterQuery:{kuery:{kind:"kuery",expression:""},serializedQuery:""}}},to:r})},q=async({createTimeline:e,ecsData:t,updateTimelineIsLoading:a,searchStrategyClient:i,getExceptionFilter:r})=>{const o=Array.isArray(t)?t[0]:t,s=Object(E.getField)(o,u.F),l=Object(E.getField)(o,u.v),c=Array.isArray(s)&&s.length>0?s[0]:"",k=Object(E.getField)(o,p.g),S=Object(n.isEmpty)(k)?"":Array.isArray(k)?k[0]:k,{to:w,from:j}=O({ecs:t});if(Object(n.isEmpty)(S)){if(I(o))return A(o,e,c,{},r);if(T(o))return _(o,e,c,{},r);if(C(o))return N(o,e,c,{},r);{let{dataProviders:a,filters:i}=D([o._id],"dataProvider");if((e=>{const t=Object(E.getField)(e,u.O),a=Object(E.getField)(e,p.a);return("eql"===t||Array.isArray(t)&&"eql"===t[0])&&(null==a?void 0:a.length)>0})(o)){const e=((e,t)=>{if(!Object(n.isEmpty)(e)&&Array.isArray(t)&&t.length>1)return{dataProviders:[],filters:M(p.a,t.reduce(((e,t)=>{const a=Object(E.getField)(t,p.a),n=Array.isArray(a)?a[0]:a;return e.includes(n)?e:[...e,n]}),[]))};if(!Array.isArray(t)||1===t.length){const e=Array.isArray(t)?t[0]:t,a=Object(E.getField)(e,p.a),n=Object(E.getFieldKey)(e,p.a),i=Array.isArray(a)?a[0]:a;return{dataProviders:[{and:[],id:`send-alert-to-timeline-action-default-draggable-event-details-value-formatted-field-value-${m.c.active}-alert-id-${i}`,name:e._id,enabled:!0,excluded:!1,kqlQuery:"",queryMatch:{field:n,value:i,operator:":"}}],filters:[]}}return{filters:[],dataProviders:[]}})([o._id],t);a=e.dataProviders,i=e.filters}return e({from:j,notes:null,timeline:{...f.b,dataProviders:a,id:m.c.active,indexNames:[],dateRange:{start:j,end:w},eventType:"all",filters:i,kqlQuery:{filterQuery:{kuery:{kind:"kuery",expression:""},serializedQuery:""}}},to:w,ruleNote:c,ruleAuthor:l})}}try{var F,R;a({id:m.c.active,isLoading:!0});const[t,s]=await Promise.all([Object(x.d)(S),Object(d.lastValueFrom)(i.search({defaultIndex:[],indexName:null!==(F=o._index)&&void 0!==F?F:"",eventId:o._id,factoryQueryType:y.c.details},{strategy:"timelineSearchStrategy"}))]),u=Object(n.getOr)({},"data.getOneTimeline",t),p=null!==(R=s.data)&&void 0!==R?R:[];if(!Object(n.isEmpty)(u)){var q,P,L,B,z,$,V;const t=Object(b.g)(u),{timeline:a,notes:n}=Object(b.c)(t,!0,null!==(q=t.timelineType)&&void 0!==q?q:g.l.default),i=Object(v.d)(null!==(P=null===(L=a.kqlQuery)||void 0===L||null===(B=L.filterQuery)||void 0===B||null===(z=B.kuery)||void 0===z?void 0:z.expression)&&void 0!==P?P:"",p,a.timelineType),s=Object(v.c)(null!==($=a.filters)&&void 0!==$?$:[],p),d=Object(v.b)(null!==(V=a.dataProviders)&&void 0!==V?V:[],p,a.timelineType);return I(o)?A(o,e,c,{filters:s,query:i,dataProviders:d,columns:a.columns},r):T(o)?_(o,e,c,{filters:s,query:i,dataProviders:d,columns:a.columns},r):C(o)?N(o,e,c,{filters:s,query:i,dataProviders:d,columns:a.columns},r):e({from:j,timeline:{...a,title:"",timelineType:g.l.default,templateTimelineId:null,status:g.k.draft,dataProviders:d,eventType:"all",filters:s,dateRange:{start:j,end:w},kqlQuery:{filterQuery:{kuery:{kind:null!==(G=null===(U=a.kqlQuery)||void 0===U||null===(H=U.filterQuery)||void 0===H||null===(W=H.kuery)||void 0===W?void 0:W.kind)&&void 0!==G?G:"kuery",expression:i},serializedQuery:Object(h.f)(i)}},noteIds:null!==(Q=null==n?void 0:n.map((e=>e.noteId)))&&void 0!==Q?Q:[],show:!0},to:w,ruleNote:c,ruleAuthor:l,notes:null!=n?n:null});var G,U,H,W,Q}}catch{return a({id:m.c.active,isLoading:!1}),e({from:j,notes:null,timeline:{...f.b,id:m.c.active,indexNames:[],dateRange:{start:j,end:w},eventType:"all"},to:w})}}},,function(e,t,a){"use strict";var n=a(328);a.d(t,"b",(function(){return n.b}));var i=a(734);a.d(t,"a",(function(){return i.a}))},function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(119),i=a(2),r=a(103),o=a(105);const{updateShowBuildingBlockAlertsFilter:s,updateShowThreatIndicatorAlertsFilter:l}=n.h,c=e=>{const t=Object(r.useDispatch)(),a=Object(i.useMemo)((()=>n.j.getTableByIdSelector()),[]),{showOnlyThreatIndicatorAlerts:c,showBuildingBlockAlerts:u}=Object(o.b)((t=>{var i,r;return null!==(i=(null!==(r=a(t,e))&&void 0!==r?r:n.q).additionalFilters)&&void 0!==i?i:n.q.additionalFilters}));return{showBuildingBlockAlerts:u,setShowBuildingBlockAlerts:Object(i.useCallback)((a=>{t(s({id:e,showBuildingBlockAlerts:a}))}),[t,e]),showOnlyThreatIndicatorAlerts:c,setShowOnlyThreatIndicatorAlerts:Object(i.useCallback)((a=>{t(l({id:e,showOnlyThreatIndicatorAlerts:a}))}),[t,e])}}},function(e,t,a){"use strict";a.d(t,"d",(function(){return l})),a.d(t,"f",(function(){return c})),a.d(t,"e",(function(){return u})),a.d(t,"b",(function(){return d})),a.d(t,"c",(function(){return p})),a.d(t,"a",(function(){return g})),a(197);var n=a(268),i=a(4),r=a(213),o=a(207),s=a(334);const l=[r.c.defineRule,r.c.aboutRule,r.c.scheduleRule,r.c.ruleActions],c={anomalyThreshold:50,index:[],indexPattern:{fields:[],title:""},machineLearningJobId:[],ruleType:"query",threatIndex:[],queryBar:{query:{query:"",language:"kuery"},filters:[],saved_id:null},threatQueryBar:{query:{query:i.U,language:"kuery"},filters:[],saved_id:null},requiredFields:[],relatedIntegrations:[],threatMapping:[],threshold:{field:[],value:"200",cardinality:{field:[],value:""}},timeline:{id:null,title:n.b},eqlOptions:{},dataSourceType:r.a.IndexPatterns,newTermsFields:[],historyWindowSize:"7d",shouldLoadQueryDynamically:!1,groupByFields:[],groupByRadioSelection:r.b.PerRuleExecution,groupByDuration:{value:5,unit:"m"},suppressionMissingFields:o.f},u={author:[],name:"",description:"",isAssociatedToEndpointList:!1,isBuildingBlock:!1,severity:{value:"low",mapping:Object(s.c)([]),isMappingChecked:!1},riskScore:{value:21,mapping:[],isMappingChecked:!1},investigationFields:[],references:[""],falsePositives:[""],license:"",ruleNameOverride:"",tags:[],timestampOverride:"",threat:[{framework:"MITRE ATT&CK",tactic:{id:"none",name:"none",reference:"none"},technique:[]}],note:"",threatIndicatorPath:void 0,timestampOverrideFallbackDisabled:void 0},d={interval:"5m",from:"1m"},p={interval:"1h",from:"5m"},m={...c.queryBar,query:{...c.queryBar.query,query:"*:*"}},g={forNormalRules:c.queryBar,forThreatMatchRules:m}},function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(2),i=a(172),r=a(675),o=a(137),s=a(688),l=a(591),c=a(859);const u=`${o.Gb}.ndjson`;function d(){const e=Object(c.a)(),t=Object(l.a)();return Object(n.useCallback)((async a=>{try{Object(r.a)(a,u),e({actionType:i.b.export,summary:await Object(s.b)(a)})}catch(e){t({actionType:i.b.export,error:e})}}),[e,t])}},function(e,t,a){"use strict";a.d(t,"a",(function(){return p}));var n=a(2),i=a.n(n),r=a(40),o=a(41),s=a.n(o),l=a(339);const c=s.a.h1.withConfig({displayName:"Header",componentId:"sc-1epdllw-0"})(["display:grid;grid-gap:12px;grid-template-columns:auto auto;align-items:center;justify-items:start;justify-content:start;"]);c.displayName="Header";const u=s.a.span.withConfig({displayName:"TitleWrapper",componentId:"sc-1epdllw-1"})(["min-width:0;max-width:100%;"]);u.displayName="TitleWrapper";const d=({title:e,badgeOptions:t})=>i.a.createElement(r.EuiTitle,{size:"l"},i.a.createElement(c,{"data-test-subj":"header-page-title"},i.a.createElement(u,null,i.a.createElement(l.b,{tooltipContent:e},e)),t&&i.a.createElement(i.a.Fragment,null,t.beta?i.a.createElement(r.EuiBetaBadge,{label:t.text,tooltipContent:t.tooltip,tooltipPosition:"bottom",size:t.size}):i.a.createElement(r.EuiBadge,{color:t.color||"hollow",title:""},t.text)))),p=i.a.memo(d)},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a(204),r=a(474),o=a(957);const s=()=>{const{enableDatafeed:e,isLoading:t}=Object(o.a)(),{loading:a,jobs:s,refetch:l}=Object(r.a)(),[c,u]=Object(n.useState)(!1),d=Object(n.useCallback)((async n=>{if(a||t)return;if(!n||!n.length)return;u(!0);const r=s.filter((e=>n.includes(e.id)));await Promise.all(r.map((async t=>{var a;if(Object(i.c)(t.jobState,t.datafeedState))return!0;const n=null!==(a=t.latestTimestampMs)&&void 0!==a?a:0;await e(t,n)}))),l(),u(!1)}),[e,t,a,s,l]);return{loading:a,jobs:s,starting:c,startMlJobs:d}}},,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return ae}));var n=a(104),i=a.n(n),r=a(2),o=a.n(r),s=a(103),l=a(279),c=a(42),u=a(1101),d=a(534),p=a(105),m=a(708),g=a(1126),y=a(116),f=a(110),b=a(40),h=a(135);const E=o.a.createElement(o.a.Fragment,null,o.a.createElement("span",{className:"smallDot"},o.a.createElement(b.EuiIcon,{type:"dot",color:"#54b399"})),o.a.createElement("span",{className:"smallDot"},o.a.createElement(b.EuiIcon,{type:"dot",color:"#d6bf57"})),o.a.createElement("span",{className:"smallDot"},o.a.createElement(b.EuiIcon,{type:"dot",color:"#da8b45"})),o.a.createElement("span",null,o.a.createElement(b.EuiIcon,{type:"dot",color:"#e7664c"})),h.S),v=(e,t)=>{var a,n,i,r,s,l,c,u,d,p,m,g,y,f,v,x,k,S,w,j,O,I,T,C;const M=null!==(a=t.severitiesSubAggregation)&&void 0!==a&&a.buckets&&null!==(n=t.severitiesSubAggregation)&&void 0!==n&&null!==(i=n.buckets)&&void 0!==i&&i.length?(e=>{switch(e){case"low":return o.a.createElement(o.a.Fragment,null,o.a.createElement(b.EuiIcon,{type:"dot",color:"#54b399"}),h.Q);case"medium":return o.a.createElement(o.a.Fragment,null,o.a.createElement(b.EuiIcon,{type:"dot",color:"#d6bf57"}),h.R);case"high":return o.a.createElement(o.a.Fragment,null,o.a.createElement(b.EuiIcon,{type:"dot",color:"#da8b45"}),h.P);case"critical":return o.a.createElement(o.a.Fragment,null,o.a.createElement(b.EuiIcon,{type:"dot",color:"#e7664c"}),h.O)}return null})(null===(r=t.severitiesSubAggregation)||void 0===r?void 0:r.buckets[0].key.toString()):null,F=null!==(s=t.countSeveritySubAggregation)&&void 0!==s&&s.value&&(null===(l=t.countSeveritySubAggregation)||void 0===l?void 0:l.value)>1?E:M,D=F?[{title:h.N,renderer:F}]:[],A=[{title:h.K,badge:{value:t.doc_count,width:50,color:"#a83632"}}];switch(e){case"kibana.alert.rule.name":return[...D,{title:h.T,badge:{value:null!==(c=null===(u=t.usersCountAggregation)||void 0===u?void 0:u.value)&&void 0!==c?c:0}},{title:h.L,badge:{value:null!==(d=null===(p=t.hostsCountAggregation)||void 0===p?void 0:p.value)&&void 0!==d?d:0}},...A];case"host.name":return[...D,{title:h.T,badge:{value:null!==(m=null===(g=t.usersCountAggregation)||void 0===g?void 0:g.value)&&void 0!==m?m:0}},{title:h.M,badge:{value:null!==(y=null===(f=t.rulesCountAggregation)||void 0===f?void 0:f.value)&&void 0!==y?y:0}},...A];case"user.name":return[...D,{title:h.L,badge:{value:null!==(v=null===(x=t.hostsCountAggregation)||void 0===x?void 0:x.value)&&void 0!==v?v:0}},{title:h.M,badge:{value:null!==(k=null===(S=t.rulesCountAggregation)||void 0===S?void 0:S.value)&&void 0!==k?k:0}},...A];case"source.ip":return[...D,{title:h.L,badge:{value:null!==(w=null===(j=t.hostsCountAggregation)||void 0===j?void 0:j.value)&&void 0!==w?w:0}},{title:h.M,badge:{value:null!==(O=null===(I=t.rulesCountAggregation)||void 0===I?void 0:I.value)&&void 0!==O?O:0}},...A]}return[...D,{title:h.M,badge:{value:null!==(T=null===(C=t.rulesCountAggregation)||void 0===C?void 0:C.value)&&void 0!==T?T:0}},...A]};var x=a(48),k=a(517),S=a(728),w=a(137);const j=(e,t,a)=>{var n,i,r,s;switch(e){case"kibana.alert.rule.name":return Object(c.isArray)(t.key)?o.a.createElement(O,{ruleName:t.key[0],ruleDescription:null!==(n=Object(k.a)(null===(i=Object(k.a)(null===(r=t.description)||void 0===r?void 0:r.buckets))||void 0===i?void 0:i.key))&&void 0!==n?n:"",tags:null===(s=t.ruleTags)||void 0===s?void 0:s.buckets}):void 0;case"host.name":return o.a.createElement(I,{hostName:t.key,nullGroupMessage:a});case"user.name":return o.a.createElement(T,{userName:t.key,nullGroupMessage:a});case"source.ip":return o.a.createElement(C,{sourceIp:t.key,nullGroupMessage:a})}},O=o.a.memo((({ruleName:e,ruleDescription:t,tags:a})=>o.a.createElement("div",{style:{display:"table",tableLayout:"fixed",width:"100%"}},o.a.createElement(b.EuiFlexGroup,{"data-test-subj":"rule-name-group-renderer",gutterSize:"m",alignItems:"center"},o.a.createElement(b.EuiFlexItem,{grow:!1,style:{display:"contents"}},o.a.createElement(b.EuiTitle,{size:"xs"},o.a.createElement("h5",{className:"eui-textTruncate"},e.trim()))),a&&a.length>0?o.a.createElement(b.EuiFlexItem,{grow:!1},o.a.createElement(S.a,{items:a.map((e=>e.key.toString())),popoverTitle:w.pb,popoverButtonTitle:a.length.toString(),popoverButtonIcon:"tag",dataTestPrefix:"tags",renderItem:(e,t)=>o.a.createElement(b.EuiBadge,{color:"hollow",key:`${e}-${t}`,"data-test-subj":"tag"},e)})):null),o.a.createElement(b.EuiText,{size:"s"},o.a.createElement("p",{className:"eui-textTruncate"},o.a.createElement(b.EuiTextColor,{color:"subdued"},t))))));O.displayName="RuleNameGroup";const I=o.a.memo((({hostName:e,nullGroupMessage:t})=>o.a.createElement(b.EuiFlexGroup,{"data-test-subj":"host-name-group-renderer",gutterSize:"s",alignItems:"center"},o.a.createElement(b.EuiFlexItem,{grow:!1,style:{backgroundColor:x.euiThemeVars.euiColorVis1_behindText,borderRadius:"50%"}},o.a.createElement(b.EuiIcon,{type:"database",size:"l",style:{padding:4}})),o.a.createElement(b.EuiFlexItem,{grow:!1},o.a.createElement(b.EuiTitle,{size:"xs"},o.a.createElement("h5",null,e))),t&&o.a.createElement(b.EuiFlexItem,{grow:!1},o.a.createElement(b.EuiIconTip,{content:t,position:"right"})))));I.displayName="HostNameGroupContent";const T=o.a.memo((({userName:e,nullGroupMessage:t})=>{var a;const n=null!==(a=Object(k.a)(e))&&void 0!==a?a:"-";return o.a.createElement(b.EuiFlexGroup,{"data-test-subj":"user-name-group-renderer",gutterSize:"s",alignItems:"center"},o.a.createElement(b.EuiFlexItem,{grow:!1},o.a.createElement(b.EuiAvatar,{name:n,color:x.euiThemeVars.euiColorVis0})),o.a.createElement(b.EuiFlexItem,{grow:!1},o.a.createElement(b.EuiTitle,{size:"xs"},o.a.createElement("h5",null,e))),t&&o.a.createElement(b.EuiFlexItem,{grow:!1},o.a.createElement(b.EuiIconTip,{content:t,position:"right"})))}));T.displayName="UserNameGroupContent";const C=o.a.memo((({sourceIp:e,nullGroupMessage:t})=>o.a.createElement(b.EuiFlexGroup,{"data-test-subj":"source-ip-group-renderer",gutterSize:"s",alignItems:"center"},o.a.createElement(b.EuiFlexItem,{grow:!1,style:{backgroundColor:x.euiThemeVars.euiColorVis3_behindText,borderRadius:"50%"}},o.a.createElement(b.EuiIcon,{style:{padding:4},type:"ip",size:"l"})),o.a.createElement(b.EuiFlexItem,{grow:!1},o.a.createElement(b.EuiTitle,{size:"xs"},o.a.createElement("h5",null,e))),t&&o.a.createElement(b.EuiFlexItem,{grow:!1},o.a.createElement(b.EuiIconTip,{content:t,position:"right"})))));C.displayName="SourceIpGroupContent";var M=a(58),F=a(122),D=a(159),A=a(108),_=a(719),N=a(410),R=a(344),q=a(19),P=a(142),L=a(18);const B=e=>{const t=[{unitsCount:{cardinality:{field:"kibana.alert.uuid"}}}];switch(e){case"kibana.alert.rule.name":t.push({description:{terms:{field:"kibana.alert.rule.description",size:1}}},{countSeveritySubAggregation:{cardinality:{field:"kibana.alert.severity"}}},{severitiesSubAggregation:{terms:{field:"kibana.alert.severity"}}},{usersCountAggregation:{cardinality:{field:"user.name"}}},{hostsCountAggregation:{cardinality:{field:"host.name"}}},{ruleTags:{terms:{field:"kibana.alert.rule.tags"}}});break;case"host.name":t.push({rulesCountAggregation:{cardinality:{field:"kibana.alert.rule.rule_id"}}},{countSeveritySubAggregation:{cardinality:{field:"kibana.alert.severity"}}},{severitiesSubAggregation:{terms:{field:"kibana.alert.severity"}}},{usersCountAggregation:{cardinality:{field:"user.name"}}});break;case"user.name":case"source.ip":t.push({rulesCountAggregation:{cardinality:{field:"kibana.alert.rule.rule_id"}}},{countSeveritySubAggregation:{cardinality:{field:"kibana.alert.severity"}}},{severitiesSubAggregation:{terms:{field:"kibana.alert.severity"}}},{hostsCountAggregation:{cardinality:{field:"host.name"}}});break;default:t.push({rulesCountAggregation:{cardinality:{field:"kibana.alert.rule.rule_id"}}})}return t};var z=a(102),$=a(47),V=a(49),G=a(51),U=a(161),H=a(149),W=a(134),Q=a(273),Y=a(391),K=a(501),Z=a(233),J=a(232);const X=({currentAlertStatusFilterValue:e,defaultFilters:t=[],from:a,getGrouping:n,globalFilters:i,globalQuery:s,groupingLevel:c,hasIndexMaintenance:u,hasIndexWrite:d,loading:m,onGroupClose:g,pageIndex:E,pageSize:v,parentGroupingFilter:x,renderChildComponent:k,runtimeMappings:S,selectedGroup:w,setPageIndex:j,setPageSize:O,signalIndexName:I,tableId:T,to:C})=>{const{services:{uiSettings:X}}=Object(z.j)(),{browserFields:ee,indexPattern:te}=Object(y.d)(f.SourcererScopeName.detections),ae=Object(r.useCallback)((e=>null!=ee&&null!=te?Object(U.d)({config:Object(G.getEsQueryConfig)(X),dataProviders:[],indexPattern:te,browserFields:ee,filters:[...null!=t?t:[],...i,...e,...x?JSON.parse(x):[],...Object(K.a)(a,C)],kqlQuery:s,kqlMode:s.language}):null),[ee,t,a,i,s,te,x,C,X]),ne=Object(r.useMemo)((()=>{try{var e;return[Object(V.buildEsQuery)(void 0,null!=s?[s]:[],[...null!==(e=null==i?void 0:i.filter((e=>!1===e.meta.disabled)))&&void 0!==e?e:[],...null!=t?t:[],...x?JSON.parse(x):[]])]}catch(e){return[]}}),[t,i,s,x]),ie=Object(r.useMemo)((()=>`SuperUniqueValue-${Object($.v4)()}`),[]),re=Object(r.useMemo)((()=>(({additionalFilters:e,from:t,pageIndex:a,pageSize:n,runtimeMappings:i,selectedGroup:r,uniqueValue:o,to:s})=>Object(l.d)({additionalFilters:e,from:t,groupByField:r,statsAggregations:Object(l.e)([r])?[]:B(r),pageNumber:a*n,runtimeMappings:i,uniqueValue:o,size:n,sort:[{unitsCount:{order:"desc"}}],to:s}))({additionalFilters:ne,selectedGroup:w,uniqueValue:ie,from:a,runtimeMappings:S,to:C,pageSize:v,pageIndex:E})),[ne,a,E,v,S,w,C,ie]),oe=Object(r.useMemo)((()=>ae([])),[ae]);Object(Q.a)({id:T,filterQuery:null==oe?void 0:oe.filterQuery,kqlError:null==oe?void 0:oe.kqlError,query:s,startDate:a,endDate:C});const{data:se,loading:le,refetch:ce,request:ue,response:de,setQuery:pe}=Object(Z.a)({query:re,indexName:I,queryName:J.a.ALERTS_GROUPING,skip:Object(l.e)([w])}),me=Object(r.useRef)(null),ge=Object(r.useMemo)((()=>Object(l.f)(null===me.current?w:me.current,ie,null==se?void 0:se.aggregations)),[null==se?void 0:se.aggregations,w,ie]);Object(r.useEffect)((()=>{var e,t,a,n,i;Object(l.e)([w])||(me.current=null!==(e=null==re||null===(t=re.runtime_mappings)||void 0===t||null===(a=t.groupByField)||void 0===a||null===(n=a.script)||void 0===n||null===(i=n.params)||void 0===i?void 0:i.selectedGroup)&&void 0!==e?e:"",pe(re))}),[re,w,pe]);const{deleteQuery:ye,setQuery:fe}=Object(W.a)(),be=Object(r.useMemo)((()=>`alerts-grouping-${Object($.v4)()}`),[]);Object(Y.a)({deleteQuery:ye,loading:le,refetch:ce,request:ue,response:de,setQuery:fe,uniqueQueryId:be});const he=Object(r.useMemo)((()=>o.a.createElement(H.b,{queryId:be,inspectIndex:0,title:h.C})),[be]),Ee=(({currentStatus:e,showAlertStatusActions:t=!0})=>{const{addSuccess:a,addError:n,addWarning:i}=Object(A.a)(),{startTransaction:s}=Object(D.b)(),l=F.d.globalQuery(),c=Object(p.a)(l),u=Object(r.useCallback)((()=>{c.forEach((e=>e.refetch&&e.refetch()))}),[c]),{services:{telemetry:d}}=Object(M.useKibana)(),m=Object(r.useCallback)((e=>{d.reportAlertsGroupingTakeAction(e)}),[d]),g=Object(r.useCallback)(((e,t,a)=>{u()}),[u]),y=Object(r.useCallback)(((e,t)=>{u()}),[u]),f=Object(r.useCallback)(((e,t,n)=>{if(t>0)i({title:Object(q.f)(t),text:Object(q.g)(e,t)});else{let t;switch(n){case"closed":t=h.A(e);break;case"open":t=h.G(e);break;case"acknowledged":t=h.c(e)}a({title:t})}g&&g(e,t,n)}),[a,i,g]),E=Object(r.useCallback)(((e,t)=>{let a;switch(e){case"closed":a=h.z;break;case"open":a=h.F;break;case"acknowledged":a=h.b}n(t.message,{title:a}),y&&y(e,t)}),[n,y]),v=Object(r.useCallback)((async({groupNumber:e,query:t,status:a,tableId:n,selectedGroup:i})=>{s(t?{name:_.a.BULK_QUERY_STATUS_UPDATE}:{name:_.a.STATUS_UPDATE}),Object(L.h)(L.a.CLICK,L.e.groupedAlertsTakeAction({tableId:n,groupNumber:e,status:a})),m({tableId:n,groupNumber:e,status:a,groupByField:i});try{var r,o;const e=await Object(N.a)({status:a,query:t?JSON.parse(t):{}});f(null!==(r=e.updated)&&void 0!==r?r:0,null!==(o=e.version_conflicts)&&void 0!==o?o:0,a)}catch(e){E(a,e)}}),[s,m,f,E]);return Object(r.useMemo)((()=>({query:a,tableId:n,groupNumber:i,selectedGroup:r})=>{const s=[];if(t)if(e&&1===e.length){const t=e[0];t!==P.d&&s.push(o.a.createElement(b.EuiContextMenuItem,{key:"open","data-test-subj":"open-alert-status",onClick:()=>v({groupNumber:i,query:a,selectedGroup:r,status:P.d,tableId:n})},R.l)),t!==P.b&&s.push(o.a.createElement(b.EuiContextMenuItem,{key:"acknowledge","data-test-subj":"acknowledged-alert-status",onClick:()=>v({groupNumber:i,query:a,selectedGroup:r,status:P.b,tableId:n})},R.i)),t!==P.c&&s.push(o.a.createElement(b.EuiContextMenuItem,{key:"close","data-test-subj":"close-alert-status",onClick:()=>v({groupNumber:i,query:a,selectedGroup:r,status:P.c,tableId:n})},R.j))}else{const e={[P.d]:R.l,[P.b]:R.i,[P.c]:R.j};Object.keys(e).forEach((t=>s.push(o.a.createElement(b.EuiContextMenuItem,{key:t,"data-test-subj":`${t}-alert-status`,onClick:()=>v({groupNumber:i,query:a,selectedGroup:r,status:t,tableId:n})},e[t]))))}return s}),[e,v,t])})({currentStatus:e,showAlertStatusActions:d&&u}),ve=Object(r.useCallback)(((e,a)=>{var n;return Ee({groupNumber:a,query:null===(n=ae([...null!=t?t:[],...e]))||void 0===n?void 0:n.filterQuery,selectedGroup:w,tableId:T})}),[t,ae,w,T,Ee]);return Object(r.useMemo)((()=>n({activePage:E,data:ge,groupingLevel:c,inspectButton:he,isLoading:m||le,itemsPerPage:v,onChangeGroupsItemsPerPage:e=>O(e),onChangeGroupsPage:e=>j(e),onGroupClose:g,renderChildComponent:k,selectedGroup:w,takeActionItems:ve})),[ge,n,ve,c,he,le,m,g,E,v,k,w,j,O])},ee=o.a.memo(X),te=e=>{const t=Object(s.useDispatch)(),{indexPattern:a,selectedPatterns:n}=Object(y.d)(f.SourcererScopeName.detections),{services:{storage:b,telemetry:h}}=Object(z.j)(),{getStoragePageSize:E,setStoragePageSize:x}=((e,t)=>Object(r.useMemo)((()=>({getStoragePageSize:()=>e.get(`grouping-table-${t}`)||Array(3).fill(25),setStoragePageSize:a=>{e.set(`grouping-table-${t}`,a)}})),[e,t]))(b,e.tableId),{onGroupChange:k,onGroupToggle:S}=Object(r.useMemo)((()=>({onGroupChange:e=>{h.reportAlertsGroupingChanged(e)},onGroupToggle:e=>h.reportAlertsGroupingToggled({...e,tableId:e.groupingId})})),[h]),w=Object(r.useCallback)((a=>{t(Object(m.a)({tableId:e.tableId,options:a}))}),[t,e.tableId]),{getGrouping:O,selectedGroups:I,setSelectedGroups:T}=Object(l.g)({componentProps:{groupPanelRenderer:j,groupStatsRenderer:v,onGroupToggle:S,unit:g.a},defaultGroupingOptions:Object(d.c)(e.tableId),fields:a.fields,groupingId:e.tableId,maxGroupingLevels:3,onGroupChange:k,onOptionsChange:w,tracker:L.h}),C=Object(p.a)((t=>Object(u.a)()(t,e.tableId)));Object(r.useEffect)((()=>{Object(l.e)(I)&&t(Object(m.a)({activeGroups:I,tableId:e.tableId}))}),[t,e.tableId,I]),Object(r.useEffect)((()=>{null==C||Object(l.e)(C.activeGroups)||T(C.activeGroups)}),[C,T]);const[M,F]=Object(r.useState)(Array(3).fill(0)),[D,A]=Object(r.useState)(E),_=Object(r.useCallback)((()=>{F((e=>e.map((()=>0))))}),[]),N=Object(r.useCallback)(((e,t,a)=>{"index"===a&&F((a=>{const n=[...a];return n[t]=e,n})),"size"===a&&(A((a=>{const n=[...a];return n[t]=e,x(n),n})),F((e=>{const a=[...e];return a[t]=0,a})))}),[x]),R=Object(r.useRef)({defaultFilters:e.defaultFilters,globalFilters:e.globalFilters,globalQuery:e.globalQuery,selectedGroups:I});Object(r.useEffect)((()=>{const t={defaultFilters:e.defaultFilters,globalFilters:e.globalFilters,globalQuery:e.globalQuery,selectedGroups:I};Object(c.isEqual)(R.current,t)||(_(),R.current=t)}),[e.defaultFilters,e.globalFilters,e.globalQuery,_,I]);const q=Object(r.useCallback)(((t,a,n)=>{var r,s;let l;return l=t<I.length-1?e=>q(t+1,I[t+1],JSON.stringify([...e,...n?JSON.parse(n):[]])):t=>e.renderChildComponent([...t,...n?JSON.parse(n):[]]),o.a.createElement(ee,i()({},e,{getGrouping:O,groupingLevel:t,onGroupClose:()=>{return e=t,void F((t=>{const a=t.splice(e+1,t.length);return[...t,...a.map((()=>0))]}));var e},pageIndex:null!==(r=M[t])&&void 0!==r?r:0,pageSize:null!==(s=D[t])&&void 0!==s?s:25,parentGroupingFilter:n,renderChildComponent:l,selectedGroup:a,setPageIndex:e=>N(e,t,"index"),setPageSize:e=>N(e,t,"size")}))}),[O,M,D,e,I,N]);return Object(c.isEmpty)(n)?null:q(0,I[0])},ae=o.a.memo(te)},,function(e,t,a){"use strict";a.d(t,"a",(function(){return N}));var n=a(2),i=a.n(n),r=a(377),o=a(105),s=a(102),l=a(122),c=a(190),u=a(176),d=a(40),p=a(41),m=a.n(p),g=a(5);const y=g.i18n.translate("xpack.securitySolution.fieldBrowser.createFieldButton",{defaultMessage:"Create field"}),f=m()(d.EuiButton).withConfig({displayName:"StyledButton",componentId:"sc-1abg8tf-0"})(["margin-left:",";"],(({theme:e})=>e.eui.euiSizeM)),b=g.i18n.translate("xpack.securitySolution.fieldBrowser.fieldName",{defaultMessage:"Name"}),h=g.i18n.translate("xpack.securitySolution.fieldBrowser.descriptionLabel",{defaultMessage:"Description"}),E=g.i18n.translate("xpack.securitySolution.fieldBrowser.categoryLabel",{defaultMessage:"Category"}),v=g.i18n.translate("xpack.securitySolution.fieldBrowser.runtimeLabel",{defaultMessage:"Runtime"}),x=g.i18n.translate("xpack.securitySolution.fieldBrowser.runtimeTitle",{defaultMessage:"Runtime Field"}),k=g.i18n.translate("xpack.securitySolution.fieldBrowser.actionsLabel",{defaultMessage:"Actions"}),S=g.i18n.translate("xpack.securitySolution.fieldBrowser.editButton",{defaultMessage:"Edit"}),w=g.i18n.translate("xpack.securitySolution.fieldBrowser.removeButton",{defaultMessage:"Remove"}),j=g.i18n.translate("xpack.securitySolution.fieldBrowser.editButtonDescription",{defaultMessage:"Edit runtime field"}),O=g.i18n.translate("xpack.securitySolution.fieldBrowser.removeButtonDescription",{defaultMessage:"Delete runtime field"});var I=a(217),T=a(117),C=a(339);const M=m()(d.EuiIcon).withConfig({displayName:"TypeIcon",componentId:"sc-1coc1q1-0"})(["margin:0 4px;position:relative;top:-1px;"]);M.displayName="TypeIcon";const F=m.a.span.withConfig({displayName:"Description",componentId:"sc-1coc1q1-1"})(["user-select:text;width:",";"],(({width:e})=>e));F.displayName="Description";const D=i.a.memo((({fieldId:e,highlight:t=""})=>i.a.createElement(d.EuiText,{size:"xs"},i.a.createElement(d.EuiHighlight,{"data-test-subj":`field-${e}-name`,search:t},e))));D.displayName="FieldName";var A=a(159),_=a(196);const N=({sourcererScope:e,editorActionsRef:t,removeColumn:a,upsertColumn:p})=>{const[m,N]=Object(n.useState)(null),{startTransaction:R}=Object(A.b)(),{indexFieldsSearch:q}=Object(r.b)(),{dataViewFieldEditor:P,data:{dataViews:L}}=Object(s.j)().services,B=Object(n.useMemo)((()=>l.e.scopeIdSelector()),[]),{missingPatterns:z,selectedDataViewId:$}=Object(o.a)((t=>B(t,e)));Object(n.useEffect)((()=>{null==$||z.length||(async e=>{const t=await L.get(e);N(t)})($)}),[$,z,L]);const V=Object(n.useCallback)((e=>{if(m&&$){const n=P.openEditor({ctx:{dataView:m},fieldName:e,onSave:async n=>{R({name:_.c.FIELD_SAVED}),await q({dataViewId:$,cleanCache:!0});for(const t of n)e&&e!==t.name&&a(e),p({columnHeaderType:c.a,id:t.name,initialWidth:u.a},0);t&&(t.current=null)}});t&&(t.current={closeEditor:()=>{t.current=null,n()}})}}),[m,$,P,t,q,a,p,R]),G=Object(n.useCallback)((e=>{m&&$&&P.openDeleteModal({ctx:{dataView:m},fieldName:e,onDelete:async()=>{R({name:_.c.FIELD_DELETED}),await q({dataViewId:$}),a(e)}})}),[m,$,P,q,a,R]),U=Object(n.useMemo)((()=>null==P?void 0:P.userPermissions.editIndexPattern()),[null==P?void 0:P.userPermissions]),H=(({isAllowed:e,loading:t,openFieldEditor:a})=>{const r=Object(n.useCallback)((({onHide:e})=>i.a.createElement(f,{iconType:t?"none":"plusInCircle","aria-label":y,"data-test-subj":"create-field",onClick:()=>{a(),e()},isLoading:t},y)),[t,a]);return e?r:void 0})({isAllowed:U&&!!$,loading:!m,openFieldEditor:V}),W=(({hasFieldEditPermission:e,openFieldEditor:t,openDeleteFieldModal:a})=>Object(n.useCallback)((({highlight:n,onHide:r})=>{const o=e?[{name:S,description:j,type:"icon",icon:"pencil",isPrimary:!0,onClick:({name:e})=>{t(e),r()},available:({isRuntime:e})=>e,"data-test-subj":"actionEditRuntimeField"},{name:w,description:O,type:"icon",icon:"trash",color:"danger",isPrimary:!0,onClick:({name:e})=>{a(e),r()},available:({isRuntime:e})=>e,"data-test-subj":"actionDeleteRuntimeField"}]:[];return[{field:"name",name:b,render:(e,{type:t})=>i.a.createElement(d.EuiFlexGroup,{alignItems:"center",gutterSize:"none"},i.a.createElement(d.EuiFlexItem,{grow:!1},i.a.createElement(d.EuiToolTip,{content:t},i.a.createElement(M,{"data-test-subj":`field-${e}-icon`,type:Object(I.d)(null!=t?t:null)}))),i.a.createElement(d.EuiFlexItem,{grow:!1},i.a.createElement(D,{fieldId:e,highlight:n}))),sortable:!0,width:"225px"},{field:"description",name:h,render:(e,{name:t})=>{return i.a.createElement(d.EuiToolTip,{content:e},i.a.createElement(i.a.Fragment,null,i.a.createElement(d.EuiScreenReaderOnly,{"data-test-subj":"descriptionForScreenReaderOnly"},i.a.createElement("p",null,(a=t,g.i18n.translate("xpack.securitySolution.fieldBrowser.descriptionForScreenReaderOnly",{values:{field:a},defaultMessage:"Description for field {field}:"})))),i.a.createElement(C.a,null,i.a.createElement(F,{width:o.length>0?"335px":"400px","data-test-subj":`field-${t}-description`},`${null!=e?e:Object(T.e)()}`))));var a},sortable:!0,width:o.length>0?"335px":"400px"},{field:"isRuntime",name:v,render:e=>e?i.a.createElement(d.EuiHealth,{color:"success",title:x}):null,sortable:!0,width:"80px"},{field:"category",name:E,render:(e,{name:t})=>i.a.createElement(d.EuiBadge,{"data-test-subj":`field-${t}-category`},e),sortable:!0,width:"115px"},...o.length>0?[{name:k,actions:o,width:"80px"}]:[]]}),[e,t,a]))({hasFieldEditPermission:U,openFieldEditor:V,openDeleteFieldModal:G});return Object(n.useMemo)((()=>({createFieldButton:H,getFieldTableColumns:W})),[H,W])}},function(e,t,a){"use strict";a.d(t,"a",(function(){return x})),a.d(t,"b",(function(){return k})),a.d(t,"c",(function(){return S}));var n=a(2),i=a.n(n),r=a(41),o=a.n(r),s=a(1134),l=a(40),c=a(102);const u=({integration:e})=>{const t=Object(c.d)(),a=e.integrationTitle,n=`${t}/${e.targetUrl}`;return i.a.createElement(l.EuiLink,{href:n,target:"_blank","data-test-subj":"integrationLink"},a)},d=i.a.memo(u);d.displayName="IntegrationLink";var p=a(736);const m=o()(l.EuiBadge).withConfig({displayName:"PaddedBadge",componentId:"sc-63ceph-0"})(["margin-left:5px;"]),g=({integration:e})=>{const{installationStatus:t}=e;if(!t.isKnown)return null;const{isInstalled:a,isEnabled:n}=t,r=a?"success":"#E0E5EE",o=a?n?p.c:p.e:p.j,s=a?n?p.b:p.d:p.i;return i.a.createElement(l.EuiToolTip,{content:o},i.a.createElement(m,{color:r,"data-test-subj":"statusBadge"},s))},y=i.a.memo(g);y.displayName="IntegrationStatusBadge";const f=o.a.span.withConfig({displayName:"VersionWarningIconContainer",componentId:"sc-8orjjk-0"})(["margin-left:5px;"]),b=({integration:e})=>{const{installationStatus:t}=e;return t.isKnown&&t.isInstalled&&t.isVersionMismatch?i.a.createElement(f,null,i.a.createElement(l.EuiIconTip,{type:"warning",color:"warning",content:p.f(t.installedVersion,e.requiredVersion)})):null},h=i.a.memo(b);h.displayName="IntegrationVersionMismatchIcon";const E=o.a.div.withConfig({displayName:"Wrapper",componentId:"sc-hszsn0-0"})(["overflow:hidden;"]),v=({integration:e})=>i.a.createElement(E,null,i.a.createElement(d,{integration:e})," ",i.a.createElement(y,{integration:e}),i.a.createElement(h,{integration:e})),x=i.a.memo(v),k=({relatedIntegrations:e})=>{const{integrations:t}=Object(s.a)(e);return i.a.createElement(i.a.Fragment,null,t.map(((e,t)=>i.a.createElement(x,{key:`${e.packageName}-${t}`,integration:e}))))},S=(e,t)=>null==t||0===t.length?[]:[{title:e,description:i.a.createElement(k,{relatedIntegrations:t})}]},function(e,t,a){"use strict";a.d(t,"a",(function(){return f}));var n=a(2),i=a.n(n),r=a(40),o=a(5),s=a(41),l=a.n(s),c=a(44),u=a(124);const d=o.i18n.translate("xpack.securitySolution.management.policiesSelector.globalEntries",{defaultMessage:"Global entries"}),p=o.i18n.translate("xpack.securitySolution.management.policiesSelector.unassignedEntries",{defaultMessage:"Unassigned entries"}),m=Object(n.memo)((({policies:e,onChangeSelection:t,defaultExcludedPolicies:a,defaultIncludedPolicies:o})=>{const{euiTheme:s}=Object(r.useEuiTheme)(),[l,m]=Object(n.useState)(!1),[y,f]=Object(n.useState)(""),[b,h]=Object(n.useState)([]),E=Object(u.a)("excludePoliciesInFilterEnabled");Object(n.useEffect)((()=>{const t=o?o.split(",").reduce(((e,t)=>({...e,[t]:!0})),{}):{},n=a?a.split(",").reduce(((e,t)=>({...e,[t]:!0})),{}):{},i=e=>t[e]?"on":n[e]?"off":void 0;h([...e.map((e=>({name:e.name,id:e.id,checked:i(e.id)}))),{name:d,id:"global",checked:i("global")},{name:p,id:"unassigned",checked:i("unassigned")}])}),[e]);const v=Object(n.useCallback)((()=>{m((e=>!e))}),[]),x=Object(n.useCallback)((()=>{m(!1)}),[]),k=Object(n.useCallback)((e=>{const t=e.target.value||"";f(t)}),[]),S=Object(n.useCallback)((e=>{if(!b[e])return;const a=[...b];switch(a[e].checked){case"on":a[e].checked=E?"off":void 0;break;case"off":a[e].checked=void 0;break;default:a[e].checked="on"}h(a),t(a)}),[b,t,E]),w=Object(n.useMemo)((()=>b.map(((e,t)=>e.name.toLowerCase().includes(y.toLowerCase())?i.a.createElement(r.EuiFilterSelectItem,{checked:e.checked,key:t,onClick:()=>S(t),"data-test-subj":`policiesSelector-popover-items-${e.id}`},e.name):null))),[b,y,S]),j=Object(n.useMemo)((()=>i.a.createElement(r.EuiFilterButton,{iconType:"arrowDown","data-test-subj":"policiesSelectorButton",onClick:v,isSelected:l,numFilters:b.length,hasActiveFilters:!!b.find((e=>"on"===e.checked)),numActiveFilters:b.filter((e=>"on"===e.checked)).length},i.a.createElement(r.EuiText,null,i.a.createElement(c.FormattedMessage,{id:"xpack.securitySolution.management.policiesSelector.label",defaultMessage:"Policies"})))),[l,b,v]);return i.a.createElement(r.EuiFlexGroup,{"data-test-subj":"policiesSelector",direction:"row",alignItems:"center",gutterSize:"l"},i.a.createElement(r.EuiFlexItem,null,i.a.createElement(r.EuiFilterGroup,null,i.a.createElement(r.EuiPopover,{button:j,isOpen:l,closePopover:x,panelPaddingSize:"none"},i.a.createElement(r.EuiPopoverTitle,{paddingSize:"s"},i.a.createElement(r.EuiFieldSearch,{"data-test-subj":"policiesSelectorSearch",compressed:!0,onChange:k,value:y})),i.a.createElement(g,{"data-test-subj":"policiesSelector-popover",className:"eui-yScroll",$_css:30*s.base},w)))))}));m.displayName="PoliciesSelector";var g=l()("div").withConfig({displayName:"_StyledDiv",componentId:"sc-gji8ln-0"})((e=>({maxHeight:e.$_css}))),y=a(126);const f=Object(n.memo)((({defaultValue:e="",onSearch:t,placeholder:a,hasPolicyFilter:s,policyList:l,defaultIncludedPolicies:c,hideRefreshButton:u=!1})=>{const{canCreateArtifactsByPolicy:d}=Object(y.a)().endpointPrivileges,[p,g]=Object(n.useState)(e),[f,b]=Object(n.useState)(c||""),h=Object(n.useCallback)((e=>{const a=e.filter((e=>"on"===e.checked)).map((e=>e.id)).join(",");b(a),t(p,a,!1)}),[t,p]),E=Object(n.useCallback)((e=>g(e.target.value)),[g]),v=Object(n.useCallback)((()=>t(p,f,!0)),[t,p,f]),x=Object(n.useCallback)((e=>{t(e,f,!1)}),[t,f]);return i.a.createElement(r.EuiFlexGroup,{"data-test-subj":"searchExceptions",direction:"row",alignItems:"center",gutterSize:"m"},i.a.createElement(r.EuiFlexItem,null,i.a.createElement(r.EuiFieldSearch,{defaultValue:e,placeholder:a,onChange:E,onSearch:x,isClearable:!0,fullWidth:!0,"data-test-subj":"searchField"})),d&&s&&l?i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(m,{policies:l,defaultIncludedPolicies:c,onChangeSelection:h})):null,u?null:i.a.createElement(r.EuiFlexItem,{grow:!1},i.a.createElement(r.EuiButton,{iconType:"refresh",onClick:v,"data-test-subj":"searchButton"},o.i18n.translate("xpack.securitySolution.management.search.button",{defaultMessage:"Refresh"}))))}));f.displayName="SearchExceptions"},,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(119),i=a(190),r=a(176);const o=[{columnHeaderType:i.a,id:"@timestamp",initialWidth:r.b,esTypes:["date"],type:"date"},{columnHeaderType:i.a,id:"message"},{columnHeaderType:i.a,id:"host.name"},{columnHeaderType:i.a,id:"event.module"},{columnHeaderType:i.a,id:"agent.type"},{columnHeaderType:i.a,id:"event.dataset"},{columnHeaderType:i.a,id:"event.action"},{columnHeaderType:i.a,id:"user.name"},{columnHeaderType:i.a,id:"source.ip"},{columnHeaderType:i.a,id:"destination.ip"}],s={...n.q,columns:o}},function(e,t,a){"use strict";a.d(t,"a",(function(){return m}));var n=a(2),i=a(172),r=a(265),o=a(46),s=a(4),l=a(143);const c=["POST",s.eb],u=e=>Object(o.useMutation)((e=>Object(l.b)(e)),{...e,mutationKey:c});var d=a(591),p=a(860);function m(){const{mutateAsync:e}=u(),t=Object(d.a)(),a=Object(p.a)(),o=Object(r.c)(),s=null==o?void 0:o.actions.setLoadingRules;return{bulkExport:Object(n.useCallback)((async n=>{try{var r;return null==s||s({ids:null!==(r=n.ids)&&void 0!==r?r:a(i.b.export),action:i.b.export}),await e(n)}catch(e){t({actionType:i.b.export,error:e})}finally{null==s||s({ids:[],action:null})}}),[a,s,e,t])}}},,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(2),i=a(142),r=a(344),o=a(410),s=a(108),l=a(159),c=a(719);const u=({eventIds:e,currentStatus:t,query:a,setEventsLoading:u,showAlertStatusActions:d=!0,setEventsDeleted:p,onUpdateSuccess:m,onUpdateFailure:g,customBulkActions:y})=>{const{addSuccess:f,addError:b,addWarning:h}=Object(s.a)(),{startTransaction:E}=Object(l.b)(),v=Object(n.useCallback)(((e,t,a)=>{if(t>0)h({title:r.t(t),text:r.u(e,t)});else{let t;switch(a){case"closed":t=r.o(e);break;case"open":t=r.q(e);break;case"acknowledged":t=r.b(e)}f({title:t})}m&&m(e,t,a)}),[f,h,m]),x=Object(n.useCallback)(((e,t)=>{let a;switch(e){case"closed":a=r.n;break;case"open":a=r.p;break;case"acknowledged":a=r.a}b(t.message,{title:a}),g&&g(e,t)}),[b,g]),k=Object(n.useCallback)((async t=>{a?E({name:c.a.BULK_QUERY_STATUS_UPDATE}):e.length>1?E({name:c.a.BULK_STATUS_UPDATE}):E({name:c.a.STATUS_UPDATE});try{var n,i;u({eventIds:e,isLoading:!0});const s=await Object(o.a)({status:t,query:a&&JSON.parse(a),signalIds:e});if(p({eventIds:e,isDeleted:!0}),s.version_conflicts&&1===e.length)throw new Error(r.k);v(null!==(n=s.updated)&&void 0!==n?n:0,null!==(i=s.version_conflicts)&&void 0!==i?i:0,t)}catch(e){x(t,e)}finally{u({eventIds:e,isLoading:!1})}}),[u,e,a,p,v,x,E]);return Object(n.useMemo)((()=>{const n=[];d&&(t!==i.d&&n.push({key:"open","data-test-subj":"open-alert-status",onClick:()=>k(i.d),name:r.l}),t!==i.b&&n.push({key:"acknowledge","data-test-subj":"acknowledged-alert-status",onClick:()=>k(i.b),name:r.i}),t!==i.c&&n.push({key:"close","data-test-subj":"close-alert-status",onClick:()=>k(i.c),name:r.j}));const o=y?y.reduce(((t,n)=>{const i=!(!a||!n.disableOnQuery);return t.push({key:n.key,disabled:i,"data-test-subj":n["data-test-subj"],toolTipContent:i?n.disabledLabel:null,onClick:()=>n.onClick(e),name:n.label}),t}),[]):[];return[...n,...o]}),[t,y,e,k,a,d])}},,,function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(2),i=a.n(n),r=a(165),o=a(168),s=a(798);const l=({index:e=0,score:t})=>{const a=Object(s.a)(t.severity);return i.a.createElement(r.c,{mode:r.a.HOVER_DOWN,data:{value:t.entityValue,field:t.entityName},triggerId:r.d.DEFAULT,visibleCellActions:5},i.a.createElement(i.a.Fragment,null,0!==e&&i.a.createElement(i.a.Fragment,null,",",i.a.createElement(o.i,null)),a))};l.displayName="ScoreComponent";const c=i.a.memo(l);c.displayName="Score"},function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(2),i=a.n(n),r=a(40),o=a(77),s=a(102);const l=({score:e,startDate:t,endDate:a,linkName:n})=>{const{services:{ml:l,http:c}}=Object(s.j)(),u=Object(o.useMlHref)(l,c.basePath.get(),{page:"explorer",pageState:{jobIds:[e.jobId],timeRange:{from:new Date(t).toISOString(),to:new Date(a).toISOString(),mode:"absolute"},refreshInterval:{pause:!0,value:0,display:"Off"}}},[e.jobId]);return u?i.a.createElement(r.EuiLink,{href:u,target:"_blank","data-test-subj":`explorer-link-${e.jobId}`},n):null}},function(e,t,a){"use strict";a.d(t,"a",(function(){return n}));const n=a(5).i18n.translate("xpack.securitySolution.components.ml.anomaly.errors.anomaliesTableFetchFailureTitle",{defaultMessage:"Anomalies table fetch failure"})},,,,,,,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return m}));var n=a(40),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(1274),c=a.n(l);const u=s()(n.EuiFlexGroup).withConfig({displayName:"ThreatEuiFlexGroupStyles",componentId:"sc-14mwgam-0"})([".euiFlexItem{margin-bottom:0px;}"]),d=s()(n.EuiFlexItem).withConfig({displayName:"SubtechniqueFlexItem",componentId:"sc-14mwgam-1"})(["margin-left:",";"],(({theme:e})=>e.eui.euiSizeM)),p=s()(n.EuiButtonEmpty).withConfig({displayName:"TechniqueLinkItem",componentId:"sc-14mwgam-2"})([".euiIcon{width:8px;height:8px;}align-self:flex-start;"]),m=({label:e,threat:t})=>{const[o,s]=Object(i.useState)([]),[l,m]=Object(i.useState)([]),[g,y]=Object(i.useState)([]);return Object(i.useEffect)((()=>{!async function(){const e=await a.e(19).then(a.bind(null,1443));y(e.subtechniques),s(e.techniques),m(e.tactics)}()}),[]),r.a.createElement(u,{direction:"column"},t.map(((e,t)=>{const a=l.find((t=>t.id===e.tactic.id));return r.a.createElement(n.EuiFlexItem,{key:`${e.tactic.name}-${t}`},r.a.createElement(n.EuiLink,{"data-test-subj":"threatTacticLink",href:e.tactic.reference,target:"_blank"},null!=a?a.label:`${e.tactic.name} (${e.tactic.id})`),r.a.createElement(n.EuiFlexGroup,{gutterSize:"none",alignItems:"flexStart",direction:"column"},e.technique&&e.technique.map(((e,t)=>{var a;const i=o.find((t=>t.id===e.id));return r.a.createElement(n.EuiFlexItem,{key:null!==(a=null==i?void 0:i.id)&&void 0!==a?a:t},r.a.createElement(p,{"data-test-subj":"threatTechniqueLink",href:e.reference,target:"_blank",iconType:c.a,size:"xs"},null!=i?i.label:`${e.name} (${e.id})`),r.a.createElement(n.EuiFlexGroup,{gutterSize:"none",alignItems:"flexStart",direction:"column"},null!=e.subtechnique&&e.subtechnique.map(((e,t)=>{var a;const n=g.find((t=>t.id===e.id));return r.a.createElement(d,{key:null!==(a=null==n?void 0:n.id)&&void 0!==a?a:t},r.a.createElement(p,{"data-test-subj":"threatSubtechniqueLink",href:e.reference,target:"_blank",iconType:c.a,size:"xs"},null!=n?n.label:`${e.name} (${e.id})`))}))))}))))})))}},function(e,t,a){"use strict";a.d(t,"a",(function(){return i})),a.d(t,"b",(function(){return r}));var n=a(2);const i=a.n(n).a.createContext(null),r=()=>{var e;return null===(e=Object(n.useContext)(i))||void 0===e?void 0:e.current}},function(e,t,a){"use strict";a.d(t,"a",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"c",(function(){return o})),a.d(t,"d",(function(){return s}));var n=a(5);const i=n.i18n.translate("xpack.securitySolution.detectionEngine.alerts.utilityBar.additionalFiltersTitle",{defaultMessage:"Additional filters"}),r=n.i18n.translate("xpack.securitySolution.detectionEngine.alerts.utilityBar.additionalFiltersActions.showBuildingBlockTitle",{defaultMessage:"Include building block alerts"}),o=n.i18n.translate("xpack.securitySolution.detectionEngine.alerts.utilityBar.additionalFiltersActions.showOnlyThreatIndicatorAlerts",{defaultMessage:"Show only threat indicator alerts"}),s=n.i18n.translate("xpack.securitySolution.detectionEngine.alerts.utilityBar.takeActionTitle",{defaultMessage:"Take action"})},function(e,t,a){"use strict";a.d(t,"a",(function(){return g})),a.d(t,"e",(function(){return y})),a.d(t,"b",(function(){return f})),a.d(t,"d",(function(){return b})),a.d(t,"f",(function(){return h})),a.d(t,"g",(function(){return E})),a.d(t,"c",(function(){return x}));var n=a(2),i=a.n(n),r=a(5),o=a(44),s=a(40),l=a(126),c=a(102),u=a(940),d=a(574),p=a(888),m=a(575);const g=r.i18n.translate("xpack.securitySolution.eventFilters.aboutInfo",{defaultMessage:"Event filters exclude high volume or unwanted events from being written to Elasticsearch."}),y=r.i18n.translate("xpack.securitySolution.eventFilter.form.name.label",{defaultMessage:"Name"}),f=r.i18n.translate("xpack.securitySolution.eventFilter.form.description.placeholder",{defaultMessage:"Description"}),b=r.i18n.translate("xpack.securitySolution.eventFilter.form.name.error",{defaultMessage:"The name can't be empty"}),h=r.i18n.translate("xpack.securitySolution.eventFilter.form.os.label",{defaultMessage:"Select operating system"}),E=r.i18n.translate("xpack.securitySolution.eventFilter.form.rule.name",{defaultMessage:"Endpoint Event Filtering"}),v={pageTitle:r.i18n.translate("xpack.securitySolution.eventFilters.pageTitle",{defaultMessage:"Event Filters"}),pageAboutInfo:r.i18n.translate("xpack.securitySolution.eventFilters.pageAboutInfo",{defaultMessage:"Event filters exclude high volume or unwanted events from being written to Elasticsearch."}),pageAddButtonTitle:r.i18n.translate("xpack.securitySolution.eventFilters.pageAddButtonTitle",{defaultMessage:"Add event filter"}),getShowingCountLabel:e=>r.i18n.translate("xpack.securitySolution.eventFilters.showingTotal",{defaultMessage:"Showing {total} {total, plural, one {event filter} other {event filters}}",values:{total:e}}),cardActionEditLabel:r.i18n.translate("xpack.securitySolution.eventFilters.cardActionEditLabel",{defaultMessage:"Edit event filter"}),cardActionDeleteLabel:r.i18n.translate("xpack.securitySolution.eventFilters.cardActionDeleteLabel",{defaultMessage:"Delete event filter"}),flyoutCreateTitle:r.i18n.translate("xpack.securitySolution.eventFilters.flyoutCreateTitle",{defaultMessage:"Add event filter"}),flyoutEditTitle:r.i18n.translate("xpack.securitySolution.eventFilters.flyoutEditTitle",{defaultMessage:"Edit event filter"}),flyoutCreateSubmitButtonLabel:r.i18n.translate("xpack.securitySolution.eventFilters.flyoutCreateSubmitButtonLabel",{defaultMessage:"Add event filter"}),flyoutCreateSubmitSuccess:({name:e})=>r.i18n.translate("xpack.securitySolution.eventFilters.flyoutCreateSubmitSuccess",{defaultMessage:'"{name}" has been added to the event filters list.',values:{name:e}}),flyoutEditSubmitSuccess:({name:e})=>r.i18n.translate("xpack.securitySolution.eventFilters.flyoutEditSubmitSuccess",{defaultMessage:'"{name}" has been updated.',values:{name:e}}),flyoutDowngradedLicenseDocsInfo:e=>i.a.createElement(i.a.Fragment,null,i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.eventFilters.flyoutDowngradedLicenseDocsInfo",defaultMessage:"For more information, see our "}),i.a.createElement(s.EuiLink,{target:"_blank",href:`${e.eventFilters}`},i.a.createElement(o.FormattedMessage,{id:"xpack.securitySolution.eventFilters.flyoutDowngradedLicenseDocsLink",defaultMessage:"Event filters documentation"}))),deleteActionSuccess:e=>r.i18n.translate("xpack.securitySolution.eventFilters.deleteSuccess",{defaultMessage:'"{itemName}" has been removed from event filters list.',values:{itemName:e}}),emptyStateTitleNoEntries:r.i18n.translate("xpack.securitySolution.eventFilters.emptyStateTitleNoEntries",{defaultMessage:"There are no event filters to display."}),emptyStateTitle:r.i18n.translate("xpack.securitySolution.eventFilters.emptyStateTitle",{defaultMessage:"Add your first event filter"}),emptyStateInfo:r.i18n.translate("xpack.securitySolution.eventFilters.emptyStateInfo",{defaultMessage:"Add an event filter to exclude high volume or unwanted events from being written to Elasticsearch."}),emptyStatePrimaryButtonLabel:r.i18n.translate("xpack.securitySolution.eventFilters.emptyStatePrimaryButtonLabel",{defaultMessage:"Add event filter"}),searchPlaceholderInfo:r.i18n.translate("xpack.securitySolution.eventFilters.searchPlaceholderInfo",{defaultMessage:"Search on the fields below: name, description, comments, value"})},x=Object(n.memo)((()=>{const{canWriteEventFilters:e}=Object(l.a)().endpointPrivileges,t=Object(c.i)(),a=d.a.getInstance(t);return i.a.createElement(u.a,{apiClient:a,ArtifactFormComponent:p.a,labels:v,"data-test-subj":"EventFiltersListPage",searchableFields:m.d,flyoutSize:"l",allowCardCreateAction:e,allowCardEditAction:e,allowCardDeleteAction:e})}));x.displayName="EventFiltersList"},function(e,t,a){"use strict";a.d(t,"a",(function(){return E}));var n=a(48),i=a(2),r=a.n(i),o=a(4),s=a(102),l=a(117),c=a(224),u=a(393),d=a(364),p=a(168),m=a(274),g=a(473),y=a(162),f=a(231),b=a(149),h=a(330);const E=r.a.memo((({contextID:e,id:t,ip:a,data:i,isDraggable:E=!1,isInDetailsSidePanel:v=!1,loading:x,flowTarget:k,startDate:S,endDate:w,isLoadingAnomaliesData:j,anomaliesData:O,narrowDateRange:I,indexPatterns:T,jobNameById:C})=>{const M=Object(y.a)(),F=Object(f.a)(M),[D]=Object(s.p)(o.B),A=i[k],_=[{title:d.i,description:Object(c.g)([`${k}.geo.city_name`,`${k}.geo.region_name`],i,e,E)},{title:d.c,description:A?Object(c.d)(A.autonomousSystem,k,e,E):Object(l.d)()}],N=[F?[..._,{title:d.j,description:r.a.createElement(g.a,{anomalies:O,startDate:S,endDate:w,isLoading:j,narrowDateRange:I,jobNameById:C})}]:_,[{title:d.d,description:r.a.createElement(u.a,{indexPatterns:T,field:`${k}.ip`,value:a,type:u.b.FIRST_SEEN})},{title:d.h,description:r.a.createElement(u.a,{indexPatterns:T,field:`${k}.ip`,value:a,type:u.b.LAST_SEEN})}],[{title:d.e,description:A&&i.host?Object(c.e)({host:i.host,isDraggable:E,ipFilter:a,contextID:e}):Object(l.d)()},{title:d.f,description:A&&i.host?Object(c.f)(i.host,a,e,E):Object(l.d)()}],[{title:d.o,description:Object(c.i)(a)},{title:d.k,description:Object(c.h)(a)}]];return r.a.createElement(b.c,null,r.a.createElement(p.g,{direction:v?"column":"row"},!v&&r.a.createElement(b.b,{queryId:t,title:d.g,inspectIndex:0}),N.map(((e,t)=>r.a.createElement(h.a,{descriptionList:e,key:t}))),x&&r.a.createElement(m.a,{overlay:!0,overlayBackground:D?n.euiDarkVars.euiPageBackgroundColor:n.euiLightVars.euiPageBackgroundColor,size:"xl"})))}));E.displayName="IpOverview"},function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(113);const i=(e,t)=>t===n.g.source?[{fieldName:"source.ip",fieldValue:e}]:t===n.g.destination?[{fieldName:"destination.ip",fieldValue:e}]:[]},function(e,t,a){"use strict";a.d(t,"b",(function(){return u})),a.d(t,"a",(function(){return d}));var n=a(23),i=a(2),r=a(878),o=a(278),s=a(279),l=a(735),c=a(21);const u=({defaultGroupingOptions:e,groupingId:t,fields:a,onGroupChange:n,maxGroupingLevels:r})=>{const o=Object(i.useCallback)((e=>{n([e])}),[n]);return Object(c.jsx)(s.a,{groupingId:t,groupsSelected:["none"],"data-test-subj":"alerts-table-group-selector",onGroupChange:o,fields:a,maxGroupingLevels:r,options:e})},d=({defaultGroupingOptions:e,dispatch:t,fields:a,groupingId:u,groupingState:d,maxGroupingLevels:p=1,onGroupChange:m,onOptionsChange:g,tracker:y})=>{var f;const{activeGroups:b,options:h}=null!==(f=Object(r.b)({groups:d},u))&&void 0!==f?f:o.c,E=Object(i.useCallback)((e=>{t(r.a.updateActiveGroups({id:u,activeGroups:e}))}),[t,u]),v=Object(i.useCallback)((e=>{t(r.a.updateGroupOptions({id:u,newOptionList:e})),null==g||g(e)}),[t,u,g]),x=Object(i.useCallback)((e=>{if(b.find((t=>t===e))){const t=b.filter((t=>t!==e));return void(0===t.length?E(["none"]):E(t))}const t=Object(s.e)([e])?[e]:[...b.filter((e=>"none"!==e)),e];E(t),null==y||y(n.METRIC_TYPE.CLICK,l.a.groupChanged({groupingId:u,selected:e})),null==m||m({tableId:u,groupByField:e})}),[u,m,b,E,y]);return Object(i.useEffect)((()=>{if(0===h.length&&e.length>0)return v(e.find((e=>b.find((t=>t===e.key))))?e:[...e,...Object(s.e)(b)?[]:b.map((e=>({key:e,label:e})))]);if(Object(s.e)(b))return;const t=h.map((e=>e.key)),a=[...h];b.forEach((e=>{t.includes(e)||a.push({label:e,key:e})})),a.length!==h.length&&v(a)}),[e,h,b,v]),Object(c.jsx)(s.a,{groupingId:u,groupsSelected:b,"data-test-subj":"alerts-table-group-selector",onGroupChange:x,fields:a,maxGroupingLevels:p,options:h})}},function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(139);const i=({groups:e},t)=>e[t],r=()=>Object(n.createSelector)(i,(e=>e))},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(2),i=a(365);const r=Object(i.c)(),o=()=>{const[e]=Object(n.useState)(r);return{globalKQLHeaderPortalNode:e}}},function(e,t,a){const n=a(157),i=a(292),{safeRe:r,t:o}=a(310);e.exports=(e,t)=>{if(e instanceof n)return e;if("number"==typeof e&&(e=String(e)),"string"!=typeof e)return null;let a=null;if((t=t||{}).rtl){let t;for(;(t=r[o.COERCERTL].exec(e))&&(!a||a.index+a[0].length!==e.length);)a&&t.index+t[0].length===a.index+a[0].length||(a=t),r[o.COERCERTL].lastIndex=t.index+t[1].length+t[2].length;r[o.COERCERTL].lastIndex=-1}else a=e.match(r[o.COERCE]);return null===a?null:i(`${a[2]}.${a[3]||"0"}.${a[4]||"0"}`,t)}},function(e,t,a){"use strict";a.d(t,"a",(function(){return p}));var n=a(2),i=a.n(n),r=a(41),o=a.n(r),s=a(40),l=a(77),c=a(102);const u=o()(s.EuiLink).withConfig({displayName:"StyledJobEuiLInk",componentId:"sc-ilb29r-0"})(["margin-right:",";"],(({theme:e})=>e.eui.euiSizeS)),d=({jobId:e,jobName:t})=>{const{services:{http:a,ml:n}}=Object(c.j)(),r=Object(l.useMlHref)(n,a.basePath.get(),{page:l.ML_PAGES.ANOMALY_DETECTION_JOBS_MANAGE,pageState:{jobId:[e]}},[e]);return i.a.createElement(u,{"data-test-subj":"machineLearningJobLink",href:r,target:"_blank"},i.a.createElement("span",{"data-test-subj":"machineLearningJob"},null!=t?t:e))},p=Object(n.memo)(d)},function(e,t,a){"use strict";a.d(t,"a",(function(){return S}));var n=a(42),i=a(40),r=a(2),o=a.n(r),s=a(343),l=a.n(s),c=a(839),u=a.n(c),d=a(41),p=a.n(d),m=a(69),g=a(44),y=a(129),f=a(4),b=a(125),h=a(102),E=a(852);const v=[{isSummaryOption:!0,isForEachAlertOption:!0,value:{value:"onActiveAlert",inputDisplay:E.d,"data-test-subj":"onActiveAlert",dropdownDisplay:o.a.createElement(i.EuiText,{size:"s"},o.a.createElement("p",null,o.a.createElement(g.FormattedMessage,{defaultMessage:"Per rule run",id:"xpack.securitySolution.detectionEngine.ruleNotifyWhen.onActiveAlert.label"})))}},{isSummaryOption:!0,isForEachAlertOption:!1,value:{value:"onThrottleInterval",inputDisplay:E.a,"data-test-subj":"onThrottleInterval",dropdownDisplay:o.a.createElement(i.EuiText,{size:"s"},o.a.createElement("p",null,o.a.createElement(g.FormattedMessage,{defaultMessage:"Custom frequency",id:"xpack.securitySolution.detectionEngine.ruleNotifyWhen.onThrottleInterval.label"})))}}],x=p.a.div.withConfig({displayName:"FieldErrorsContainer",componentId:"sc-kyvj3t-0"})(["p{margin-bottom:0;}"]),k=p.a.div.attrs((({className:e="",$caseIndexes:t=[]})=>({className:e}))).withConfig({displayName:"ContainerActions",componentId:"sc-kyvj3t-1"})(["",""],(({$caseIndexes:e})=>e.map((e=>`\n        div[id="${e}"].euiAccordion__childWrapper .euiAccordion__children {\n          padding: 0px;\n          .euiFlexGroup {\n            display: none;\n          }\n          .euiSpacer.euiSpacer--xl {\n            height: 0px;\n          }\n        }\n      `)))),S=({field:e,messageVariables:t,summaryMessageVariables:a})=>{const[s,c]=Object(r.useState)(null),d=Object(b.l)(),{isValid:p}=d,{triggersActionsUi:{getActionForm:g}}=Object(h.j)().services,[S,w]=Object(r.useState)(!1),j=Object(r.useMemo)((()=>Object(n.isEmpty)(e.value)?[]:e.value),[e.value]),O=Object(r.useMemo)((()=>j.reduce(((e,t,a)=>".case"===t.actionTypeId?[...e,`${a}`]:e),[])),[j]),I=Object(r.useCallback)(((t,a)=>{const i=[...j];Object(n.isEmpty)(i[a].params)&&w(!0),i[a]=l()(i[a],{id:t}),e.setValue(i)}),[e,j]),T=Object(r.useCallback)((t=>e.setValue(t)),[e]),C=Object(r.useCallback)(((t,a,n)=>{const i=()=>{e.setValue((e=>{const i=[...e];return i[n]={...i[n],params:{...i[n].params,[t]:a}},i}))};S?(setTimeout(i,0),w(!1)):i()}),[e,S]),M=Object(r.useCallback)(((t,a,i)=>{e.setValue((e=>{const r=[...e],{alertsFilter:o,...s}=r[i],l={...o};return a?l[t]=a:delete l[t],r[i]={...s,...Object(n.isEmpty)(l)?{}:{alertsFilter:l}},r}))}),[e]),F=Object(r.useCallback)(((t,a,n)=>{e.setValue((e=>{var i;const r=[...e];return r[n]={...r[n],frequency:{...null!==(i=r[n].frequency)&&void 0!==i?i:f.Pb,[t]:a}},r}))}),[e]),D=void 0!==p,A=Object(r.useMemo)((()=>g({actions:j,messageVariables:t,summaryMessageVariables:a,defaultActionGroupId:"default",setActionIdByIndex:I,setActions:T,setActionParamsProperty:C,setActionFrequencyProperty:F,setActionAlertsFilterProperty:M,featureId:m.SecurityConnectorFeatureId,producerId:y.mb.SIEM,defaultActionMessage:E.c,defaultSummaryMessage:E.e,hideActionHeader:!0,hasAlertsMappings:!0,notifyWhenSelectOptions:v,defaultRuleFrequency:f.Pb,disableErrorMessages:!D})),[j,g,t,a,F,I,C,T,M,D]);return Object(r.useEffect)((()=>{if(!1===p){const t=e.errors.map((({message:e})=>e)).join("\n");return c(t)}return c(null)}),[e.errors,p]),o.a.createElement(k,{$caseIndexes:O},s?o.a.createElement(o.a.Fragment,null,o.a.createElement(x,null,o.a.createElement(i.EuiCallOut,{title:E.b,color:"danger",iconType:"warning"},o.a.createElement(u.a,null,s))),o.a.createElement(i.EuiSpacer,null)):null,A)}},function(e,t,a){"use strict";a.d(t,"a",(function(){return n})),a.d(t,"d",(function(){return i})),a.d(t,"b",(function(){return r})),a.d(t,"c",(function(){return o}));const n={filter:"",tags:[],showCustomRules:!1,showElasticRules:!1,enabled:void 0,ruleExecutionStatus:void 0},i={field:"enabled",order:"desc"},r=1,o=20},function(e,t,a){"use strict";a.d(t,"a",(function(){return y}));var n=a(40),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(172),c=a(196),u=a(159),d=a(612),p=a(265);const m=s()(n.EuiSwitch).withConfig({displayName:"StaticSwitch",componentId:"sc-1s9ljiu-0"})([".euiSwitch__thumb,.euiSwitch__icon{transition:none;}"]);m.displayName="StaticSwitch";const g=({id:e,isDisabled:t,isLoading:a,enabled:o,startMlJobsIfNeeded:s,onChange:g})=>{const[y,f]=Object(i.useState)(!1),b=Object(p.c)(),{startTransaction:h}=Object(u.b)(),{executeBulkAction:E}=Object(d.b)({suppressSuccessToast:!b}),v=Object(i.useCallback)((async t=>{f(!0),h({name:o?c.e.DISABLE:c.e.ENABLE});const a=t.target.checked;a&&await(null==s?void 0:s());const n=await E({type:a?l.b.enable:l.b.disable,ids:[e]});null!=n&&n.attributes.results.updated.length&&(null==g||g(n.attributes.results.updated[0].enabled)),f(!1)}),[o,E,e,g,s,h]),x=Object(i.useMemo)((()=>y!==a&&a||y),[y,a]);return r.a.createElement(n.EuiFlexGroup,{alignItems:"center",justifyContent:"spaceAround",id:`rule-switch-${e}`},r.a.createElement(n.EuiFlexItem,{grow:!1},x?r.a.createElement(n.EuiLoadingSpinner,{size:"m","data-test-subj":"ruleSwitchLoader"}):r.a.createElement(m,{"data-test-subj":"ruleSwitch",showLabel:!1,label:"",disabled:t,checked:o,onChange:v})))},y=r.a.memo(g);y.displayName="RuleSwitch"},function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(40),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(166);const c=s()(n.EuiPanel).withConfig({displayName:"MyPanel",componentId:"sc-j93jp7-0"})(["position:relative;"]);c.displayName="MyPanel";const u=({children:e,loading:t,title:a})=>r.a.createElement(c,{hasBorder:!0},t&&r.a.createElement(n.EuiProgress,{size:"xs",color:"accent",position:"absolute","data-test-subj":"stepPanelProgress"}),a&&r.a.createElement(l.a,{title:a}),e),d=Object(i.memo)(u)},function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(2),i=a.n(n),r=a(40),o=a(137);const s=({columnName:e,children:t})=>{const[a,s]=Object(n.useState)(!1);return i.a.createElement(r.EuiPopover,{anchorPosition:"upCenter",isOpen:a,closePopover:()=>s(!1),button:i.a.createElement(r.EuiButtonIcon,{"aria-label":o.cc(e),onClick:e=>{s(!a),e.stopPropagation()},size:"xs",color:"primary",iconType:"questionInCircle",style:{height:"auto"}})},t)},l=i.a.memo(s);l.displayName="PopoverTooltip"},function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a.n(n),r=a(40);const o=({title:e,tooltipContent:t,customTooltip:a})=>i.a.createElement(r.EuiFlexGroup,{gutterSize:"none"},i.a.createElement(r.EuiFlexItem,{style:{width:"calc(100% - 20px)"}},i.a.createElement("span",{className:"eui-textTruncate"},e)),null!=a?a:i.a.createElement(r.EuiToolTip,{content:t},i.a.createElement(r.EuiIcon,{"data-test-subj":"tableHeaderIcon",size:"m",color:"subdued",type:"questionInCircle",style:{marginLeft:4}}))),s=i.a.memo(o);s.displayName="TableHeaderTooltipCell"},function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(2),i=a(102);const r=()=>{const{storage:e}=Object(i.j)().services,t=Object(n.useCallback)((t=>{var a;return null!==(a=e.get(`${t}-messages`))&&void 0!==a?a:[]}),[e]),a=Object(n.useCallback)(((t,a)=>{var n;const i=null!==(n=e.get(`${t}-messages`))&&void 0!==n?n:[];e.set(`${t}-messages`,[...i,a])}),[e]),r=Object(n.useCallback)(((t,a)=>{var n;return(null!==(n=e.get(`${t}-messages`))&&void 0!==n?n:[]).filter((e=>e===a)).length>0}),[e]),o=Object(n.useCallback)(((t,a)=>{var n;const i=null!==(n=e.get(`${t}-messages`))&&void 0!==n?n:[];e.set(`${t}-messages`,[...i.filter((e=>e!==a))])}),[e]);return{getMessages:t,addMessage:a,clearAllMessages:Object(n.useCallback)((t=>e.remove(`${t}-messages`)),[e]),removeMessage:o,hasMessage:r}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(40),i=a(2),r=a.n(i),o=a(142),s=a(135);const l=({status:e=o.d,onFilterGroupChanged:t})=>{const a=[{id:"open",label:s.H,"data-test-subj":"openAlerts"},{id:"acknowledged",label:s.a,"data-test-subj":"acknowledgedAlerts"},{id:"closed",label:s.y,"data-test-subj":"closedAlerts"}],l=Object(i.useCallback)((e=>{t(e)}),[t]);return r.a.createElement(n.EuiButtonGroup,{legend:"filter status",color:"primary",options:a,idSelected:e,"data-test-subj":"alerts-table-filter-group",onChange:l})},c=r.a.memo(l)},function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(2),i=a(472);const r=()=>{const[e,t,a]=Object(i.a)(),r=Object(n.useRef)(),o=Object(n.useCallback)((e=>{var t;null===(t=r.current)||void 0===t||t.call(r,e)}),[]),s=Object(n.useCallback)((()=>{var e;null===(e=r.current)||void 0===e||e.call(r,null)}),[]),l=Object(n.useCallback)((()=>(t(),new Promise((e=>{r.current=e})).finally((()=>{a()})))),[t,a]);return{isBulkDuplicateConfirmationVisible:e,showBulkDuplicateConfirmation:Object(n.useCallback)((async()=>{const e=await l();return e?o(e):s(),e}),[l,o,s]),cancelRuleDuplication:s,confirmRuleDuplication:o}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(2),i=a.n(n),r=a(40),o=a(687),s=a(935);const l=({onCancel:e,onConfirm:t,rulesCount:a})=>{const[l,c]=Object(n.useState)(o.a.withExceptions),u=Object(n.useCallback)((e=>{c(e)}),[c]),d=Object(n.useCallback)((()=>{t(l)}),[t,l]);return i.a.createElement(r.EuiConfirmModal,{title:s.c.MODAL_TITLE(a),onConfirm:d,cancelButtonText:s.c.CANCEL_BUTTON,confirmButtonText:s.c.CONTINUE_BUTTON,defaultFocusedButton:"confirm",onCancel:e},i.a.createElement(r.EuiText,null,s.c.MODAL_TEXT(a)),i.a.createElement(r.EuiSpacer,null),i.a.createElement(r.EuiRadioGroup,{options:[{id:o.a.withExceptions,label:i.a.createElement(r.EuiText,{size:"s"},s.c.DUPLICATE_EXCEPTIONS_INCLUDE_EXPIRED_EXCEPTIONS_LABEL(a),i.a.createElement(r.EuiIconTip,{content:s.c.DUPLICATE_TOOLTIP,position:"bottom"})),"data-test-subj":o.a.withExceptions},{id:o.a.withExceptionsExcludeExpiredExceptions,label:i.a.createElement(r.EuiText,{size:"s"},s.c.DUPLICATE_EXCEPTIONS_TEXT(a),i.a.createElement(r.EuiIconTip,{content:s.c.DUPLICATE_TOOLTIP,position:"bottom"})),"data-test-subj":o.a.withExceptionsExcludeExpiredExceptions},{id:o.a.withoutExceptions,label:s.c.DUPLICATE_WITHOUT_EXCEPTIONS_TEXT(a),"data-test-subj":o.a.withoutExceptions}],idSelected:l,onChange:u}))},c=i.a.memo(l);c.displayName="BulkActionDuplicateExceptionsConfirmation"},,,,,,,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return h}));var n=a(40),i=a(2),r=a.n(i),o=a(129),s=a(4),l=a(102),c=a(344),u=a(8);const d=(e,t)=>e.checked?t.checked&&e.checked<=t.checked?1:-1:t.checked?1:0,p=(e,t)=>{const a=Object(u.intersection)(...e),n=Object(u.union)(...e);return Object(u.union)(n,t).map((e=>{let t={checked:void 0,"data-test-subj":"unselected-alert-tag"};return a.includes(e)?t={checked:"on","data-test-subj":"selected-alert-tag"}:n.includes(e)&&(t={checked:"mixed","data-test-subj":"mixed-alert-tag"}),{label:e,...t}})).sort(d)},m={selectableAlertTags:[],tagsToAdd:new Set,tagsToRemove:new Set},g=({alertItems:e,refresh:t,refetchQuery:a,setIsLoading:u,clearSelection:d,closePopoverMenu:g,onSubmit:y})=>{const[f]=Object(l.p)(s.w),b=Object(i.useMemo)((()=>e.map((e=>{var t,a;return null!==(t=null===(a=e.data.find((e=>e.field===o.kb)))||void 0===a?void 0:a.value)&&void 0!==t?t:[]}))),[e]),[{selectableAlertTags:h,tagsToAdd:E,tagsToRemove:v},x]=Object(i.useReducer)(((e,t)=>{switch(t.type){case"addAlertTag":{const{value:a}=t;return e.tagsToAdd.add(a),e.tagsToRemove.delete(a),e}case"removeAlertTag":{const{value:a}=t;return e.tagsToRemove.add(a),e.tagsToAdd.delete(a),e}case"setSelectableAlertTags":{const{value:a}=t;return{...e,selectableAlertTags:a}}default:return e}}),{...m,selectableAlertTags:p(b,f),tagsToAdd:new Set,tagsToRemove:new Set}),k=Object(i.useCallback)((e=>{x({type:"addAlertTag",value:e})}),[x]),S=Object(i.useCallback)((e=>{x({type:"removeAlertTag",value:e})}),[x]),w=Object(i.useCallback)((e=>{x({type:"setSelectableAlertTags",value:e})}),[x]),j=Object(i.useCallback)((async()=>{if(0===E.size&&0===v.size)return void g();const n=Array.from(E),i=Array.from(v),r=e.map((e=>e._id)),o={tags_to_add:n,tags_to_remove:i};null!=y&&(g(),await y(o,r,(()=>{a&&a(),t&&t(),d&&d()}),u))}),[g,E,v,e,a,t,d,u,y]),O=Object(i.useCallback)(((e,t,a)=>{"on"===a.checked?k(a.label):a.checked||S(a.label),w(e)}),[k,S,w]);return r.a.createElement(r.a.Fragment,null,r.a.createElement(n.EuiSelectable,{searchable:!0,searchProps:{placeholder:c.h},"aria-label":c.h,options:h,onChange:O,emptyMessage:c.f,noMatchesMessage:c.g,"data-test-subj":"alert-tags-selectable-menu"},((e,t)=>r.a.createElement("div",null,r.a.createElement(n.EuiPopoverTitle,null,t),e))),r.a.createElement(n.EuiButton,{"data-test-subj":"alert-tags-update-button",fullWidth:!0,size:"s",onClick:j},c.c))},y=Object(i.memo)(g);var f=a(58),b=a(108);const h=({refetch:e})=>{const t=(()=>{const{http:e}=Object(f.useKibana)().services,{addSuccess:t,addError:a}=Object(b.a)(),n=Object(i.useRef)(null),r=Object(i.useCallback)((e=>t(c.w(e))),[t]),o=Object(i.useCallback)((e=>{a(e.message,{title:c.v})}),[a]);return Object(i.useEffect)((()=>{let e=!1;const t=new AbortController;return n.current=async(a,n,i,c)=>{try{c(!0);const o=await(async({tags:e,ids:t,signal:a})=>l.b.get().http.fetch(s.ab,{method:"POST",body:JSON.stringify({tags:e,ids:t}),signal:a}))({tags:a,ids:n,signal:t.signal});e||(i(),c(!1),r(o.items.length))}catch(t){e||(c(!1),o(t))}},()=>{e=!0,t.abort()}}),[e,o,r]),n.current})(),a=Object(i.useCallback)((async(e,a,n,i)=>{t&&await t(e,a,n,i)}),[t]),o=[{key:"manage-alert-tags","data-test-subj":"alert-tags-context-menu-item",name:c.d,panel:1,label:c.d,disableOnQuery:!0}],u=Object(i.useMemo)((()=>r.a.createElement(n.EuiFlexGroup,{alignItems:"center",gutterSize:"s",responsive:!1},r.a.createElement(n.EuiFlexItem,{grow:!1},c.d),r.a.createElement(n.EuiFlexItem,{grow:!1},r.a.createElement(n.EuiIconTip,{content:c.e,position:"right"})))),[]),d=Object(i.useCallback)((({alertItems:t,refresh:n,setIsBulkActionsLoading:i,clearSelection:o,closePopoverMenu:s})=>r.a.createElement(y,{alertItems:t,refresh:n,refetchQuery:e,setIsLoading:i,clearSelection:o,closePopoverMenu:s,onSubmit:a})),[a,e]);return{alertTagsItems:o,alertTagsPanels:Object(i.useMemo)((()=>[{id:1,title:u,"data-test-subj":"alert-tags-context-menu-panel",renderContent:d}]),[u,d])}}},function(e,t,a){"use strict";a.d(t,"a",(function(){return M}));var n=a(2),i=a.n(n),r=a(3),o=a(41),s=a.n(o),l=a(130),c=a.n(l),u=a(40),d=a(13),p=a(72);const m=Object(n.memo)((({indexPattern:e,isLoading:t=!1,isRefreshPaused:a,filterQuery:r,filterManager:o,filters:s,refreshInterval:l,dataTestSubj:c,displayStyle:u})=>{const d=Object(n.useCallback)((e=>{o.setFilters(e)}),[o]),m=Object(n.useMemo)((()=>[e]),[e]);return i.a.createElement(p.SearchBar,{showSubmitButton:!1,filters:s,indexPatterns:m,isLoading:t,isRefreshPaused:a,query:r,onFiltersUpdated:d,refreshInterval:l,showAutoRefreshOnly:!1,showFilterBar:!0,showDatePicker:!1,showQueryInput:!1,showSaveQuery:!1,dataTestSubj:c,displayStyle:u})}));m.displayName="FilterBar";var g=a(108),y=a(371),f=a(8);const b=({ariaLabel:e,errors:t})=>{const[a,r]=Object(n.useState)(!1),o=Object(n.useCallback)((()=>{r(!a)}),[a]),s=Object(n.useCallback)((()=>{r(!1)}),[]);return i.a.createElement(u.EuiPopover,{"data-test-subj":"eql-validation-errors-popover",button:i.a.createElement(u.EuiButtonEmpty,{"data-test-subj":"eql-validation-errors-popover-button",iconType:"error",size:"s",color:"danger","aria-label":e,onClick:o},t.length),isOpen:a,closePopover:s,anchorPosition:"downCenter"},i.a.createElement("div",{"data-test-subj":"eql-validation-errors-popover-content"},i.a.createElement(u.EuiPopoverTitle,null,y.k),t.map(((e,t)=>i.a.createElement(u.EuiText,{key:t},e)))))};var h=a(102);const E=s()(u.EuiText).withConfig({displayName:"InlineText",componentId:"sc-yylwe5-0"})(["display:inline-block;"]),v=()=>{const e=Object(h.j)().services.docLinks.links.query.eql;return i.a.createElement(u.EuiLink,{external:!0,href:e,target:"_blank"},i.a.createElement(E,{size:"xs"},y.i))},x=s()(u.EuiPanel).withConfig({displayName:"Container",componentId:"sc-x7d5ta-0"})(["border-radius:0;background:",";padding:"," ",";"],(({theme:e})=>e.eui.euiPageBackgroundColor),(({theme:e})=>e.eui.euiSizeXS),(({theme:e})=>e.eui.euiSizeS)),k=s()(u.EuiFlexGroup).withConfig({displayName:"FlexGroup",componentId:"sc-x7d5ta-1"})(["min-height:",";"],(({theme:e})=>e.eui.euiSizeXL)),S=s()(u.EuiFlexItem).withConfig({displayName:"FlexItemLeftBorder",componentId:"sc-x7d5ta-2"})(["border-left:1px solid ",";"],(({theme:e})=>e.eui.euiColorLightShade)),w=s()(u.EuiFlexItem).withConfig({displayName:"FlexItemWithMarginRight",componentId:"sc-x7d5ta-3"})(["margin-right:",";"],(({theme:e})=>e.eui.euiSizeS)),j=s()(u.EuiLoadingSpinner).withConfig({displayName:"Spinner",componentId:"sc-x7d5ta-4"})(["margin:0 ",";"],(({theme:e})=>e.eui.euiSizeS)),O={asPlainText:!0},I=({errors:e,isLoading:t,isSizeOptionDisabled:a,optionsData:r,optionsSelected:o,onOptionsChange:s})=>{var l;const[c,d]=Object(n.useState)(!1),[p,m]=Object(n.useState)(null!==(l=null==o?void 0:o.size)&&void 0!==l?l:100),g=Object(n.useRef)(),h=Object(n.useCallback)((()=>{d(!0)}),[]),E=Object(n.useCallback)((()=>{d(!1)}),[]),I=Object(n.useCallback)((e=>{s&&(e.length>0?s("eventCategoryField",e[0].label):s("eventCategoryField",void 0))}),[s]),T=Object(n.useCallback)((e=>{s&&(e.length>0?s("tiebreakerField",e[0].label):s("tiebreakerField",void 0))}),[s]),C=Object(n.useCallback)((e=>{s&&(e.length>0?s("timestampField",e[0].label):s("timestampField",void 0))}),[s]),M=Object(n.useCallback)((e=>{var t,a,n,i;s&&(m(null==e||null===(t=e.target)||void 0===t?void 0:t.value),null!==(a=g.current)&&void 0!==a&&a.cancel&&(null===(i=g.current)||void 0===i||i.cancel()),g.current=Object(f.debounce)((e=>s("size",e)),800),g.current(null==e||null===(n=e.target)||void 0===n?void 0:n.value))}),[s]),F=Object(n.useMemo)((()=>null!=(null==o?void 0:o.eventCategoryField)?[{label:null==o?void 0:o.eventCategoryField}]:void 0),[null==o?void 0:o.eventCategoryField]),D=Object(n.useMemo)((()=>null!=(null==o?void 0:o.tiebreakerField)?[{label:null==o?void 0:o.tiebreakerField}]:void 0),[null==o?void 0:o.tiebreakerField]),A=Object(n.useMemo)((()=>null!=(null==o?void 0:o.timestampField)?[{label:null==o?void 0:o.timestampField}]:void 0),[null==o?void 0:o.timestampField]);return i.a.createElement(x,null,i.a.createElement(k,{alignItems:"center",justifyContent:"spaceBetween",gutterSize:"none"},i.a.createElement(u.EuiFlexItem,null,e.length>0&&i.a.createElement(b,{ariaLabel:y.l,errors:e}),t&&i.a.createElement(j,{"data-test-subj":"eql-validation-loading",size:"m"})),!s&&i.a.createElement(u.EuiFlexItem,{grow:!1},i.a.createElement(v,null)),s&&i.a.createElement(i.a.Fragment,null,i.a.createElement(w,{grow:!1},i.a.createElement(v,null)),i.a.createElement(S,{grow:!1},i.a.createElement(u.EuiPopover,{button:i.a.createElement(u.EuiButtonIcon,{onClick:h,iconType:"controlsVertical",isDisabled:c,"aria-label":"eql settings","data-test-subj":"eql-settings-trigger"}),isOpen:c,closePopover:E,anchorPosition:"downCenter",ownFocus:!1},i.a.createElement(u.EuiPopoverTitle,null,y.j),i.a.createElement("div",{style:{width:"300px"}},!a&&i.a.createElement(u.EuiFormRow,{"data-test-subj":"eql-size-field",label:y.h,helpText:y.g},i.a.createElement(u.EuiFieldNumber,{value:p,onChange:M,min:1,max:1e4})),i.a.createElement(u.EuiFormRow,{"data-test-subj":"eql-event-category-field",label:y.b,helpText:y.a},i.a.createElement(u.EuiComboBox,{options:null==r?void 0:r.keywordFields,selectedOptions:F,singleSelection:O,onChange:I})),i.a.createElement(u.EuiFormRow,{"data-test-subj":"eql-tiebreaker-field",label:y.d,helpText:y.c},i.a.createElement(u.EuiComboBox,{options:null==r?void 0:r.nonDateFields,selectedOptions:D,singleSelection:O,onChange:T})),i.a.createElement(u.EuiFormRow,{"data-test-subj":"eql-timestamp-field",label:y.f,helpText:y.e},i.a.createElement(u.EuiComboBox,{options:null==r?void 0:r.dateFields,selectedOptions:A,singleSelection:O,onChange:C}))))))))};var T=a(750);const C=s()(u.EuiTextArea).withConfig({displayName:"TextArea",componentId:"sc-u3oqty-0"})(["display:block;border:",";border-bottom:0;box-shadow:none;min-height:",";"],(({theme:e})=>e.eui.euiBorderThin),(({theme:e})=>e.eui.euiFormControlHeight)),M=({dataTestSubj:e,field:t,isLoading:a=!1,indexPattern:o,showFilterBar:s,idAria:l,optionsData:p,optionsSelected:f,isSizeOptionDisabled:b,onOptionsChange:E,onValidityChange:v,onValiditingChange:x})=>{const{addError:k}=Object(g.a)(),[S,w]=Object(n.useState)([]),{isValidating:j,value:O,setValue:M}=t,{isValid:F,message:D,messages:A,error:_}=Object(T.c)(t),{uiSettings:N}=Object(h.j)().services,R=Object(n.useRef)(new d.FilterManager(N));Object(n.useEffect)((()=>{null!=v&&v(F)}),[F,v]),Object(n.useEffect)((()=>{w(null!=A?A:[])}),[A]),Object(n.useEffect)((()=>{_&&k(_,{title:y.m})}),[_,k]),Object(n.useEffect)((()=>{x&&x(j)}),[j,x]),Object(n.useEffect)((()=>{let e=!0;const t=new r.Subscription;return R.current.setFilters([]),t.add(R.current.getUpdates$().subscribe({next:()=>{if(e){const e=R.current.getFilters(),{filters:t}=O;c()(t,e)||M({...O,filters:e})}}})),()=>{e=!1,t.unsubscribe()}}),[O,R,M]),Object(n.useEffect)((()=>{const{filters:e}=O;c()(e,R.current.getFilters())||R.current.setFilters(e)}),[O,R]);const q=Object(n.useCallback)((e=>{const t=e.target.value;x&&x(!0),w([]),M({filters:O.filters,query:{query:t,language:"eql"},saved_id:null})}),[O,M,x]);return i.a.createElement(u.EuiFormRow,{label:t.label,labelAppend:t.labelAppend,helpText:t.helpText,error:D,isInvalid:!F&&!j,fullWidth:!0,"data-test-subj":e,describedByIds:l?[l]:void 0},i.a.createElement(i.a.Fragment,null,i.a.createElement(C,{"data-test-subj":"eqlQueryBarTextInput",fullWidth:!0,isInvalid:!F&&!j,value:O.query.query,onChange:q}),i.a.createElement(I,{errors:S,isLoading:j,isSizeOptionDisabled:b,optionsData:p,optionsSelected:f,onOptionsChange:E}),s&&i.a.createElement(i.a.Fragment,null,i.a.createElement(u.EuiSpacer,{size:"s"}),i.a.createElement(m,{"data-test-subj":"eqlFilterBar",indexPattern:o,isLoading:a,isRefreshPaused:!1,filterQuery:O.query,filterManager:R.current,filters:R.current.getFilters()||[],displayStyle:"inPage"}))))}},function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(79),i=a(1379),r=a.n(i),o=a(42),s=a(5);const l=e=>{if(!e)return"";const t=e.split(".")[1];return t?Object(o.startCase)(t):""},c=async(e,t)=>{const a=await(async(e,t)=>{var a;const n=await(null===(a=t.get(e.actionTypeId))||void 0===a?void 0:a.validateParams(e.params));if(n){const e=Object.values(n.errors);if(e.length){const t=e.filter((e=>Object(o.isString)(e)||Object(o.isArray)(e))),a=Object(o.uniq)(Object(o.flattenDeep)(t));if(a.length)return a}}return[]})(e,t),i=(e=>{const t=[];return Object.entries(e).forEach((([e,a])=>{if(Object(o.isString)(a))try{r.a.render(a,{})}catch(a){t.push((e=>s.i18n.translate("xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage",{defaultMessage:"{key} is not valid mustache template",values:{key:Object(o.startCase)(e)}}))(e))}})),t})(e.params),l=Object(n.validateActionFilterQuery)(e);return[...a,...i,...l?[l]:[]]},u=(e,t=100)=>a=>{let n=!1;const i=new Promise((i=>{setTimeout((()=>{n?i():i((e=>async(...t)=>{const[{value:a,path:n}]=t,i=[];for(const t of a){const a=await c(t,e);if(a.length){const e=l(t.actionTypeId),n=a.map((e=>`*   ${e}\n`));i.push(`\n**${e}:**\n${n.join("")}`)}}if(i.length)return{code:"ERR_FIELD_FORMAT",path:n,message:`${i.join("\n")}`}})(e)(a))}),t)}));return i.cancel=()=>{n=!0},i}},function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(5),i=a(41);a.n(i).a.span.withConfig({displayName:"UnitCount",componentId:"sc-1p6k0dy-0"})(["font-size:",";font-weight:",";border-right:",";margin-right:",";padding-right:",";"],(({theme:e})=>e.eui.euiFontSizeXS),(({theme:e})=>e.eui.euiFontWeightSemiBold),(({theme:e})=>e.eui.euiBorderThin),(({theme:e})=>e.eui.euiSizeS),(({theme:e})=>e.eui.euiSizeM));const r=e=>{return t=e,n.i18n.translate("xpack.securitySolution.eventsTab.unit",{values:{totalCount:t},defaultMessage:"{totalCount, plural, =1 {alert} other {alerts}}"});var t}},,,,function(e,t,a){"use strict";a.d(t,"a",(function(){return c})),a.d(t,"b",(function(){return u}));var n=a(2),i=a(216),r=a(113),o=a(5);const s=o.i18n.translate("xpack.securitySolution.networkDetails.errorSearchDescription",{defaultMessage:"An error has occurred on network details search"});o.i18n.translate("xpack.securitySolution.networkDetails.failSearchDescription",{defaultMessage:"Failed to run search on network details"});var l=a(194);const c="networkDetailsQuery",u=({filterQuery:e,id:t=c,indexNames:a,ip:o,skip:u})=>{const{loading:d,result:p,search:m,refetch:g,inspect:y}=Object(l.a)({factoryQueryType:r.r.details,initialResult:{networkDetails:{}},errorMessage:s,abort:u}),f=Object(n.useMemo)((()=>({networkDetails:p.networkDetails,id:t,inspect:y,isInspected:!1,refetch:g})),[t,y,g,p.networkDetails]),b=Object(n.useMemo)((()=>({defaultIndex:a,factoryQueryType:r.r.details,filterQuery:Object(i.a)(e),ip:o})),[e,a,o]);return Object(n.useEffect)((()=>{!u&&b&&m(b)}),[b,m,u]),[d,f]}},function(e,t,a){"use strict";a.d(t,"a",(function(){return f}));var n=a(40),i=a(2),r=a.n(i),o=a(41),s=a.n(o),l=a(676),c=a(268),u=a(106);const d=s()(n.EuiInputPopover).withConfig({displayName:"StyledEuiInputPopover",componentId:"sc-1feu4fu-0"})([".rightArrowIcon{.euiFieldText{padding-left:12px;padding-right:40px;&[readonly]{cursor:pointer;background-size:0 100%;background-repeat:no-repeat;&:focus{background-color:",";background-image:linear-gradient( to top,",","," 2px,transparent 2px,transparent 100% );background-size:100% 100%;}}}.euiFormControlLayoutIcons{left:unset;right:12px;}}"],(({theme:e})=>e.eui.euiFormBackgroundColor),(({theme:e})=>e.eui.euiFocusRingColor),(({theme:e})=>e.eui.euiFocusRingColor)),p=e=>[{description:c.a,favorite:[],label:c.b,id:void 0,title:c.b,checked:"-1"===e?"on":void 0}],m=({isDisabled:e,hideUntitled:t=!1,timelineId:a,timelineTitle:o,timelineType:s=u.l.template,onTimelineChange:m,placeholder:g})=>{const[y,f]=Object(i.useState)(!1),b=Object(i.useCallback)((()=>{f(!1)}),[]),h=Object(i.useCallback)((()=>{f(!0)}),[]),E=Object(i.useMemo)((()=>r.a.createElement(n.EuiFieldText,{readOnly:!0,disabled:e,onFocus:h,onClick:h,value:null!=o?o:c.b,icon:"arrowDown"})),[h,e,o]),v=Object(i.useCallback)((({timelines:e,onlyFavorites:n,searchTimelineValue:i})=>[...n||""!==i?[]:p(null==a?"-1":a),...e.filter((e=>!t||""!==e.title)).map(((e,t)=>({description:e.description,favorite:e.favorite,label:e.title,id:s===u.l.template?e.templateTimelineId:e.savedObjectId,key:`${e.title}-${t}`,title:e.title,checked:[e.savedObjectId,e.templateTimelineId].includes(a)?"on":void 0})))]),[t,a,s]);return r.a.createElement(d,{id:"searchTimelinePopover",input:E,isOpen:y,closePopover:b,anchorClassName:"rightArrowIcon"},r.a.createElement(l.a,{hideUntitled:t,getSelectableOptions:v,onClosePopover:b,onTimelineChange:m,timelineType:s,placeholder:g}))},g=Object(i.memo)(m);var y=a(125);const f=({dataTestSubj:e,field:t,idAria:a,isDisabled:o=!1,placeholder:s})=>{const[l,c]=Object(i.useState)(null),[u,d]=Object(i.useState)(null),{isInvalid:p,errorMessage:m}=Object(y.i)(t);Object(i.useEffect)((()=>{const{id:e,title:a}=t.value;l!==e&&(c(e),d(a))}),[t.value,l]);const f=Object(i.useCallback)(((e,a)=>{null===a?t.setValue({id:a,title:null}):l!==a&&t.setValue({id:a,title:e})}),[t,l]);return r.a.createElement(n.EuiFormRow,{label:t.label,labelAppend:t.labelAppend,helpText:t.helpText,error:m,isInvalid:p,"data-test-subj":e,describedByIds:a?[a]:void 0},r.a.createElement(g,{isDisabled:o,hideUntitled:!0,timelineId:l,timelineTitle:u,onTimelineChange:f,placeholder:s}))}},function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(2),i=a(693),r=a(185),o=a(5);const s=o.i18n.translate("xpack.securitySolution.endpoint.detections.takeAction.responseActionConsole.notSupportedTooltip",{defaultMessage:"Add the Elastic Defend integration via Elastic Agent to enable this feature"}),l=o.i18n.translate("xpack.securitySolution.endpoint.detections.takeAction.responseActionConsole.unenrolledTooltip",{defaultMessage:"Host is no longer enrolled with the Elastic Defend integration"}),c=o.i18n.translate("xpack.securitySolution.endpoint.detections.takeAction.responseActionConsole.loadingTooltip",{defaultMessage:"Loading"}),u=o.i18n.translate("xpack.securitySolution.endpoint.detections.takeAction.responseActionConsole.generalMetadataErrorTooltip",{defaultMessage:"Failed to retrieve Endpoint metadata"}),d=({endpointId:e,onClick:t})=>{const a=Object(i.d)(),{data:o,isFetching:d,error:p}=Object(i.c)(e,{enabled:Boolean(e)}),[m,g]=Object(n.useMemo)((()=>{var e,t,a;return d?[!0,c]:p&&404===(null===(e=p.body)||void 0===e?void 0:e.statusCode)?[!0,s]:p&&400===(null===(t=p.body)||void 0===t?void 0:t.statusCode)&&null!==(a=p.body)&&void 0!==a&&a.message.includes("unenrolled")||(null==o?void 0:o.host_status)===r.c.UNENROLLED?[!0,l]:p?[!0,u]:[!1,void 0]}),[o,p,d]);return{handleResponseActionsClick:Object(n.useCallback)((()=>{o&&a(o.metadata),t&&t()}),[o,t,a]),isDisabled:m,tooltip:g}}},,function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(2),i=a(8),r=a(1284),o=a.n(r);const s=(e,t)=>null==t?`${Object(i.capitalize)(e)}`:`${Object(i.capitalize)(e)} ${Object(i.capitalize)(t)}`,l=e=>{var t;return null!==(t=o.a.valid(o.a.coerce(e)))&&void 0!==t?t:""},c=(e,t,a)=>`app/integrations/detail/${a?`${e}-${a}`:e}/overview${t?`?integration=${t}`:""}`;var u=a(872);const d=e=>{const{data:t}=Object(u.a)({packages:[]});return Object(n.useMemo)((()=>{const a=((e,t)=>((e,t)=>e.map((e=>{if(null==t)return{related:e,installed:null,isLoaded:!1};{const a=t.find((t=>t.package_name===e.package&&(null==t?void 0:t.integration_name)===(null==e?void 0:e.integration)));return{related:e,installed:null!=a?a:null,isLoaded:!0}}})))(e,t).map((e=>(e=>{var t;const{related:a,installed:n,isLoaded:i}=e,r=a.package,u=null!==(t=a.integration)&&void 0!==t?t:null,d=a.version;if(!i){const e=s(r,u),t=l(d);return{packageName:r,integrationName:u,integrationTitle:e,requiredVersion:d,targetVersion:t,targetUrl:c(r,u,t),installationStatus:{isKnown:!1}}}if(null==n){const e=s(r,u),t=l(d);return{packageName:r,integrationName:u,integrationTitle:e,requiredVersion:d,targetVersion:t,targetUrl:c(r,u,t),installationStatus:{isKnown:!0,isInstalled:!1,isEnabled:!1,isVersionMismatch:!1,installedVersion:""}}}{var p;const e=null!==(p=n.integration_title)&&void 0!==p?p:n.package_title,t=n.package_version,a=o.a.satisfies(t,d),i=a?t:l(d);return{packageName:r,integrationName:u,integrationTitle:e,requiredVersion:d,targetVersion:i,targetUrl:c(r,u,i),installationStatus:{isKnown:!0,isInstalled:!0,isEnabled:n.is_enabled,isVersionMismatch:!a,installedVersion:t}}}})(e))).sort(((e,t)=>e.integrationTitle.localeCompare(t.integrationTitle))))(e,t);return{integrations:a,isLoaded:null!=t}}),[e,t])}},function(e,t,a){"use strict";a.d(t,"a",(function(){return b}));var n=a(104),i=a.n(n),r=a(2),o=a.n(r),s=a(40),l=a(41),c=a.n(l),u=a(44),d=a(47),p=a(107),m=a(173);const g=c.a.div.withConfig({displayName:"RootContainer",componentId:"sc-ptw6hp-0"})(["position:relative;padding-top:",";.body{min-height:",";&-content{position:relative;}}"],(({theme:e})=>e.eui.euiSizeXS),(({theme:e})=>e.eui.euiSizeXXL)),y=Object(r.memo)((({"data-test-subj":e})=>o.a.createElement(s.EuiEmptyPrompt,{"data-test-subj":e,title:o.a.createElement(u.FormattedMessage,{id:"xpack.securitySolution.endpoint.paginatedContent.noItemsFoundTitle",defaultMessage:"No items found"})})));y.displayName="DefaultNoItemsFound";const f=Object(r.memo)((({message:e,"data-test-subj":t})=>o.a.createElement(s.EuiText,{textAlign:"center","data-test-subj":t},o.a.createElement(s.EuiSpacer,{size:"m"}),o.a.createElement(s.EuiIcon,{type:"minusInCircle",color:"danger"})," ",e,o.a.createElement(s.EuiSpacer,{size:"m"}))));f.displayName="ErrorMessage";const b=Object(r.memo)((({items:e,ItemComponent:t,itemComponentProps:a,itemId:n,onChange:l,pagination:c,loading:u,noItemsMessage:b,error:h,contentClassName:E,"data-test-subj":v,"aria-label":x,className:k,children:S})=>{const[w]=Object(r.useState)(new WeakMap),j=Object(p.a)(v),O=Object(r.useMemo)((()=>Math.ceil(((null==c?void 0:c.totalItemCount)||1)/((null==c?void 0:c.pageSize)||1))),[null==c?void 0:c.pageSize,null==c?void 0:c.totalItemCount]);Object(r.useEffect)((()=>{!u&&O>0&&O<((null==c?void 0:c.pageIndex)||0)+1&&l({pageIndex:O-1,pageSize:(null==c?void 0:c.pageSize)||0})}),[O,l,c,u]);const I=Object(r.useCallback)((e=>{if(null!=c&&c.pageIndex){var t,a;const n=Math.floor((null!==(t=null==c?void 0:c.pageIndex)&&void 0!==t?t:m.b)*(null!==(a=null==c?void 0:c.pageSize)&&void 0!==a?a:m.c)/e);l({pageSize:e,pageIndex:isNaN(n)?m.b:n})}else l({pageSize:e,pageIndex:m.b})}),[l,c]),T=Object(r.useCallback)((e=>{l({pageIndex:e,pageSize:(null==c?void 0:c.pageSize)||m.c})}),[l,null==c?void 0:c.pageSize]),C=Object(r.useMemo)((()=>{if(h)return h instanceof Error?o.a.createElement(f,{message:h.message,"data-test-subj":j("error")}):"string"==typeof h?o.a.createElement(f,{message:h,"data-test-subj":j("error")}):h;const r=t;return e.length?e.map((e=>{let t;return n?t=e[n]:w.has(e)?t=w.get(e):(t=Object(d.v4)(),w.set(e,t)),o.a.createElement(r,i()({},a(e),{key:t}))})):u?void 0:b||o.a.createElement(y,{"data-test-subj":j("noResults")})}),[t,h,j,a,n,w,e,b,u]);return o.a.createElement(g,{"data-test-subj":v,"aria-label":x,className:k},u&&o.a.createElement(s.EuiProgress,{size:"xs",color:"primary",position:"absolute","data-test-subj":j("loader")}),o.a.createElement("div",{className:"body","data-test-subj":j("body")},o.a.createElement("div",{className:`body-content ${E}`},S||C)),c&&(S||e.length>0)&&o.a.createElement("div",{"data-test-subj":j("footer")},o.a.createElement(s.EuiSpacer,{size:"l"}),o.a.createElement(s.EuiTablePagination,{activePage:c.pageIndex,itemsPerPage:c.pageSize,itemsPerPageOptions:c.pageSizeOptions,pageCount:O,showPerPageOptions:c.showPerPageOptions,onChangeItemsPerPage:I,onChangePage:T})))}));b.displayName="PaginatedContent"},,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,function(e,t){},function(e,t,a){e.exports=a(33)(1734)},function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(0),i=a.n(n);const r="".padStart(2);class LineWriter{constructor(e="\n"){i()(this,"_indent",""),i()(this,"_lines",[]),i()(this,"_separator",void 0),this._indent="",this._lines=[],this._separator=e}addLine(e){this._lines.push(`${this._indent}${e}`)}addLineAndIndent(e){this._lines.push(`${this._indent}${e}`),this._indent=`${this._indent}${r}`}dedentAndAddLine(e){this._indent=this._indent.substr(2),this._lines.push(`${this._indent}${e}`)}indent(){this._indent=`${this._indent}${r}`}dedent(){this._indent=this._indent.substr(2)}getContent(){return this._lines.join(this._separator)}}const o=(e="\n")=>new LineWriter(e)},function(e,t,a){e.exports=a.p+"94cccf20036d014924e63d4d595e88e1.svg"},function(e,t,a){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var n=a(2),i=a(64),r=function(e,t){return r=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var a in t)Object.prototype.hasOwnProperty.call(t,a)&&(e[a]=t[a])},r(e,t)};function o(e,t){function a(){this.constructor=e}r(e,t),e.prototype=null===t?Object.create(t):(a.prototype=t.prototype,new a)}var s=function(){return s=Object.assign||function(e){for(var t,a=1,n=arguments.length;a<n;a++)for(var i in t=arguments[a])Object.prototype.hasOwnProperty.call(t,i)&&(e[i]=t[i]);return e},s.apply(this,arguments)},l={width:"100%",height:"10px",top:"0px",left:"0px",cursor:"row-resize"},c={width:"10px",height:"100%",top:"0px",left:"0px",cursor:"col-resize"},u={width:"20px",height:"20px",position:"absolute"},d={top:s(s({},l),{top:"-5px"}),right:s(s({},c),{left:void 0,right:"-5px"}),bottom:s(s({},l),{top:void 0,bottom:"-5px"}),left:s(s({},c),{left:"-5px"}),topRight:s(s({},u),{right:"-10px",top:"-10px",cursor:"ne-resize"}),bottomRight:s(s({},u),{right:"-10px",bottom:"-10px",cursor:"se-resize"}),bottomLeft:s(s({},u),{left:"-10px",bottom:"-10px",cursor:"sw-resize"}),topLeft:s(s({},u),{left:"-10px",top:"-10px",cursor:"nw-resize"})},p=function(e){function t(){var t=null!==e&&e.apply(this,arguments)||this;return t.onMouseDown=function(e){t.props.onResizeStart(e,t.props.direction)},t.onTouchStart=function(e){t.props.onResizeStart(e,t.props.direction)},t}return o(t,e),t.prototype.render=function(){return n.createElement("div",{className:this.props.className||"",style:s(s({position:"absolute",userSelect:"none"},d[this.props.direction]),this.props.replaceStyles||{}),onMouseDown:this.onMouseDown,onTouchStart:this.onTouchStart},this.props.children)},t}(n.PureComponent),m={width:"auto",height:"auto"},g=function(e,t,a){return Math.max(Math.min(e,a),t)},y=function(e,t){return Math.round(e/t)*t},f=function(e,t){return new RegExp(e,"i").test(t)},b=function(e){return Boolean(e.touches&&e.touches.length)},h=function(e,t,a){void 0===a&&(a=0);var n=t.reduce((function(a,n,i){return Math.abs(n-e)<Math.abs(t[a]-e)?i:a}),0),i=Math.abs(t[n]-e);return 0===a||i<a?t[n]:e},E=function(e){return"auto"===(e=e.toString())||e.endsWith("px")||e.endsWith("%")||e.endsWith("vh")||e.endsWith("vw")||e.endsWith("vmax")||e.endsWith("vmin")?e:e+"px"},v=function(e,t,a,n){if(e&&"string"==typeof e){if(e.endsWith("px"))return Number(e.replace("px",""));if(e.endsWith("%"))return t*(Number(e.replace("%",""))/100);if(e.endsWith("vw"))return a*(Number(e.replace("vw",""))/100);if(e.endsWith("vh"))return n*(Number(e.replace("vh",""))/100)}return e},x=["as","style","className","grid","snap","bounds","boundsByDirection","size","defaultSize","minWidth","minHeight","maxWidth","maxHeight","lockAspectRatio","lockAspectRatioExtraWidth","lockAspectRatioExtraHeight","enable","handleStyles","handleClasses","handleWrapperStyle","handleWrapperClass","children","onResizeStart","onResize","onResizeStop","handleComponent","scale","resizeRatio","snapGap"],k="__resizable_base__",S=function(e){function t(t){var a=e.call(this,t)||this;return a.ratio=1,a.resizable=null,a.parentLeft=0,a.parentTop=0,a.resizableLeft=0,a.resizableRight=0,a.resizableTop=0,a.resizableBottom=0,a.targetLeft=0,a.targetTop=0,a.appendBase=function(){if(!a.resizable||!a.window)return null;var e=a.parentNode;if(!e)return null;var t=a.window.document.createElement("div");return t.style.width="100%",t.style.height="100%",t.style.position="absolute",t.style.transform="scale(0, 0)",t.style.left="0",t.style.flex="0 0 100%",t.classList?t.classList.add(k):t.className+=k,e.appendChild(t),t},a.removeBase=function(e){var t=a.parentNode;t&&t.removeChild(e)},a.ref=function(e){e&&(a.resizable=e)},a.state={isResizing:!1,width:void 0===(a.propsSize&&a.propsSize.width)?"auto":a.propsSize&&a.propsSize.width,height:void 0===(a.propsSize&&a.propsSize.height)?"auto":a.propsSize&&a.propsSize.height,direction:"right",original:{x:0,y:0,width:0,height:0},backgroundStyle:{height:"100%",width:"100%",backgroundColor:"rgba(0,0,0,0)",cursor:"auto",opacity:0,position:"fixed",zIndex:9999,top:"0",left:"0",bottom:"0",right:"0"},flexBasis:void 0},a.onResizeStart=a.onResizeStart.bind(a),a.onMouseMove=a.onMouseMove.bind(a),a.onMouseUp=a.onMouseUp.bind(a),a}return o(t,e),Object.defineProperty(t.prototype,"parentNode",{get:function(){return this.resizable?this.resizable.parentNode:null},enumerable:!1,configurable:!0}),Object.defineProperty(t.prototype,"window",{get:function(){return this.resizable&&this.resizable.ownerDocument?this.resizable.ownerDocument.defaultView:null},enumerable:!1,configurable:!0}),Object.defineProperty(t.prototype,"propsSize",{get:function(){return this.props.size||this.props.defaultSize||m},enumerable:!1,configurable:!0}),Object.defineProperty(t.prototype,"size",{get:function(){var e=0,t=0;if(this.resizable&&this.window){var a=this.resizable.offsetWidth,n=this.resizable.offsetHeight,i=this.resizable.style.position;"relative"!==i&&(this.resizable.style.position="relative"),e="auto"!==this.resizable.style.width?this.resizable.offsetWidth:a,t="auto"!==this.resizable.style.height?this.resizable.offsetHeight:n,this.resizable.style.position=i}return{width:e,height:t}},enumerable:!1,configurable:!0}),Object.defineProperty(t.prototype,"sizeStyle",{get:function(){var e=this,t=this.props.size,a=function(t){if(void 0===e.state[t]||"auto"===e.state[t])return"auto";if(e.propsSize&&e.propsSize[t]&&e.propsSize[t].toString().endsWith("%")){if(e.state[t].toString().endsWith("%"))return e.state[t].toString();var a=e.getParentSize();return Number(e.state[t].toString().replace("px",""))/a[t]*100+"%"}return E(e.state[t])};return{width:t&&void 0!==t.width&&!this.state.isResizing?E(t.width):a("width"),height:t&&void 0!==t.height&&!this.state.isResizing?E(t.height):a("height")}},enumerable:!1,configurable:!0}),t.prototype.getParentSize=function(){if(!this.parentNode)return this.window?{width:this.window.innerWidth,height:this.window.innerHeight}:{width:0,height:0};var e=this.appendBase();if(!e)return{width:0,height:0};var t=!1,a=this.parentNode.style.flexWrap;"wrap"!==a&&(t=!0,this.parentNode.style.flexWrap="wrap"),e.style.position="relative",e.style.minWidth="100%",e.style.minHeight="100%";var n={width:e.offsetWidth,height:e.offsetHeight};return t&&(this.parentNode.style.flexWrap=a),this.removeBase(e),n},t.prototype.bindEvents=function(){this.window&&(this.window.addEventListener("mouseup",this.onMouseUp),this.window.addEventListener("mousemove",this.onMouseMove),this.window.addEventListener("mouseleave",this.onMouseUp),this.window.addEventListener("touchmove",this.onMouseMove,{capture:!0,passive:!1}),this.window.addEventListener("touchend",this.onMouseUp))},t.prototype.unbindEvents=function(){this.window&&(this.window.removeEventListener("mouseup",this.onMouseUp),this.window.removeEventListener("mousemove",this.onMouseMove),this.window.removeEventListener("mouseleave",this.onMouseUp),this.window.removeEventListener("touchmove",this.onMouseMove,!0),this.window.removeEventListener("touchend",this.onMouseUp))},t.prototype.componentDidMount=function(){if(this.resizable&&this.window){var e=this.window.getComputedStyle(this.resizable);this.setState({width:this.state.width||this.size.width,height:this.state.height||this.size.height,flexBasis:"auto"!==e.flexBasis?e.flexBasis:void 0})}},t.prototype.componentWillUnmount=function(){this.window&&this.unbindEvents()},t.prototype.createSizeForCssProperty=function(e,t){var a=this.propsSize&&this.propsSize[t];return"auto"!==this.state[t]||this.state.original[t]!==e||void 0!==a&&"auto"!==a?e:"auto"},t.prototype.calculateNewMaxFromBoundary=function(e,t){var a,n,i=this.props.boundsByDirection,r=this.state.direction,o=i&&f("left",r),s=i&&f("top",r);if("parent"===this.props.bounds){var l=this.parentNode;l&&(a=o?this.resizableRight-this.parentLeft:l.offsetWidth+(this.parentLeft-this.resizableLeft),n=s?this.resizableBottom-this.parentTop:l.offsetHeight+(this.parentTop-this.resizableTop))}else"window"===this.props.bounds?this.window&&(a=o?this.resizableRight:this.window.innerWidth-this.resizableLeft,n=s?this.resizableBottom:this.window.innerHeight-this.resizableTop):this.props.bounds&&(a=o?this.resizableRight-this.targetLeft:this.props.bounds.offsetWidth+(this.targetLeft-this.resizableLeft),n=s?this.resizableBottom-this.targetTop:this.props.bounds.offsetHeight+(this.targetTop-this.resizableTop));return a&&Number.isFinite(a)&&(e=e&&e<a?e:a),n&&Number.isFinite(n)&&(t=t&&t<n?t:n),{maxWidth:e,maxHeight:t}},t.prototype.calculateNewSizeFromDirection=function(e,t){var a=this.props.scale||1,n=this.props.resizeRatio||1,i=this.state,r=i.direction,o=i.original,s=this.props,l=s.lockAspectRatio,c=s.lockAspectRatioExtraHeight,u=s.lockAspectRatioExtraWidth,d=o.width,p=o.height,m=c||0,g=u||0;return f("right",r)&&(d=o.width+(e-o.x)*n/a,l&&(p=(d-g)/this.ratio+m)),f("left",r)&&(d=o.width-(e-o.x)*n/a,l&&(p=(d-g)/this.ratio+m)),f("bottom",r)&&(p=o.height+(t-o.y)*n/a,l&&(d=(p-m)*this.ratio+g)),f("top",r)&&(p=o.height-(t-o.y)*n/a,l&&(d=(p-m)*this.ratio+g)),{newWidth:d,newHeight:p}},t.prototype.calculateNewSizeFromAspectRatio=function(e,t,a,n){var i=this.props,r=i.lockAspectRatio,o=i.lockAspectRatioExtraHeight,s=i.lockAspectRatioExtraWidth,l=void 0===n.width?10:n.width,c=void 0===a.width||a.width<0?e:a.width,u=void 0===n.height?10:n.height,d=void 0===a.height||a.height<0?t:a.height,p=o||0,m=s||0;if(r){var y=(u-p)*this.ratio+m,f=(d-p)*this.ratio+m,b=(l-m)/this.ratio+p,h=(c-m)/this.ratio+p,E=Math.max(l,y),v=Math.min(c,f),x=Math.max(u,b),k=Math.min(d,h);e=g(e,E,v),t=g(t,x,k)}else e=g(e,l,c),t=g(t,u,d);return{newWidth:e,newHeight:t}},t.prototype.setBoundingClientRect=function(){if("parent"===this.props.bounds){var e=this.parentNode;if(e){var t=e.getBoundingClientRect();this.parentLeft=t.left,this.parentTop=t.top}}if(this.props.bounds&&"string"!=typeof this.props.bounds){var a=this.props.bounds.getBoundingClientRect();this.targetLeft=a.left,this.targetTop=a.top}if(this.resizable){var n=this.resizable.getBoundingClientRect(),i=n.left,r=n.top,o=n.right,s=n.bottom;this.resizableLeft=i,this.resizableRight=o,this.resizableTop=r,this.resizableBottom=s}},t.prototype.onResizeStart=function(e,t){if(this.resizable&&this.window){var a,n=0,i=0;if(e.nativeEvent&&function(e){return Boolean((e.clientX||0===e.clientX)&&(e.clientY||0===e.clientY))}(e.nativeEvent)?(n=e.nativeEvent.clientX,i=e.nativeEvent.clientY):e.nativeEvent&&b(e.nativeEvent)&&(n=e.nativeEvent.touches[0].clientX,i=e.nativeEvent.touches[0].clientY),this.props.onResizeStart&&this.resizable&&!1===this.props.onResizeStart(e,t,this.resizable))return;this.props.size&&(void 0!==this.props.size.height&&this.props.size.height!==this.state.height&&this.setState({height:this.props.size.height}),void 0!==this.props.size.width&&this.props.size.width!==this.state.width&&this.setState({width:this.props.size.width})),this.ratio="number"==typeof this.props.lockAspectRatio?this.props.lockAspectRatio:this.size.width/this.size.height;var r=this.window.getComputedStyle(this.resizable);if("auto"!==r.flexBasis){var o=this.parentNode;if(o){var l=this.window.getComputedStyle(o).flexDirection;this.flexDir=l.startsWith("row")?"row":"column",a=r.flexBasis}}this.setBoundingClientRect(),this.bindEvents();var c={original:{x:n,y:i,width:this.size.width,height:this.size.height},isResizing:!0,backgroundStyle:s(s({},this.state.backgroundStyle),{cursor:this.window.getComputedStyle(e.target).cursor||"auto"}),direction:t,flexBasis:a};this.setState(c)}},t.prototype.onMouseMove=function(e){var t=this;if(this.state.isResizing&&this.resizable&&this.window){if(this.window.TouchEvent&&b(e))try{e.preventDefault(),e.stopPropagation()}catch(e){}var a=this.props,n=a.maxWidth,r=a.maxHeight,o=a.minWidth,s=a.minHeight,l=b(e)?e.touches[0].clientX:e.clientX,c=b(e)?e.touches[0].clientY:e.clientY,u=this.state,d=u.direction,p=u.original,m=u.width,g=u.height,f=this.getParentSize(),E=function(e,t,a,n,i,r,o){return n=v(n,e.width,t,a),i=v(i,e.height,t,a),r=v(r,e.width,t,a),o=v(o,e.height,t,a),{maxWidth:void 0===n?void 0:Number(n),maxHeight:void 0===i?void 0:Number(i),minWidth:void 0===r?void 0:Number(r),minHeight:void 0===o?void 0:Number(o)}}(f,this.window.innerWidth,this.window.innerHeight,n,r,o,s);n=E.maxWidth,r=E.maxHeight,o=E.minWidth,s=E.minHeight;var x=this.calculateNewSizeFromDirection(l,c),k=x.newHeight,S=x.newWidth,w=this.calculateNewMaxFromBoundary(n,r);this.props.snap&&this.props.snap.x&&(S=h(S,this.props.snap.x,this.props.snapGap)),this.props.snap&&this.props.snap.y&&(k=h(k,this.props.snap.y,this.props.snapGap));var j=this.calculateNewSizeFromAspectRatio(S,k,{width:w.maxWidth,height:w.maxHeight},{width:o,height:s});if(S=j.newWidth,k=j.newHeight,this.props.grid){var O=y(S,this.props.grid[0]),I=y(k,this.props.grid[1]),T=this.props.snapGap||0;S=0===T||Math.abs(O-S)<=T?O:S,k=0===T||Math.abs(I-k)<=T?I:k}var C={width:S-p.width,height:k-p.height};m&&"string"==typeof m&&(m.endsWith("%")?S=S/f.width*100+"%":m.endsWith("vw")?S=S/this.window.innerWidth*100+"vw":m.endsWith("vh")&&(S=S/this.window.innerHeight*100+"vh")),g&&"string"==typeof g&&(g.endsWith("%")?k=k/f.height*100+"%":g.endsWith("vw")?k=k/this.window.innerWidth*100+"vw":g.endsWith("vh")&&(k=k/this.window.innerHeight*100+"vh"));var M={width:this.createSizeForCssProperty(S,"width"),height:this.createSizeForCssProperty(k,"height")};"row"===this.flexDir?M.flexBasis=M.width:"column"===this.flexDir&&(M.flexBasis=M.height),i.flushSync((function(){t.setState(M)})),this.props.onResize&&this.props.onResize(e,d,this.resizable,C)}},t.prototype.onMouseUp=function(e){var t=this.state,a=t.isResizing,n=t.direction,i=t.original;if(a&&this.resizable){var r={width:this.size.width-i.width,height:this.size.height-i.height};this.props.onResizeStop&&this.props.onResizeStop(e,n,this.resizable,r),this.props.size&&this.setState(this.props.size),this.unbindEvents(),this.setState({isResizing:!1,backgroundStyle:s(s({},this.state.backgroundStyle),{cursor:"auto"})})}},t.prototype.updateSize=function(e){this.setState({width:e.width,height:e.height})},t.prototype.renderResizer=function(){var e=this,t=this.props,a=t.enable,i=t.handleStyles,r=t.handleClasses,o=t.handleWrapperStyle,s=t.handleWrapperClass,l=t.handleComponent;if(!a)return null;var c=Object.keys(a).map((function(t){return!1!==a[t]?n.createElement(p,{key:t,direction:t,onResizeStart:e.onResizeStart,replaceStyles:i&&i[t],className:r&&r[t]},l&&l[t]?l[t]:null):null}));return n.createElement("div",{className:s,style:o},c)},t.prototype.render=function(){var e=this,t=Object.keys(this.props).reduce((function(t,a){return-1!==x.indexOf(a)||(t[a]=e.props[a]),t}),{}),a=s(s(s({position:"relative",userSelect:this.state.isResizing?"none":"auto"},this.props.style),this.sizeStyle),{maxWidth:this.props.maxWidth,maxHeight:this.props.maxHeight,minWidth:this.props.minWidth,minHeight:this.props.minHeight,boxSizing:"border-box",flexShrink:0});this.state.flexBasis&&(a.flexBasis=this.state.flexBasis);var i=this.props.as||"div";return n.createElement(i,s({ref:this.ref,style:a,className:this.props.className},t),this.state.isResizing&&n.createElement("div",{style:this.state.backgroundStyle}),this.props.children,this.renderResizer())},t.defaultProps={as:"div",onResizeStart:function(){},onResize:function(){},onResizeStop:function(){},enable:{top:!0,right:!0,bottom:!0,left:!0,topRight:!0,bottomRight:!0,bottomLeft:!0,topLeft:!0},style:{},grid:[1,1],lockAspectRatio:!1,lockAspectRatioExtraWidth:0,lockAspectRatioExtraHeight:0,scale:1,resizeRatio:1,snapGap:0},t}(n.PureComponent);t.Resizable=S},function(e,t,a){switch(window.__kbnThemeTag__){case"v8dark":return a(1270);case"v8light":return a(1272)}},function(e,t,a){var n=a(256),i=a(1271);"string"==typeof(i=i.__esModule?i.default:i)&&(i=[[e.i,i,""]]);n(i,{insert:"head",singleton:!1}),e.exports=i.locals||{}},function(e,t,a){(t=a(257)(!1)).push([e.i,".kbnFieldButton{align-items:flex-start;border-radius:6px;display:flex;font-size:14px;font-size:1rem;line-height:1.71429rem;margin-bottom:4px;padding:0 8px;transition:box-shadow .15s cubic-bezier(.694,.0482,.335,1),background-color .15s cubic-bezier(.694,.0482,.335,1)}.kbnFieldButton-isActive,.kbnFieldButton:focus-within{outline:2px solid currentColor}.kbnFieldButton-isActive:focus-visible,.kbnFieldButton:focus-within:focus-visible{outline-style:auto}.kbnFieldButton-isActive:not(:focus-visible),.kbnFieldButton:focus-within:not(:focus-visible){outline:none}.kbnFieldButton__button{align-items:flex-start;display:flex;flex-grow:1;line-height:normal;padding:8px 0;text-align:left}.kbnFieldButton__fieldIcon{flex-shrink:0;line-height:0}.kbnFieldButton__name{flex-grow:1;padding:0 8px;word-break:break-word}.kbnFieldButton__infoIcon{align-items:center;display:flex;flex-shrink:0;justify-content:center;line-height:0;min-height:16px}.kbnFieldButton__fieldAction{margin-left:8px}.kbnFieldButton__dragHandle{margin-right:8px}.kbnFieldButton__dragHandle,.kbnFieldButton__fieldAction{line-height:32px}.kbnFieldButton--xs{font-size:12px}.kbnFieldButton--xs .kbnFieldButton__button{padding:4px 0}.kbnFieldButton--xs .kbnFieldButton__fieldAction{margin-left:4px}.kbnFieldButton--xs .kbnFieldButton__dragHandle,.kbnFieldButton--xs .kbnFieldButton__fieldAction{line-height:24px}.kbnFieldButton--flushBoth{padding-left:0;padding-right:0}",""]),e.exports=t},function(e,t,a){var n=a(256),i=a(1273);"string"==typeof(i=i.__esModule?i.default:i)&&(i=[[e.i,i,""]]);n(i,{insert:"head",singleton:!1}),e.exports=i.locals||{}},function(e,t,a){(t=a(257)(!1)).push([e.i,".kbnFieldButton{align-items:flex-start;border-radius:6px;display:flex;font-size:14px;font-size:1rem;line-height:1.71429rem;margin-bottom:4px;padding:0 8px;transition:box-shadow .15s cubic-bezier(.694,.0482,.335,1),background-color .15s cubic-bezier(.694,.0482,.335,1)}.kbnFieldButton-isActive,.kbnFieldButton:focus-within{outline:2px solid currentColor}.kbnFieldButton-isActive:focus-visible,.kbnFieldButton:focus-within:focus-visible{outline-style:auto}.kbnFieldButton-isActive:not(:focus-visible),.kbnFieldButton:focus-within:not(:focus-visible){outline:none}.kbnFieldButton__button{align-items:flex-start;display:flex;flex-grow:1;line-height:normal;padding:8px 0;text-align:left}.kbnFieldButton__fieldIcon{flex-shrink:0;line-height:0}.kbnFieldButton__name{flex-grow:1;padding:0 8px;word-break:break-word}.kbnFieldButton__infoIcon{align-items:center;display:flex;flex-shrink:0;justify-content:center;line-height:0;min-height:16px}.kbnFieldButton__fieldAction{margin-left:8px}.kbnFieldButton__dragHandle{margin-right:8px}.kbnFieldButton__dragHandle,.kbnFieldButton__fieldAction{line-height:32px}.kbnFieldButton--xs{font-size:12px}.kbnFieldButton--xs .kbnFieldButton__button{padding:4px 0}.kbnFieldButton--xs .kbnFieldButton__fieldAction{margin-left:4px}.kbnFieldButton--xs .kbnFieldButton__dragHandle,.kbnFieldButton--xs .kbnFieldButton__fieldAction{line-height:24px}.kbnFieldButton--flushBoth{padding-left:0;padding-right:0}",""]),e.exports=t},function(e,t){e.exports="data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iOCIgaGVpZ2h0PSI4IiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxwYXRoIGZpbGwtcnVsZT0iZXZlbm9kZCIgY2xpcC1ydWxlPSJldmVub2RkIiBkPSJNMSAwSDB2OGg4VjdIMVYweiIgZmlsbD0iI0QzREFFNiIvPjwvc3ZnPg=="},function(e,t,a){!function(e,t,a,n,i,r){"use strict";function o(e,t){switch(arguments.length){case 0:break;case 1:this.range(e);break;default:this.range(t).domain(e)}return this}function s(e,t){switch(arguments.length){case 0:break;case 1:"function"==typeof e?this.interpolator(e):this.range(e);break;default:this.domain(e),"function"==typeof t?this.interpolator(t):this.range(t)}return this}const l=Symbol("implicit");function c(){var e=new Map,t=[],a=[],n=l;function i(i){var r=i+"",o=e.get(r);if(!o){if(n!==l)return n;e.set(r,o=t.push(i))}return a[(o-1)%a.length]}return i.domain=function(a){if(!arguments.length)return t.slice();t=[],e=new Map;for(const n of a){const a=n+"";e.has(a)||e.set(a,t.push(n))}return i},i.range=function(e){return arguments.length?(a=Array.from(e),i):a.slice()},i.unknown=function(e){return arguments.length?(n=e,i):n},i.copy=function(){return c(t,a).unknown(n)},o.apply(i,arguments),i}function u(){var e,a,n=c().unknown(void 0),i=n.domain,r=n.range,s=0,l=1,d=!1,p=0,m=0,g=.5;function y(){var n=i().length,o=l<s,c=o?l:s,u=o?s:l;e=(u-c)/Math.max(1,n-p+2*m),d&&(e=Math.floor(e)),c+=(u-c-e*(n-p))*g,a=e*(1-p),d&&(c=Math.round(c),a=Math.round(a));var y=t.range(n).map((function(t){return c+e*t}));return r(o?y.reverse():y)}return delete n.unknown,n.domain=function(e){return arguments.length?(i(e),y()):i()},n.range=function(e){return arguments.length?([s,l]=e,s=+s,l=+l,y()):[s,l]},n.rangeRound=function(e){return[s,l]=e,s=+s,l=+l,d=!0,y()},n.bandwidth=function(){return a},n.step=function(){return e},n.round=function(e){return arguments.length?(d=!!e,y()):d},n.padding=function(e){return arguments.length?(p=Math.min(1,m=+e),y()):p},n.paddingInner=function(e){return arguments.length?(p=Math.min(1,e),y()):p},n.paddingOuter=function(e){return arguments.length?(m=+e,y()):m},n.align=function(e){return arguments.length?(g=Math.max(0,Math.min(1,e)),y()):g},n.copy=function(){return u(i(),[s,l]).round(d).paddingInner(p).paddingOuter(m).align(g)},o.apply(y(),arguments)}function d(e){var t=e.copy;return e.padding=e.paddingOuter,delete e.paddingInner,delete e.paddingOuter,e.copy=function(){return d(t())},e}function p(e){return+e}var m=[0,1];function g(e){return e}function y(e,t){return(t-=e=+e)?function(a){return(a-e)/t}:(a=isNaN(t)?NaN:.5,function(){return a});var a}function f(e,t,a){var n=e[0],i=e[1],r=t[0],o=t[1];return i<n?(n=y(i,n),r=a(o,r)):(n=y(n,i),r=a(r,o)),function(e){return r(n(e))}}function b(e,a,n){var i=Math.min(e.length,a.length)-1,r=new Array(i),o=new Array(i),s=-1;for(e[i]<e[0]&&(e=e.slice().reverse(),a=a.slice().reverse());++s<i;)r[s]=y(e[s],e[s+1]),o[s]=n(a[s],a[s+1]);return function(a){var n=t.bisect(e,a,1,i)-1;return o[n](r[n](a))}}function h(e,t){return t.domain(e.domain()).range(e.range()).interpolate(e.interpolate()).clamp(e.clamp()).unknown(e.unknown())}function E(){var e,t,n,i,r,o,s=m,l=m,c=a.interpolate,u=g;function d(){var e,t,a,n=Math.min(s.length,l.length);return u!==g&&(e=s[0],t=s[n-1],e>t&&(a=e,e=t,t=a),u=function(a){return Math.max(e,Math.min(t,a))}),i=n>2?b:f,r=o=null,y}function y(t){return null==t||isNaN(t=+t)?n:(r||(r=i(s.map(e),l,c)))(e(u(t)))}return y.invert=function(n){return u(t((o||(o=i(l,s.map(e),a.interpolateNumber)))(n)))},y.domain=function(e){return arguments.length?(s=Array.from(e,p),d()):s.slice()},y.range=function(e){return arguments.length?(l=Array.from(e),d()):l.slice()},y.rangeRound=function(e){return l=Array.from(e),c=a.interpolateRound,d()},y.clamp=function(e){return arguments.length?(u=!!e||g,d()):u!==g},y.interpolate=function(e){return arguments.length?(c=e,d()):c},y.unknown=function(e){return arguments.length?(n=e,y):n},function(a,n){return e=a,t=n,d()}}function v(){return E()(g,g)}function x(e,a,i,r){var o,s=t.tickStep(e,a,i);switch((r=n.formatSpecifier(null==r?",f":r)).type){case"s":var l=Math.max(Math.abs(e),Math.abs(a));return null!=r.precision||isNaN(o=n.precisionPrefix(s,l))||(r.precision=o),n.formatPrefix(r,l);case"":case"e":case"g":case"p":case"r":null!=r.precision||isNaN(o=n.precisionRound(s,Math.max(Math.abs(e),Math.abs(a))))||(r.precision=o-("e"===r.type));break;case"f":case"%":null!=r.precision||isNaN(o=n.precisionFixed(s))||(r.precision=o-2*("%"===r.type))}return n.format(r)}function k(e){var a=e.domain;return e.ticks=function(e){var n=a();return t.ticks(n[0],n[n.length-1],null==e?10:e)},e.tickFormat=function(e,t){var n=a();return x(n[0],n[n.length-1],null==e?10:e,t)},e.nice=function(n){null==n&&(n=10);var i,r,o=a(),s=0,l=o.length-1,c=o[s],u=o[l],d=10;for(u<c&&(r=c,c=u,u=r,r=s,s=l,l=r);d-- >0;){if((r=t.tickIncrement(c,u,n))===i)return o[s]=c,o[l]=u,a(o);if(r>0)c=Math.floor(c/r)*r,u=Math.ceil(u/r)*r;else{if(!(r<0))break;c=Math.ceil(c*r)/r,u=Math.floor(u*r)/r}i=r}return e},e}function S(e,t){var a,n=0,i=(e=e.slice()).length-1,r=e[n],o=e[i];return o<r&&(a=n,n=i,i=a,a=r,r=o,o=a),e[n]=t.floor(r),e[i]=t.ceil(o),e}function w(e){return Math.log(e)}function j(e){return Math.exp(e)}function O(e){return-Math.log(-e)}function I(e){return-Math.exp(-e)}function T(e){return isFinite(e)?+("1e"+e):e<0?0:e}function C(e){return function(t){return-e(-t)}}function M(e){var a,i,r=e(w,j),o=r.domain,s=10;function l(){return a=function(e){return e===Math.E?Math.log:10===e&&Math.log10||2===e&&Math.log2||(e=Math.log(e),function(t){return Math.log(t)/e})}(s),i=function(e){return 10===e?T:e===Math.E?Math.exp:function(t){return Math.pow(e,t)}}(s),o()[0]<0?(a=C(a),i=C(i),e(O,I)):e(w,j),r}return r.base=function(e){return arguments.length?(s=+e,l()):s},r.domain=function(e){return arguments.length?(o(e),l()):o()},r.ticks=function(e){var n,r=o(),l=r[0],c=r[r.length-1];(n=c<l)&&(m=l,l=c,c=m);var u,d,p,m=a(l),g=a(c),y=null==e?10:+e,f=[];if(!(s%1)&&g-m<y){if(m=Math.floor(m),g=Math.ceil(g),l>0){for(;m<=g;++m)for(d=1,u=i(m);d<s;++d)if(!((p=u*d)<l)){if(p>c)break;f.push(p)}}else for(;m<=g;++m)for(d=s-1,u=i(m);d>=1;--d)if(!((p=u*d)<l)){if(p>c)break;f.push(p)}2*f.length<y&&(f=t.ticks(l,c,y))}else f=t.ticks(m,g,Math.min(g-m,y)).map(i);return n?f.reverse():f},r.tickFormat=function(e,t){if(null==t&&(t=10===s?".0e":","),"function"!=typeof t&&(t=n.format(t)),e===1/0)return t;null==e&&(e=10);var o=Math.max(1,s*e/r.ticks().length);return function(e){var n=e/i(Math.round(a(e)));return n*s<s-.5&&(n*=s),n<=o?t(e):""}},r.nice=function(){return o(S(o(),{floor:function(e){return i(Math.floor(a(e)))},ceil:function(e){return i(Math.ceil(a(e)))}}))},r}function F(e){return function(t){return Math.sign(t)*Math.log1p(Math.abs(t/e))}}function D(e){return function(t){return Math.sign(t)*Math.expm1(Math.abs(t))*e}}function A(e){var t=1,a=e(F(t),D(t));return a.constant=function(a){return arguments.length?e(F(t=+a),D(t)):t},k(a)}function _(e){return function(t){return t<0?-Math.pow(-t,e):Math.pow(t,e)}}function N(e){return e<0?-Math.sqrt(-e):Math.sqrt(e)}function R(e){return e<0?-e*e:e*e}function q(e){var t=e(g,g),a=1;return t.exponent=function(t){return arguments.length?1===(a=+t)?e(g,g):.5===a?e(N,R):e(_(a),_(1/a)):a},k(t)}function P(){var e=q(E());return e.copy=function(){return h(e,P()).exponent(e.exponent())},o.apply(e,arguments),e}function L(e){return Math.sign(e)*e*e}function B(e){return new Date(e)}function z(e){return e instanceof Date?+e:+new Date(+e)}function $(e,t,a,n,i,r,o,s,l,c){var u=v(),d=u.invert,p=u.domain,m=c(".%L"),g=c(":%S"),y=c("%I:%M"),f=c("%I %p"),b=c("%a %d"),E=c("%b %d"),x=c("%B"),k=c("%Y");function w(e){return(l(e)<e?m:s(e)<e?g:o(e)<e?y:r(e)<e?f:n(e)<e?i(e)<e?b:E:a(e)<e?x:k)(e)}return u.invert=function(e){return new Date(d(e))},u.domain=function(e){return arguments.length?p(Array.from(e,z)):p().map(B)},u.ticks=function(t){var a=p();return e(a[0],a[a.length-1],null==t?10:t)},u.tickFormat=function(e,t){return null==t?w:c(t)},u.nice=function(e){var a=p();return e&&"function"==typeof e.range||(e=t(a[0],a[a.length-1],null==e?10:e)),e?p(S(a,e)):u},u.copy=function(){return h(u,$(e,t,a,n,i,r,o,s,l,c))},u}function V(){var e,t,n,i,r,o=0,s=1,l=g,c=!1;function u(t){return null==t||isNaN(t=+t)?r:l(0===n?.5:(t=(i(t)-e)*n,c?Math.max(0,Math.min(1,t)):t))}function d(e){return function(t){var a,n;return arguments.length?([a,n]=t,l=e(a,n),u):[l(0),l(1)]}}return u.domain=function(a){return arguments.length?([o,s]=a,e=i(o=+o),t=i(s=+s),n=e===t?0:1/(t-e),u):[o,s]},u.clamp=function(e){return arguments.length?(c=!!e,u):c},u.interpolator=function(e){return arguments.length?(l=e,u):l},u.range=d(a.interpolate),u.rangeRound=d(a.interpolateRound),u.unknown=function(e){return arguments.length?(r=e,u):r},function(a){return i=a,e=a(o),t=a(s),n=e===t?0:1/(t-e),u}}function G(e,t){return t.domain(e.domain()).interpolator(e.interpolator()).clamp(e.clamp()).unknown(e.unknown())}function U(){var e=q(V());return e.copy=function(){return G(e,U()).exponent(e.exponent())},s.apply(e,arguments)}function H(){var e,t,n,i,r,o,s,l=0,c=.5,u=1,d=1,p=g,m=!1;function y(e){return isNaN(e=+e)?s:(e=.5+((e=+o(e))-t)*(d*e<d*t?i:r),p(m?Math.max(0,Math.min(1,e)):e))}function f(e){return function(t){var n,i,r;return arguments.length?([n,i,r]=t,p=a.piecewise(e,[n,i,r]),y):[p(0),p(.5),p(1)]}}return y.domain=function(a){return arguments.length?([l,c,u]=a,e=o(l=+l),t=o(c=+c),n=o(u=+u),i=e===t?0:.5/(t-e),r=t===n?0:.5/(n-t),d=t<e?-1:1,y):[l,c,u]},y.clamp=function(e){return arguments.length?(m=!!e,y):m},y.interpolator=function(e){return arguments.length?(p=e,y):p},y.range=f(a.interpolate),y.rangeRound=f(a.interpolateRound),y.unknown=function(e){return arguments.length?(s=e,y):s},function(a){return o=a,e=a(l),t=a(c),n=a(u),i=e===t?0:.5/(t-e),r=t===n?0:.5/(n-t),d=t<e?-1:1,y}}function W(){var e=q(H());return e.copy=function(){return G(e,W()).exponent(e.exponent())},s.apply(e,arguments)}e.scaleBand=u,e.scaleDiverging=function e(){var t=k(H()(g));return t.copy=function(){return G(t,e())},s.apply(t,arguments)},e.scaleDivergingLog=function e(){var t=M(H()).domain([.1,1,10]);return t.copy=function(){return G(t,e()).base(t.base())},s.apply(t,arguments)},e.scaleDivergingPow=W,e.scaleDivergingSqrt=function(){return W.apply(null,arguments).exponent(.5)},e.scaleDivergingSymlog=function e(){var t=A(H());return t.copy=function(){return G(t,e()).constant(t.constant())},s.apply(t,arguments)},e.scaleIdentity=function e(t){var a;function n(e){return null==e||isNaN(e=+e)?a:e}return n.invert=n,n.domain=n.range=function(e){return arguments.length?(t=Array.from(e,p),n):t.slice()},n.unknown=function(e){return arguments.length?(a=e,n):a},n.copy=function(){return e(t).unknown(a)},t=arguments.length?Array.from(t,p):[0,1],k(n)},e.scaleImplicit=l,e.scaleLinear=function e(){var t=v();return t.copy=function(){return h(t,e())},o.apply(t,arguments),k(t)},e.scaleLog=function e(){var t=M(E()).domain([1,10]);return t.copy=function(){return h(t,e()).base(t.base())},o.apply(t,arguments),t},e.scaleOrdinal=c,e.scalePoint=function(){return d(u.apply(null,arguments).paddingInner(1))},e.scalePow=P,e.scaleQuantile=function e(){var a,n=[],i=[],r=[];function s(){var e=0,a=Math.max(1,i.length);for(r=new Array(a-1);++e<a;)r[e-1]=t.quantileSorted(n,e/a);return l}function l(e){return null==e||isNaN(e=+e)?a:i[t.bisect(r,e)]}return l.invertExtent=function(e){var t=i.indexOf(e);return t<0?[NaN,NaN]:[t>0?r[t-1]:n[0],t<r.length?r[t]:n[n.length-1]]},l.domain=function(e){if(!arguments.length)return n.slice();n=[];for(let t of e)null==t||isNaN(t=+t)||n.push(t);return n.sort(t.ascending),s()},l.range=function(e){return arguments.length?(i=Array.from(e),s()):i.slice()},l.unknown=function(e){return arguments.length?(a=e,l):a},l.quantiles=function(){return r.slice()},l.copy=function(){return e().domain(n).range(i).unknown(a)},o.apply(l,arguments)},e.scaleQuantize=function e(){var a,n=0,i=1,r=1,s=[.5],l=[0,1];function c(e){return null!=e&&e<=e?l[t.bisect(s,e,0,r)]:a}function u(){var e=-1;for(s=new Array(r);++e<r;)s[e]=((e+1)*i-(e-r)*n)/(r+1);return c}return c.domain=function(e){return arguments.length?([n,i]=e,n=+n,i=+i,u()):[n,i]},c.range=function(e){return arguments.length?(r=(l=Array.from(e)).length-1,u()):l.slice()},c.invertExtent=function(e){var t=l.indexOf(e);return t<0?[NaN,NaN]:t<1?[n,s[0]]:t>=r?[s[r-1],i]:[s[t-1],s[t]]},c.unknown=function(e){return arguments.length?(a=e,c):c},c.thresholds=function(){return s.slice()},c.copy=function(){return e().domain([n,i]).range(l).unknown(a)},o.apply(k(c),arguments)},e.scaleRadial=function e(){var t,a=v(),n=[0,1],i=!1;function r(e){var n=function(e){return Math.sign(e)*Math.sqrt(Math.abs(e))}(a(e));return isNaN(n)?t:i?Math.round(n):n}return r.invert=function(e){return a.invert(L(e))},r.domain=function(e){return arguments.length?(a.domain(e),r):a.domain()},r.range=function(e){return arguments.length?(a.range((n=Array.from(e,p)).map(L)),r):n.slice()},r.rangeRound=function(e){return r.range(e).round(!0)},r.round=function(e){return arguments.length?(i=!!e,r):i},r.clamp=function(e){return arguments.length?(a.clamp(e),r):a.clamp()},r.unknown=function(e){return arguments.length?(t=e,r):t},r.copy=function(){return e(a.domain(),n).round(i).clamp(a.clamp()).unknown(t)},o.apply(r,arguments),k(r)},e.scaleSequential=function e(){var t=k(V()(g));return t.copy=function(){return G(t,e())},s.apply(t,arguments)},e.scaleSequentialLog=function e(){var t=M(V()).domain([1,10]);return t.copy=function(){return G(t,e()).base(t.base())},s.apply(t,arguments)},e.scaleSequentialPow=U,e.scaleSequentialQuantile=function e(){var a=[],n=g;function i(e){if(null!=e&&!isNaN(e=+e))return n((t.bisect(a,e,1)-1)/(a.length-1))}return i.domain=function(e){if(!arguments.length)return a.slice();a=[];for(let t of e)null==t||isNaN(t=+t)||a.push(t);return a.sort(t.ascending),i},i.interpolator=function(e){return arguments.length?(n=e,i):n},i.range=function(){return a.map(((e,t)=>n(t/(a.length-1))))},i.quantiles=function(e){return Array.from({length:e+1},((n,i)=>t.quantile(a,i/e)))},i.copy=function(){return e(n).domain(a)},s.apply(i,arguments)},e.scaleSequentialSqrt=function(){return U.apply(null,arguments).exponent(.5)},e.scaleSequentialSymlog=function e(){var t=A(V());return t.copy=function(){return G(t,e()).constant(t.constant())},s.apply(t,arguments)},e.scaleSqrt=function(){return P.apply(null,arguments).exponent(.5)},e.scaleSymlog=function e(){var t=A(E());return t.copy=function(){return h(t,e()).constant(t.constant())},o.apply(t,arguments)},e.scaleThreshold=function e(){var a,n=[.5],i=[0,1],r=1;function s(e){return null!=e&&e<=e?i[t.bisect(n,e,0,r)]:a}return s.domain=function(e){return arguments.length?(n=Array.from(e),r=Math.min(n.length,i.length-1),s):n.slice()},s.range=function(e){return arguments.length?(i=Array.from(e),r=Math.min(n.length,i.length-1),s):i.slice()},s.invertExtent=function(e){var t=i.indexOf(e);return[n[t-1],n[t]]},s.unknown=function(e){return arguments.length?(a=e,s):a},s.copy=function(){return e().domain(n).range(i).unknown(a)},o.apply(s,arguments)},e.scaleTime=function(){return o.apply($(i.timeTicks,i.timeTickInterval,i.timeYear,i.timeMonth,i.timeWeek,i.timeDay,i.timeHour,i.timeMinute,i.timeSecond,r.timeFormat).domain([new Date(2e3,0,1),new Date(2e3,0,2)]),arguments)},e.scaleUtc=function(){return o.apply($(i.utcTicks,i.utcTickInterval,i.utcYear,i.utcMonth,i.utcWeek,i.utcDay,i.utcHour,i.utcMinute,i.utcSecond,r.utcFormat).domain([Date.UTC(2e3,0,1),Date.UTC(2e3,0,2)]),arguments)},e.tickFormat=x,Object.defineProperty(e,"__esModule",{value:!0})}(t,a(816),a(1276),a(1278),a(817),a(1279))},function(e,t,a){!function(e,t){"use strict";function a(e,t,a,n,i){var r=e*e,o=r*e;return((1-3*e+3*r-o)*t+(4-6*r+3*o)*a+(1+3*e+3*r-3*o)*n+o*i)/6}function n(e){var t=e.length-1;return function(n){var i=n<=0?n=0:n>=1?(n=1,t-1):Math.floor(n*t),r=e[i],o=e[i+1],s=i>0?e[i-1]:2*r-o,l=i<t-1?e[i+2]:2*o-r;return a((n-i/t)*t,s,r,o,l)}}function i(e){var t=e.length;return function(n){var i=Math.floor(((n%=1)<0?++n:n)*t),r=e[(i+t-1)%t],o=e[i%t],s=e[(i+1)%t],l=e[(i+2)%t];return a((n-i/t)*t,r,o,s,l)}}var r=e=>()=>e;function o(e,t){return function(a){return e+a*t}}function s(e,t){var a=t-e;return a?o(e,a>180||a<-180?a-360*Math.round(a/360):a):r(isNaN(e)?t:e)}function l(e){return 1==(e=+e)?c:function(t,a){return a-t?function(e,t,a){return e=Math.pow(e,a),t=Math.pow(t,a)-e,a=1/a,function(n){return Math.pow(e+n*t,a)}}(t,a,e):r(isNaN(t)?a:t)}}function c(e,t){var a=t-e;return a?o(e,a):r(isNaN(e)?t:e)}var u=function e(a){var n=l(a);function i(e,a){var i=n((e=t.rgb(e)).r,(a=t.rgb(a)).r),r=n(e.g,a.g),o=n(e.b,a.b),s=c(e.opacity,a.opacity);return function(t){return e.r=i(t),e.g=r(t),e.b=o(t),e.opacity=s(t),e+""}}return i.gamma=e,i}(1);function d(e){return function(a){var n,i,r=a.length,o=new Array(r),s=new Array(r),l=new Array(r);for(n=0;n<r;++n)i=t.rgb(a[n]),o[n]=i.r||0,s[n]=i.g||0,l[n]=i.b||0;return o=e(o),s=e(s),l=e(l),i.opacity=1,function(e){return i.r=o(e),i.g=s(e),i.b=l(e),i+""}}}var p=d(n),m=d(i);function g(e,t){t||(t=[]);var a,n=e?Math.min(t.length,e.length):0,i=t.slice();return function(r){for(a=0;a<n;++a)i[a]=e[a]*(1-r)+t[a]*r;return i}}function y(e){return ArrayBuffer.isView(e)&&!(e instanceof DataView)}function f(e,t){var a,n=t?t.length:0,i=e?Math.min(n,e.length):0,r=new Array(i),o=new Array(n);for(a=0;a<i;++a)r[a]=S(e[a],t[a]);for(;a<n;++a)o[a]=t[a];return function(e){for(a=0;a<i;++a)o[a]=r[a](e);return o}}function b(e,t){var a=new Date;return e=+e,t=+t,function(n){return a.setTime(e*(1-n)+t*n),a}}function h(e,t){return e=+e,t=+t,function(a){return e*(1-a)+t*a}}function E(e,t){var a,n={},i={};for(a in null!==e&&"object"==typeof e||(e={}),null!==t&&"object"==typeof t||(t={}),t)a in e?n[a]=S(e[a],t[a]):i[a]=t[a];return function(e){for(a in n)i[a]=n[a](e);return i}}var v=/[-+]?(?:\d+\.?\d*|\.?\d+)(?:[eE][-+]?\d+)?/g,x=new RegExp(v.source,"g");function k(e,t){var a,n,i,r=v.lastIndex=x.lastIndex=0,o=-1,s=[],l=[];for(e+="",t+="";(a=v.exec(e))&&(n=x.exec(t));)(i=n.index)>r&&(i=t.slice(r,i),s[o]?s[o]+=i:s[++o]=i),(a=a[0])===(n=n[0])?s[o]?s[o]+=n:s[++o]=n:(s[++o]=null,l.push({i:o,x:h(a,n)})),r=x.lastIndex;return r<t.length&&(i=t.slice(r),s[o]?s[o]+=i:s[++o]=i),s.length<2?l[0]?function(e){return function(t){return e(t)+""}}(l[0].x):function(e){return function(){return e}}(t):(t=l.length,function(e){for(var a,n=0;n<t;++n)s[(a=l[n]).i]=a.x(e);return s.join("")})}function S(e,a){var n,i=typeof a;return null==a||"boolean"===i?r(a):("number"===i?h:"string"===i?(n=t.color(a))?(a=n,u):k:a instanceof t.color?u:a instanceof Date?b:y(a)?g:Array.isArray(a)?f:"function"!=typeof a.valueOf&&"function"!=typeof a.toString||isNaN(a)?E:h)(e,a)}var w,j=180/Math.PI,O={translateX:0,translateY:0,rotate:0,skewX:0,scaleX:1,scaleY:1};function I(e,t,a,n,i,r){var o,s,l;return(o=Math.sqrt(e*e+t*t))&&(e/=o,t/=o),(l=e*a+t*n)&&(a-=e*l,n-=t*l),(s=Math.sqrt(a*a+n*n))&&(a/=s,n/=s,l/=s),e*n<t*a&&(e=-e,t=-t,l=-l,o=-o),{translateX:i,translateY:r,rotate:Math.atan2(t,e)*j,skewX:Math.atan(l)*j,scaleX:o,scaleY:s}}function T(e,t,a,n){function i(e){return e.length?e.pop()+" ":""}return function(r,o){var s=[],l=[];return r=e(r),o=e(o),function(e,n,i,r,o,s){if(e!==i||n!==r){var l=o.push("translate(",null,t,null,a);s.push({i:l-4,x:h(e,i)},{i:l-2,x:h(n,r)})}else(i||r)&&o.push("translate("+i+t+r+a)}(r.translateX,r.translateY,o.translateX,o.translateY,s,l),function(e,t,a,r){e!==t?(e-t>180?t+=360:t-e>180&&(e+=360),r.push({i:a.push(i(a)+"rotate(",null,n)-2,x:h(e,t)})):t&&a.push(i(a)+"rotate("+t+n)}(r.rotate,o.rotate,s,l),function(e,t,a,r){e!==t?r.push({i:a.push(i(a)+"skewX(",null,n)-2,x:h(e,t)}):t&&a.push(i(a)+"skewX("+t+n)}(r.skewX,o.skewX,s,l),function(e,t,a,n,r,o){if(e!==a||t!==n){var s=r.push(i(r)+"scale(",null,",",null,")");o.push({i:s-4,x:h(e,a)},{i:s-2,x:h(t,n)})}else 1===a&&1===n||r.push(i(r)+"scale("+a+","+n+")")}(r.scaleX,r.scaleY,o.scaleX,o.scaleY,s,l),r=o=null,function(e){for(var t,a=-1,n=l.length;++a<n;)s[(t=l[a]).i]=t.x(e);return s.join("")}}}var C=T((function(e){const t=new("function"==typeof DOMMatrix?DOMMatrix:WebKitCSSMatrix)(e+"");return t.isIdentity?O:I(t.a,t.b,t.c,t.d,t.e,t.f)}),"px, ","px)","deg)"),M=T((function(e){return null==e?O:(w||(w=document.createElementNS("http://www.w3.org/2000/svg","g")),w.setAttribute("transform",e),(e=w.transform.baseVal.consolidate())?I((e=e.matrix).a,e.b,e.c,e.d,e.e,e.f):O)}),", ",")",")"),F=1e-12;function D(e){return((e=Math.exp(e))+1/e)/2}var A=function e(t,a,n){function i(e,i){var r,o,s=e[0],l=e[1],c=e[2],u=i[0],d=i[1],p=i[2],m=u-s,g=d-l,y=m*m+g*g;if(y<F)o=Math.log(p/c)/t,r=function(e){return[s+e*m,l+e*g,c*Math.exp(t*e*o)]};else{var f=Math.sqrt(y),b=(p*p-c*c+n*y)/(2*c*a*f),h=(p*p-c*c-n*y)/(2*p*a*f),E=Math.log(Math.sqrt(b*b+1)-b),v=Math.log(Math.sqrt(h*h+1)-h);o=(v-E)/t,r=function(e){var n,i=e*o,r=D(E),u=c/(a*f)*(r*(n=t*i+E,((n=Math.exp(2*n))-1)/(n+1))-function(e){return((e=Math.exp(e))-1/e)/2}(E));return[s+u*m,l+u*g,c*r/D(t*i+E)]}}return r.duration=1e3*o*t/Math.SQRT2,r}return i.rho=function(t){var a=Math.max(.001,+t),n=a*a;return e(a,n,n*n)},i}(Math.SQRT2,2,4);function _(e){return function(a,n){var i=e((a=t.hsl(a)).h,(n=t.hsl(n)).h),r=c(a.s,n.s),o=c(a.l,n.l),s=c(a.opacity,n.opacity);return function(e){return a.h=i(e),a.s=r(e),a.l=o(e),a.opacity=s(e),a+""}}}var N=_(s),R=_(c);function q(e){return function(a,n){var i=e((a=t.hcl(a)).h,(n=t.hcl(n)).h),r=c(a.c,n.c),o=c(a.l,n.l),s=c(a.opacity,n.opacity);return function(e){return a.h=i(e),a.c=r(e),a.l=o(e),a.opacity=s(e),a+""}}}var P=q(s),L=q(c);function B(e){return function a(n){function i(a,i){var r=e((a=t.cubehelix(a)).h,(i=t.cubehelix(i)).h),o=c(a.s,i.s),s=c(a.l,i.l),l=c(a.opacity,i.opacity);return function(e){return a.h=r(e),a.s=o(e),a.l=s(Math.pow(e,n)),a.opacity=l(e),a+""}}return n=+n,i.gamma=a,i}(1)}var z=B(s),$=B(c);e.interpolate=S,e.interpolateArray=function(e,t){return(y(t)?g:f)(e,t)},e.interpolateBasis=n,e.interpolateBasisClosed=i,e.interpolateCubehelix=z,e.interpolateCubehelixLong=$,e.interpolateDate=b,e.interpolateDiscrete=function(e){var t=e.length;return function(a){return e[Math.max(0,Math.min(t-1,Math.floor(a*t)))]}},e.interpolateHcl=P,e.interpolateHclLong=L,e.interpolateHsl=N,e.interpolateHslLong=R,e.interpolateHue=function(e,t){var a=s(+e,+t);return function(e){var t=a(e);return t-360*Math.floor(t/360)}},e.interpolateLab=function(e,a){var n=c((e=t.lab(e)).l,(a=t.lab(a)).l),i=c(e.a,a.a),r=c(e.b,a.b),o=c(e.opacity,a.opacity);return function(t){return e.l=n(t),e.a=i(t),e.b=r(t),e.opacity=o(t),e+""}},e.interpolateNumber=h,e.interpolateNumberArray=g,e.interpolateObject=E,e.interpolateRgb=u,e.interpolateRgbBasis=p,e.interpolateRgbBasisClosed=m,e.interpolateRound=function(e,t){return e=+e,t=+t,function(a){return Math.round(e*(1-a)+t*a)}},e.interpolateString=k,e.interpolateTransformCss=C,e.interpolateTransformSvg=M,e.interpolateZoom=A,e.piecewise=function(e,t){void 0===t&&(t=e,e=S);for(var a=0,n=t.length-1,i=t[0],r=new Array(n<0?0:n);a<n;)r[a]=e(i,i=t[++a]);return function(e){var t=Math.max(0,Math.min(n-1,Math.floor(e*=n)));return r[t](e-t)}},e.quantize=function(e,t){for(var a=new Array(t),n=0;n<t;++n)a[n]=e(n/(t-1));return a},Object.defineProperty(e,"__esModule",{value:!0})}(t,a(1277))},function(e,t,a){!function(e){"use strict";function t(e,t,a){e.prototype=t.prototype=a,a.constructor=e}function a(e,t){var a=Object.create(e.prototype);for(var n in t)a[n]=t[n];return a}function n(){}var i=.7,r=1/i,o="\\s*([+-]?\\d+)\\s*",s="\\s*([+-]?\\d*\\.?\\d+(?:[eE][+-]?\\d+)?)\\s*",l="\\s*([+-]?\\d*\\.?\\d+(?:[eE][+-]?\\d+)?)%\\s*",c=/^#([0-9a-f]{3,8})$/,u=new RegExp("^rgb\\("+[o,o,o]+"\\)$"),d=new RegExp("^rgb\\("+[l,l,l]+"\\)$"),p=new RegExp("^rgba\\("+[o,o,o,s]+"\\)$"),m=new RegExp("^rgba\\("+[l,l,l,s]+"\\)$"),g=new RegExp("^hsl\\("+[s,l,l]+"\\)$"),y=new RegExp("^hsla\\("+[s,l,l,s]+"\\)$"),f={aliceblue:15792383,antiquewhite:16444375,aqua:65535,aquamarine:8388564,azure:15794175,beige:16119260,bisque:16770244,black:0,blanchedalmond:16772045,blue:255,blueviolet:9055202,brown:10824234,burlywood:14596231,cadetblue:6266528,chartreuse:8388352,chocolate:13789470,coral:16744272,cornflowerblue:6591981,cornsilk:16775388,crimson:14423100,cyan:65535,darkblue:139,darkcyan:35723,darkgoldenrod:12092939,darkgray:11119017,darkgreen:25600,darkgrey:11119017,darkkhaki:12433259,darkmagenta:9109643,darkolivegreen:5597999,darkorange:16747520,darkorchid:10040012,darkred:9109504,darksalmon:15308410,darkseagreen:9419919,darkslateblue:4734347,darkslategray:3100495,darkslategrey:3100495,darkturquoise:52945,darkviolet:9699539,deeppink:16716947,deepskyblue:49151,dimgray:6908265,dimgrey:6908265,dodgerblue:2003199,firebrick:11674146,floralwhite:16775920,forestgreen:2263842,fuchsia:16711935,gainsboro:14474460,ghostwhite:16316671,gold:16766720,goldenrod:14329120,gray:8421504,green:32768,greenyellow:11403055,grey:8421504,honeydew:15794160,hotpink:16738740,indianred:13458524,indigo:4915330,ivory:16777200,khaki:15787660,lavender:15132410,lavenderblush:16773365,lawngreen:8190976,lemonchiffon:16775885,lightblue:11393254,lightcoral:15761536,lightcyan:14745599,lightgoldenrodyellow:16448210,lightgray:13882323,lightgreen:9498256,lightgrey:13882323,lightpink:16758465,lightsalmon:16752762,lightseagreen:2142890,lightskyblue:8900346,lightslategray:7833753,lightslategrey:7833753,lightsteelblue:11584734,lightyellow:16777184,lime:65280,limegreen:3329330,linen:16445670,magenta:16711935,maroon:8388608,mediumaquamarine:6737322,mediumblue:205,mediumorchid:12211667,mediumpurple:9662683,mediumseagreen:3978097,mediumslateblue:8087790,mediumspringgreen:64154,mediumturquoise:4772300,mediumvioletred:13047173,midnightblue:1644912,mintcream:16121850,mistyrose:16770273,moccasin:16770229,navajowhite:16768685,navy:128,oldlace:16643558,olive:8421376,olivedrab:7048739,orange:16753920,orangered:16729344,orchid:14315734,palegoldenrod:15657130,palegreen:10025880,paleturquoise:11529966,palevioletred:14381203,papayawhip:16773077,peachpuff:16767673,peru:13468991,pink:16761035,plum:14524637,powderblue:11591910,purple:8388736,rebeccapurple:6697881,red:16711680,rosybrown:12357519,royalblue:4286945,saddlebrown:9127187,salmon:16416882,sandybrown:16032864,seagreen:3050327,seashell:16774638,sienna:10506797,silver:12632256,skyblue:8900331,slateblue:6970061,slategray:7372944,slategrey:7372944,snow:16775930,springgreen:65407,steelblue:4620980,tan:13808780,teal:32896,thistle:14204888,tomato:16737095,turquoise:4251856,violet:15631086,wheat:16113331,white:16777215,whitesmoke:16119285,yellow:16776960,yellowgreen:10145074};function b(){return this.rgb().formatHex()}function h(){return this.rgb().formatRgb()}function E(e){var t,a;return e=(e+"").trim().toLowerCase(),(t=c.exec(e))?(a=t[1].length,t=parseInt(t[1],16),6===a?v(t):3===a?new w(t>>8&15|t>>4&240,t>>4&15|240&t,(15&t)<<4|15&t,1):8===a?x(t>>24&255,t>>16&255,t>>8&255,(255&t)/255):4===a?x(t>>12&15|t>>8&240,t>>8&15|t>>4&240,t>>4&15|240&t,((15&t)<<4|15&t)/255):null):(t=u.exec(e))?new w(t[1],t[2],t[3],1):(t=d.exec(e))?new w(255*t[1]/100,255*t[2]/100,255*t[3]/100,1):(t=p.exec(e))?x(t[1],t[2],t[3],t[4]):(t=m.exec(e))?x(255*t[1]/100,255*t[2]/100,255*t[3]/100,t[4]):(t=g.exec(e))?T(t[1],t[2]/100,t[3]/100,1):(t=y.exec(e))?T(t[1],t[2]/100,t[3]/100,t[4]):f.hasOwnProperty(e)?v(f[e]):"transparent"===e?new w(NaN,NaN,NaN,0):null}function v(e){return new w(e>>16&255,e>>8&255,255&e,1)}function x(e,t,a,n){return n<=0&&(e=t=a=NaN),new w(e,t,a,n)}function k(e){return e instanceof n||(e=E(e)),e?new w((e=e.rgb()).r,e.g,e.b,e.opacity):new w}function S(e,t,a,n){return 1===arguments.length?k(e):new w(e,t,a,null==n?1:n)}function w(e,t,a,n){this.r=+e,this.g=+t,this.b=+a,this.opacity=+n}function j(){return"#"+I(this.r)+I(this.g)+I(this.b)}function O(){var e=this.opacity;return(1===(e=isNaN(e)?1:Math.max(0,Math.min(1,e)))?"rgb(":"rgba(")+Math.max(0,Math.min(255,Math.round(this.r)||0))+", "+Math.max(0,Math.min(255,Math.round(this.g)||0))+", "+Math.max(0,Math.min(255,Math.round(this.b)||0))+(1===e?")":", "+e+")")}function I(e){return((e=Math.max(0,Math.min(255,Math.round(e)||0)))<16?"0":"")+e.toString(16)}function T(e,t,a,n){return n<=0?e=t=a=NaN:a<=0||a>=1?e=t=NaN:t<=0&&(e=NaN),new F(e,t,a,n)}function C(e){if(e instanceof F)return new F(e.h,e.s,e.l,e.opacity);if(e instanceof n||(e=E(e)),!e)return new F;if(e instanceof F)return e;var t=(e=e.rgb()).r/255,a=e.g/255,i=e.b/255,r=Math.min(t,a,i),o=Math.max(t,a,i),s=NaN,l=o-r,c=(o+r)/2;return l?(s=t===o?(a-i)/l+6*(a<i):a===o?(i-t)/l+2:(t-a)/l+4,l/=c<.5?o+r:2-o-r,s*=60):l=c>0&&c<1?0:s,new F(s,l,c,e.opacity)}function M(e,t,a,n){return 1===arguments.length?C(e):new F(e,t,a,null==n?1:n)}function F(e,t,a,n){this.h=+e,this.s=+t,this.l=+a,this.opacity=+n}function D(e,t,a){return 255*(e<60?t+(a-t)*e/60:e<180?a:e<240?t+(a-t)*(240-e)/60:t)}t(n,E,{copy:function(e){return Object.assign(new this.constructor,this,e)},displayable:function(){return this.rgb().displayable()},hex:b,formatHex:b,formatHsl:function(){return C(this).formatHsl()},formatRgb:h,toString:h}),t(w,S,a(n,{brighter:function(e){return e=null==e?r:Math.pow(r,e),new w(this.r*e,this.g*e,this.b*e,this.opacity)},darker:function(e){return e=null==e?i:Math.pow(i,e),new w(this.r*e,this.g*e,this.b*e,this.opacity)},rgb:function(){return this},displayable:function(){return-.5<=this.r&&this.r<255.5&&-.5<=this.g&&this.g<255.5&&-.5<=this.b&&this.b<255.5&&0<=this.opacity&&this.opacity<=1},hex:j,formatHex:j,formatRgb:O,toString:O})),t(F,M,a(n,{brighter:function(e){return e=null==e?r:Math.pow(r,e),new F(this.h,this.s,this.l*e,this.opacity)},darker:function(e){return e=null==e?i:Math.pow(i,e),new F(this.h,this.s,this.l*e,this.opacity)},rgb:function(){var e=this.h%360+360*(this.h<0),t=isNaN(e)||isNaN(this.s)?0:this.s,a=this.l,n=a+(a<.5?a:1-a)*t,i=2*a-n;return new w(D(e>=240?e-240:e+120,i,n),D(e,i,n),D(e<120?e+240:e-120,i,n),this.opacity)},displayable:function(){return(0<=this.s&&this.s<=1||isNaN(this.s))&&0<=this.l&&this.l<=1&&0<=this.opacity&&this.opacity<=1},formatHsl:function(){var e=this.opacity;return(1===(e=isNaN(e)?1:Math.max(0,Math.min(1,e)))?"hsl(":"hsla(")+(this.h||0)+", "+100*(this.s||0)+"%, "+100*(this.l||0)+"%"+(1===e?")":", "+e+")")}}));const A=Math.PI/180,_=180/Math.PI,N=.96422,R=1,q=.82521,P=4/29,L=6/29,B=3*L*L,z=L*L*L;function $(e){if(e instanceof G)return new G(e.l,e.a,e.b,e.opacity);if(e instanceof Z)return J(e);e instanceof w||(e=k(e));var t,a,n=Q(e.r),i=Q(e.g),r=Q(e.b),o=U((.2225045*n+.7168786*i+.0606169*r)/R);return n===i&&i===r?t=a=o:(t=U((.4360747*n+.3850649*i+.1430804*r)/N),a=U((.0139322*n+.0971045*i+.7141733*r)/q)),new G(116*o-16,500*(t-o),200*(o-a),e.opacity)}function V(e,t,a,n){return 1===arguments.length?$(e):new G(e,t,a,null==n?1:n)}function G(e,t,a,n){this.l=+e,this.a=+t,this.b=+a,this.opacity=+n}function U(e){return e>z?Math.pow(e,1/3):e/B+P}function H(e){return e>L?e*e*e:B*(e-P)}function W(e){return 255*(e<=.0031308?12.92*e:1.055*Math.pow(e,1/2.4)-.055)}function Q(e){return(e/=255)<=.04045?e/12.92:Math.pow((e+.055)/1.055,2.4)}function Y(e){if(e instanceof Z)return new Z(e.h,e.c,e.l,e.opacity);if(e instanceof G||(e=$(e)),0===e.a&&0===e.b)return new Z(NaN,0<e.l&&e.l<100?0:NaN,e.l,e.opacity);var t=Math.atan2(e.b,e.a)*_;return new Z(t<0?t+360:t,Math.sqrt(e.a*e.a+e.b*e.b),e.l,e.opacity)}function K(e,t,a,n){return 1===arguments.length?Y(e):new Z(e,t,a,null==n?1:n)}function Z(e,t,a,n){this.h=+e,this.c=+t,this.l=+a,this.opacity=+n}function J(e){if(isNaN(e.h))return new G(e.l,0,0,e.opacity);var t=e.h*A;return new G(e.l,Math.cos(t)*e.c,Math.sin(t)*e.c,e.opacity)}t(G,V,a(n,{brighter:function(e){return new G(this.l+18*(null==e?1:e),this.a,this.b,this.opacity)},darker:function(e){return new G(this.l-18*(null==e?1:e),this.a,this.b,this.opacity)},rgb:function(){var e=(this.l+16)/116,t=isNaN(this.a)?e:e+this.a/500,a=isNaN(this.b)?e:e-this.b/200;return new w(W(3.1338561*(t=N*H(t))-1.6168667*(e=R*H(e))-.4906146*(a=q*H(a))),W(-.9787684*t+1.9161415*e+.033454*a),W(.0719453*t-.2289914*e+1.4052427*a),this.opacity)}})),t(Z,K,a(n,{brighter:function(e){return new Z(this.h,this.c,this.l+18*(null==e?1:e),this.opacity)},darker:function(e){return new Z(this.h,this.c,this.l-18*(null==e?1:e),this.opacity)},rgb:function(){return J(this).rgb()}}));var X=-.14861,ee=1.78277,te=-.29227,ae=-.90649,ne=1.97294,ie=ne*ae,re=ne*ee,oe=ee*te-ae*X;function se(e,t,a,n){return 1===arguments.length?function(e){if(e instanceof le)return new le(e.h,e.s,e.l,e.opacity);e instanceof w||(e=k(e));var t=e.r/255,a=e.g/255,n=e.b/255,i=(oe*n+ie*t-re*a)/(oe+ie-re),r=n-i,o=(ne*(a-i)-te*r)/ae,s=Math.sqrt(o*o+r*r)/(ne*i*(1-i)),l=s?Math.atan2(o,r)*_-120:NaN;return new le(l<0?l+360:l,s,i,e.opacity)}(e):new le(e,t,a,null==n?1:n)}function le(e,t,a,n){this.h=+e,this.s=+t,this.l=+a,this.opacity=+n}t(le,se,a(n,{brighter:function(e){return e=null==e?r:Math.pow(r,e),new le(this.h,this.s,this.l*e,this.opacity)},darker:function(e){return e=null==e?i:Math.pow(i,e),new le(this.h,this.s,this.l*e,this.opacity)},rgb:function(){var e=isNaN(this.h)?0:(this.h+120)*A,t=+this.l,a=isNaN(this.s)?0:this.s*t*(1-t),n=Math.cos(e),i=Math.sin(e);return new w(255*(t+a*(X*n+ee*i)),255*(t+a*(te*n+ae*i)),255*(t+a*(ne*n)),this.opacity)}})),e.color=E,e.cubehelix=se,e.gray=function(e,t){return new G(e,0,0,null==t?1:t)},e.hcl=K,e.hsl=M,e.lab=V,e.lch=function(e,t,a,n){return 1===arguments.length?Y(e):new Z(a,t,e,null==n?1:n)},e.rgb=S,Object.defineProperty(e,"__esModule",{value:!0})}(t)},function(e,t,a){!function(e){"use strict";function t(e,t){if((a=(e=t?e.toExponential(t-1):e.toExponential()).indexOf("e"))<0)return null;var a,n=e.slice(0,a);return[n.length>1?n[0]+n.slice(2):n,+e.slice(a+1)]}function a(e){return(e=t(Math.abs(e)))?e[1]:NaN}var n,i=/^(?:(.)?([<>=^]))?([+\-( ])?([$#])?(0)?(\d+)?(,)?(\.\d+)?(~)?([a-z%])?$/i;function r(e){if(!(t=i.exec(e)))throw new Error("invalid format: "+e);var t;return new o({fill:t[1],align:t[2],sign:t[3],symbol:t[4],zero:t[5],width:t[6],comma:t[7],precision:t[8]&&t[8].slice(1),trim:t[9],type:t[10]})}function o(e){this.fill=void 0===e.fill?" ":e.fill+"",this.align=void 0===e.align?">":e.align+"",this.sign=void 0===e.sign?"-":e.sign+"",this.symbol=void 0===e.symbol?"":e.symbol+"",this.zero=!!e.zero,this.width=void 0===e.width?void 0:+e.width,this.comma=!!e.comma,this.precision=void 0===e.precision?void 0:+e.precision,this.trim=!!e.trim,this.type=void 0===e.type?"":e.type+""}function s(e,a){var n=t(e,a);if(!n)return e+"";var i=n[0],r=n[1];return r<0?"0."+new Array(-r).join("0")+i:i.length>r+1?i.slice(0,r+1)+"."+i.slice(r+1):i+new Array(r-i.length+2).join("0")}r.prototype=o.prototype,o.prototype.toString=function(){return this.fill+this.align+this.sign+this.symbol+(this.zero?"0":"")+(void 0===this.width?"":Math.max(1,0|this.width))+(this.comma?",":"")+(void 0===this.precision?"":"."+Math.max(0,0|this.precision))+(this.trim?"~":"")+this.type};var l={"%":(e,t)=>(100*e).toFixed(t),b:e=>Math.round(e).toString(2),c:e=>e+"",d:function(e){return Math.abs(e=Math.round(e))>=1e21?e.toLocaleString("en").replace(/,/g,""):e.toString(10)},e:(e,t)=>e.toExponential(t),f:(e,t)=>e.toFixed(t),g:(e,t)=>e.toPrecision(t),o:e=>Math.round(e).toString(8),p:(e,t)=>s(100*e,t),r:s,s:function(e,a){var i=t(e,a);if(!i)return e+"";var r=i[0],o=i[1],s=o-(n=3*Math.max(-8,Math.min(8,Math.floor(o/3))))+1,l=r.length;return s===l?r:s>l?r+new Array(s-l+1).join("0"):s>0?r.slice(0,s)+"."+r.slice(s):"0."+new Array(1-s).join("0")+t(e,Math.max(0,a+s-1))[0]},X:e=>Math.round(e).toString(16).toUpperCase(),x:e=>Math.round(e).toString(16)};function c(e){return e}var u,d=Array.prototype.map,p=["y","z","a","f","p","n","µ","m","","k","M","G","T","P","E","Z","Y"];function m(e){var t,i,o=void 0===e.grouping||void 0===e.thousands?c:(t=d.call(e.grouping,Number),i=e.thousands+"",function(e,a){for(var n=e.length,r=[],o=0,s=t[0],l=0;n>0&&s>0&&(l+s+1>a&&(s=Math.max(1,a-l)),r.push(e.substring(n-=s,n+s)),!((l+=s+1)>a));)s=t[o=(o+1)%t.length];return r.reverse().join(i)}),s=void 0===e.currency?"":e.currency[0]+"",u=void 0===e.currency?"":e.currency[1]+"",m=void 0===e.decimal?".":e.decimal+"",g=void 0===e.numerals?c:function(e){return function(t){return t.replace(/[0-9]/g,(function(t){return e[+t]}))}}(d.call(e.numerals,String)),y=void 0===e.percent?"%":e.percent+"",f=void 0===e.minus?"−":e.minus+"",b=void 0===e.nan?"NaN":e.nan+"";function h(e){var t=(e=r(e)).fill,a=e.align,i=e.sign,c=e.symbol,d=e.zero,h=e.width,E=e.comma,v=e.precision,x=e.trim,k=e.type;"n"===k?(E=!0,k="g"):l[k]||(void 0===v&&(v=12),x=!0,k="g"),(d||"0"===t&&"="===a)&&(d=!0,t="0",a="=");var S="$"===c?s:"#"===c&&/[boxX]/.test(k)?"0"+k.toLowerCase():"",w="$"===c?u:/[%p]/.test(k)?y:"",j=l[k],O=/[defgprs%]/.test(k);function I(e){var r,s,l,c=S,u=w;if("c"===k)u=j(e)+u,e="";else{var y=(e=+e)<0||1/e<0;if(e=isNaN(e)?b:j(Math.abs(e),v),x&&(e=function(e){e:for(var t,a=e.length,n=1,i=-1;n<a;++n)switch(e[n]){case".":i=t=n;break;case"0":0===i&&(i=n),t=n;break;default:if(!+e[n])break e;i>0&&(i=0)}return i>0?e.slice(0,i)+e.slice(t+1):e}(e)),y&&0==+e&&"+"!==i&&(y=!1),c=(y?"("===i?i:f:"-"===i||"("===i?"":i)+c,u=("s"===k?p[8+n/3]:"")+u+(y&&"("===i?")":""),O)for(r=-1,s=e.length;++r<s;)if(48>(l=e.charCodeAt(r))||l>57){u=(46===l?m+e.slice(r+1):e.slice(r))+u,e=e.slice(0,r);break}}E&&!d&&(e=o(e,1/0));var I=c.length+e.length+u.length,T=I<h?new Array(h-I+1).join(t):"";switch(E&&d&&(e=o(T+e,T.length?h-u.length:1/0),T=""),a){case"<":e=c+e+u+T;break;case"=":e=c+T+e+u;break;case"^":e=T.slice(0,I=T.length>>1)+c+e+u+T.slice(I);break;default:e=T+c+e+u}return g(e)}return v=void 0===v?6:/[gprs]/.test(k)?Math.max(1,Math.min(21,v)):Math.max(0,Math.min(20,v)),I.toString=function(){return e+""},I}return{format:h,formatPrefix:function(e,t){var n=h(((e=r(e)).type="f",e)),i=3*Math.max(-8,Math.min(8,Math.floor(a(t)/3))),o=Math.pow(10,-i),s=p[8+i/3];return function(e){return n(o*e)+s}}}}function g(t){return u=m(t),e.format=u.format,e.formatPrefix=u.formatPrefix,u}g({thousands:",",grouping:[3],currency:["$",""]}),e.FormatSpecifier=o,e.formatDefaultLocale=g,e.formatLocale=m,e.formatSpecifier=r,e.precisionFixed=function(e){return Math.max(0,-a(Math.abs(e)))},e.precisionPrefix=function(e,t){return Math.max(0,3*Math.max(-8,Math.min(8,Math.floor(a(t)/3)))-a(Math.abs(e)))},e.precisionRound=function(e,t){return e=Math.abs(e),t=Math.abs(t)-e,Math.max(0,a(t)-a(e))+1},Object.defineProperty(e,"__esModule",{value:!0})}(t)},function(e,t,a){!function(e,t){"use strict";function a(e){if(0<=e.y&&e.y<100){var t=new Date(-1,e.m,e.d,e.H,e.M,e.S,e.L);return t.setFullYear(e.y),t}return new Date(e.y,e.m,e.d,e.H,e.M,e.S,e.L)}function n(e){if(0<=e.y&&e.y<100){var t=new Date(Date.UTC(-1,e.m,e.d,e.H,e.M,e.S,e.L));return t.setUTCFullYear(e.y),t}return new Date(Date.UTC(e.y,e.m,e.d,e.H,e.M,e.S,e.L))}function i(e,t,a){return{y:e,m:t,d:a,H:0,M:0,S:0,L:0}}function r(e){var r=e.dateTime,o=e.date,l=e.time,c=e.periods,u=e.days,d=e.shortDays,p=e.months,H=e.shortMonths,pe=m(c),we=g(c),je=m(u),Oe=g(u),Ie=m(d),Te=g(d),Ce=m(p),Me=g(p),Fe=m(H),De=g(H),Ae={a:function(e){return d[e.getDay()]},A:function(e){return u[e.getDay()]},b:function(e){return H[e.getMonth()]},B:function(e){return p[e.getMonth()]},c:null,d:N,e:N,f:B,g:Z,G:X,H:R,I:q,j:P,L:L,m:z,M:$,p:function(e){return c[+(e.getHours()>=12)]},q:function(e){return 1+~~(e.getMonth()/3)},Q:ke,s:Se,S:V,u:G,U:U,V:W,w:Q,W:Y,x:null,X:null,y:K,Y:J,Z:ee,"%":xe},_e={a:function(e){return d[e.getUTCDay()]},A:function(e){return u[e.getUTCDay()]},b:function(e){return H[e.getUTCMonth()]},B:function(e){return p[e.getUTCMonth()]},c:null,d:te,e:te,f:oe,g:be,G:Ee,H:ae,I:ne,j:ie,L:re,m:se,M:le,p:function(e){return c[+(e.getUTCHours()>=12)]},q:function(e){return 1+~~(e.getUTCMonth()/3)},Q:ke,s:Se,S:ce,u:ue,U:de,V:me,w:ge,W:ye,x:null,X:null,y:fe,Y:he,Z:ve,"%":xe},Ne={a:function(e,t,a){var n=Ie.exec(t.slice(a));return n?(e.w=Te.get(n[0].toLowerCase()),a+n[0].length):-1},A:function(e,t,a){var n=je.exec(t.slice(a));return n?(e.w=Oe.get(n[0].toLowerCase()),a+n[0].length):-1},b:function(e,t,a){var n=Fe.exec(t.slice(a));return n?(e.m=De.get(n[0].toLowerCase()),a+n[0].length):-1},B:function(e,t,a){var n=Ce.exec(t.slice(a));return n?(e.m=Me.get(n[0].toLowerCase()),a+n[0].length):-1},c:function(e,t,a){return Pe(e,r,t,a)},d:j,e:j,f:F,g:x,G:v,H:I,I:I,j:O,L:M,m:w,M:T,p:function(e,t,a){var n=pe.exec(t.slice(a));return n?(e.p=we.get(n[0].toLowerCase()),a+n[0].length):-1},q:S,Q:A,s:_,S:C,u:f,U:b,V:h,w:y,W:E,x:function(e,t,a){return Pe(e,o,t,a)},X:function(e,t,a){return Pe(e,l,t,a)},y:x,Y:v,Z:k,"%":D};function Re(e,t){return function(a){var n,i,r,o=[],l=-1,c=0,u=e.length;for(a instanceof Date||(a=new Date(+a));++l<u;)37===e.charCodeAt(l)&&(o.push(e.slice(c,l)),null!=(i=s[n=e.charAt(++l)])?n=e.charAt(++l):i="e"===n?" ":"0",(r=t[n])&&(n=r(a,i)),o.push(n),c=l+1);return o.push(e.slice(c,l)),o.join("")}}function qe(e,r){return function(o){var s,l,c=i(1900,void 0,1);if(Pe(c,e,o+="",0)!=o.length)return null;if("Q"in c)return new Date(c.Q);if("s"in c)return new Date(1e3*c.s+("L"in c?c.L:0));if(r&&!("Z"in c)&&(c.Z=0),"p"in c&&(c.H=c.H%12+12*c.p),void 0===c.m&&(c.m="q"in c?c.q:0),"V"in c){if(c.V<1||c.V>53)return null;"w"in c||(c.w=1),"Z"in c?(l=(s=n(i(c.y,0,1))).getUTCDay(),s=l>4||0===l?t.utcMonday.ceil(s):t.utcMonday(s),s=t.utcDay.offset(s,7*(c.V-1)),c.y=s.getUTCFullYear(),c.m=s.getUTCMonth(),c.d=s.getUTCDate()+(c.w+6)%7):(l=(s=a(i(c.y,0,1))).getDay(),s=l>4||0===l?t.timeMonday.ceil(s):t.timeMonday(s),s=t.timeDay.offset(s,7*(c.V-1)),c.y=s.getFullYear(),c.m=s.getMonth(),c.d=s.getDate()+(c.w+6)%7)}else("W"in c||"U"in c)&&("w"in c||(c.w="u"in c?c.u%7:"W"in c?1:0),l="Z"in c?n(i(c.y,0,1)).getUTCDay():a(i(c.y,0,1)).getDay(),c.m=0,c.d="W"in c?(c.w+6)%7+7*c.W-(l+5)%7:c.w+7*c.U-(l+6)%7);return"Z"in c?(c.H+=c.Z/100|0,c.M+=c.Z%100,n(c)):a(c)}}function Pe(e,t,a,n){for(var i,r,o=0,l=t.length,c=a.length;o<l;){if(n>=c)return-1;if(37===(i=t.charCodeAt(o++))){if(i=t.charAt(o++),!(r=Ne[i in s?t.charAt(o++):i])||(n=r(e,a,n))<0)return-1}else if(i!=a.charCodeAt(n++))return-1}return n}return Ae.x=Re(o,Ae),Ae.X=Re(l,Ae),Ae.c=Re(r,Ae),_e.x=Re(o,_e),_e.X=Re(l,_e),_e.c=Re(r,_e),{format:function(e){var t=Re(e+="",Ae);return t.toString=function(){return e},t},parse:function(e){var t=qe(e+="",!1);return t.toString=function(){return e},t},utcFormat:function(e){var t=Re(e+="",_e);return t.toString=function(){return e},t},utcParse:function(e){var t=qe(e+="",!0);return t.toString=function(){return e},t}}}var o,s={"-":"",_:" ",0:"0"},l=/^\s*\d+/,c=/^%/,u=/[\\^$*+?|[\]().{}]/g;function d(e,t,a){var n=e<0?"-":"",i=(n?-e:e)+"",r=i.length;return n+(r<a?new Array(a-r+1).join(t)+i:i)}function p(e){return e.replace(u,"\\$&")}function m(e){return new RegExp("^(?:"+e.map(p).join("|")+")","i")}function g(e){return new Map(e.map(((e,t)=>[e.toLowerCase(),t])))}function y(e,t,a){var n=l.exec(t.slice(a,a+1));return n?(e.w=+n[0],a+n[0].length):-1}function f(e,t,a){var n=l.exec(t.slice(a,a+1));return n?(e.u=+n[0],a+n[0].length):-1}function b(e,t,a){var n=l.exec(t.slice(a,a+2));return n?(e.U=+n[0],a+n[0].length):-1}function h(e,t,a){var n=l.exec(t.slice(a,a+2));return n?(e.V=+n[0],a+n[0].length):-1}function E(e,t,a){var n=l.exec(t.slice(a,a+2));return n?(e.W=+n[0],a+n[0].length):-1}function v(e,t,a){var n=l.exec(t.slice(a,a+4));return n?(e.y=+n[0],a+n[0].length):-1}function x(e,t,a){var n=l.exec(t.slice(a,a+2));return n?(e.y=+n[0]+(+n[0]>68?1900:2e3),a+n[0].length):-1}function k(e,t,a){var n=/^(Z)|([+-]\d\d)(?::?(\d\d))?/.exec(t.slice(a,a+6));return n?(e.Z=n[1]?0:-(n[2]+(n[3]||"00")),a+n[0].length):-1}function S(e,t,a){var n=l.exec(t.slice(a,a+1));return n?(e.q=3*n[0]-3,a+n[0].length):-1}function w(e,t,a){var n=l.exec(t.slice(a,a+2));return n?(e.m=n[0]-1,a+n[0].length):-1}function j(e,t,a){var n=l.exec(t.slice(a,a+2));return n?(e.d=+n[0],a+n[0].length):-1}function O(e,t,a){var n=l.exec(t.slice(a,a+3));return n?(e.m=0,e.d=+n[0],a+n[0].length):-1}function I(e,t,a){var n=l.exec(t.slice(a,a+2));return n?(e.H=+n[0],a+n[0].length):-1}function T(e,t,a){var n=l.exec(t.slice(a,a+2));return n?(e.M=+n[0],a+n[0].length):-1}function C(e,t,a){var n=l.exec(t.slice(a,a+2));return n?(e.S=+n[0],a+n[0].length):-1}function M(e,t,a){var n=l.exec(t.slice(a,a+3));return n?(e.L=+n[0],a+n[0].length):-1}function F(e,t,a){var n=l.exec(t.slice(a,a+6));return n?(e.L=Math.floor(n[0]/1e3),a+n[0].length):-1}function D(e,t,a){var n=c.exec(t.slice(a,a+1));return n?a+n[0].length:-1}function A(e,t,a){var n=l.exec(t.slice(a));return n?(e.Q=+n[0],a+n[0].length):-1}function _(e,t,a){var n=l.exec(t.slice(a));return n?(e.s=+n[0],a+n[0].length):-1}function N(e,t){return d(e.getDate(),t,2)}function R(e,t){return d(e.getHours(),t,2)}function q(e,t){return d(e.getHours()%12||12,t,2)}function P(e,a){return d(1+t.timeDay.count(t.timeYear(e),e),a,3)}function L(e,t){return d(e.getMilliseconds(),t,3)}function B(e,t){return L(e,t)+"000"}function z(e,t){return d(e.getMonth()+1,t,2)}function $(e,t){return d(e.getMinutes(),t,2)}function V(e,t){return d(e.getSeconds(),t,2)}function G(e){var t=e.getDay();return 0===t?7:t}function U(e,a){return d(t.timeSunday.count(t.timeYear(e)-1,e),a,2)}function H(e){var a=e.getDay();return a>=4||0===a?t.timeThursday(e):t.timeThursday.ceil(e)}function W(e,a){return e=H(e),d(t.timeThursday.count(t.timeYear(e),e)+(4===t.timeYear(e).getDay()),a,2)}function Q(e){return e.getDay()}function Y(e,a){return d(t.timeMonday.count(t.timeYear(e)-1,e),a,2)}function K(e,t){return d(e.getFullYear()%100,t,2)}function Z(e,t){return d((e=H(e)).getFullYear()%100,t,2)}function J(e,t){return d(e.getFullYear()%1e4,t,4)}function X(e,a){var n=e.getDay();return d((e=n>=4||0===n?t.timeThursday(e):t.timeThursday.ceil(e)).getFullYear()%1e4,a,4)}function ee(e){var t=e.getTimezoneOffset();return(t>0?"-":(t*=-1,"+"))+d(t/60|0,"0",2)+d(t%60,"0",2)}function te(e,t){return d(e.getUTCDate(),t,2)}function ae(e,t){return d(e.getUTCHours(),t,2)}function ne(e,t){return d(e.getUTCHours()%12||12,t,2)}function ie(e,a){return d(1+t.utcDay.count(t.utcYear(e),e),a,3)}function re(e,t){return d(e.getUTCMilliseconds(),t,3)}function oe(e,t){return re(e,t)+"000"}function se(e,t){return d(e.getUTCMonth()+1,t,2)}function le(e,t){return d(e.getUTCMinutes(),t,2)}function ce(e,t){return d(e.getUTCSeconds(),t,2)}function ue(e){var t=e.getUTCDay();return 0===t?7:t}function de(e,a){return d(t.utcSunday.count(t.utcYear(e)-1,e),a,2)}function pe(e){var a=e.getUTCDay();return a>=4||0===a?t.utcThursday(e):t.utcThursday.ceil(e)}function me(e,a){return e=pe(e),d(t.utcThursday.count(t.utcYear(e),e)+(4===t.utcYear(e).getUTCDay()),a,2)}function ge(e){return e.getUTCDay()}function ye(e,a){return d(t.utcMonday.count(t.utcYear(e)-1,e),a,2)}function fe(e,t){return d(e.getUTCFullYear()%100,t,2)}function be(e,t){return d((e=pe(e)).getUTCFullYear()%100,t,2)}function he(e,t){return d(e.getUTCFullYear()%1e4,t,4)}function Ee(e,a){var n=e.getUTCDay();return d((e=n>=4||0===n?t.utcThursday(e):t.utcThursday.ceil(e)).getUTCFullYear()%1e4,a,4)}function ve(){return"+0000"}function xe(){return"%"}function ke(e){return+e}function Se(e){return Math.floor(+e/1e3)}function we(t){return o=r(t),e.timeFormat=o.format,e.timeParse=o.parse,e.utcFormat=o.utcFormat,e.utcParse=o.utcParse,o}we({dateTime:"%x, %X",date:"%-m/%-d/%Y",time:"%-I:%M:%S %p",periods:["AM","PM"],days:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],shortDays:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],months:["January","February","March","April","May","June","July","August","September","October","November","December"],shortMonths:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"]});var je="%Y-%m-%dT%H:%M:%S.%LZ";var Oe=Date.prototype.toISOString?function(e){return e.toISOString()}:e.utcFormat(je);var Ie=+new Date("2000-01-01T00:00:00.000Z")?function(e){var t=new Date(e);return isNaN(t)?null:t}:e.utcParse(je);e.isoFormat=Oe,e.isoParse=Ie,e.timeFormatDefaultLocale=we,e.timeFormatLocale=r,Object.defineProperty(e,"__esModule",{value:!0})}(t,a(817))},function(e,t,a){"use strict";var n=a(1281),i=a(1282).remove,r={},o={},s={},l={},c={};function u(e){return String("000"+(e||"")).slice(-3)}function d(e){return s[e]}function p(e){return o[e]}function m(e){var t=u(e);return p(l[t])}function g(e){var t=u(e);return l[t]}function y(e){if("string"==typeof e){if(/^[0-9]*$/.test(e))return g(e);if(2===e.length)return e.toUpperCase();if(3===e.length)return d(e.toUpperCase())}if("number"==typeof e)return g(e)}n.forEach((function(e){var t=e;o[t[0]]=t[1],s[t[1]]=t[0],l[t[2]]=t[0],c[t[0]]=t[2]})),t.registerLocale=function(e){if(!e.locale)throw new TypeError("Missing localeData.locale");if(!e.countries)throw new TypeError("Missing localeData.countries");r[e.locale]=e.countries},t.alpha3ToAlpha2=d,t.alpha2ToAlpha3=p,t.alpha3ToNumeric=function(e){return c[d(e)]},t.alpha2ToNumeric=function(e){return c[e]},t.numericToAlpha3=m,t.numericToAlpha2=g,t.toAlpha3=function(e){if("string"==typeof e){if(/^[0-9]*$/.test(e))return m(e);if(2===e.length)return p(e.toUpperCase());if(3===e.length)return e.toUpperCase()}if("number"==typeof e)return m(e)},t.toAlpha2=y,t.getName=function(e,t){try{return r[t.toLowerCase()][y(e)]}catch(e){return}},t.getNames=function(e){var t=r[e.toLowerCase()];return void 0===t?{}:t},t.getAlpha2Code=function(e,t){try{var a,n=r[t.toLowerCase()];for(a in n)if(n.hasOwnProperty(a)&&n[a].toLowerCase()===e.toLowerCase())return a;return}catch(e){return}},t.getSimpleAlpha2Code=function(e,t){try{var a,n=r[t.toLowerCase()];for(a in n)if(n.hasOwnProperty(a)&&i(n[a].toLowerCase())===i(e.toLowerCase()))return a;return}catch(e){return}},t.getAlpha2Codes=function(){return o},t.getAlpha3Code=function(e,t){var a=this.getAlpha2Code(e,t);return a?this.toAlpha3(a):void 0},t.getSimpleAlpha3Code=function(e,t){var a=this.getSimpleAlpha2Code(e,t);return a?this.toAlpha3(a):void 0},t.getAlpha3Codes=function(){return s},t.getNumericCodes=function(){return l},t.langs=function(){return Object.keys(r)},t.isValid=function(e){if(!e)return!1;var t=e.toString().toUpperCase();return s.hasOwnProperty(t)||o.hasOwnProperty(t)||l.hasOwnProperty(t)}},function(e){e.exports=JSON.parse('[["AF","AFG","004","ISO 3166-2:AF"],["AX","ALA","248","ISO 3166-2:AX"],["AL","ALB","008","ISO 3166-2:AL"],["DZ","DZA","012","ISO 3166-2:DZ"],["AS","ASM","016","ISO 3166-2:AS"],["AD","AND","020","ISO 3166-2:AD"],["AO","AGO","024","ISO 3166-2:AO"],["AI","AIA","660","ISO 3166-2:AI"],["AQ","ATA","010","ISO 3166-2:AQ"],["AG","ATG","028","ISO 3166-2:AG"],["AR","ARG","032","ISO 3166-2:AR"],["AM","ARM","051","ISO 3166-2:AM"],["AW","ABW","533","ISO 3166-2:AW"],["AU","AUS","036","ISO 3166-2:AU"],["AT","AUT","040","ISO 3166-2:AT"],["AZ","AZE","031","ISO 3166-2:AZ"],["BS","BHS","044","ISO 3166-2:BS"],["BH","BHR","048","ISO 3166-2:BH"],["BD","BGD","050","ISO 3166-2:BD"],["BB","BRB","052","ISO 3166-2:BB"],["BY","BLR","112","ISO 3166-2:BY"],["BE","BEL","056","ISO 3166-2:BE"],["BZ","BLZ","084","ISO 3166-2:BZ"],["BJ","BEN","204","ISO 3166-2:BJ"],["BM","BMU","060","ISO 3166-2:BM"],["BT","BTN","064","ISO 3166-2:BT"],["BO","BOL","068","ISO 3166-2:BO"],["BQ","BES","535","ISO 3166-2:BQ"],["BA","BIH","070","ISO 3166-2:BA"],["BW","BWA","072","ISO 3166-2:BW"],["BV","BVT","074","ISO 3166-2:BV"],["BR","BRA","076","ISO 3166-2:BR"],["IO","IOT","086","ISO 3166-2:IO"],["BN","BRN","096","ISO 3166-2:BN"],["BG","BGR","100","ISO 3166-2:BG"],["BF","BFA","854","ISO 3166-2:BF"],["BI","BDI","108","ISO 3166-2:BI"],["KH","KHM","116","ISO 3166-2:KH"],["CM","CMR","120","ISO 3166-2:CM"],["CA","CAN","124","ISO 3166-2:CA"],["CV","CPV","132","ISO 3166-2:CV"],["KY","CYM","136","ISO 3166-2:KY"],["CF","CAF","140","ISO 3166-2:CF"],["TD","TCD","148","ISO 3166-2:TD"],["CL","CHL","152","ISO 3166-2:CL"],["CN","CHN","156","ISO 3166-2:CN"],["CX","CXR","162","ISO 3166-2:CX"],["CC","CCK","166","ISO 3166-2:CC"],["CO","COL","170","ISO 3166-2:CO"],["KM","COM","174","ISO 3166-2:KM"],["CG","COG","178","ISO 3166-2:CG"],["CD","COD","180","ISO 3166-2:CD"],["CK","COK","184","ISO 3166-2:CK"],["CR","CRI","188","ISO 3166-2:CR"],["CI","CIV","384","ISO 3166-2:CI"],["HR","HRV","191","ISO 3166-2:HR"],["CU","CUB","192","ISO 3166-2:CU"],["CW","CUW","531","ISO 3166-2:CW"],["CY","CYP","196","ISO 3166-2:CY"],["CZ","CZE","203","ISO 3166-2:CZ"],["DK","DNK","208","ISO 3166-2:DK"],["DJ","DJI","262","ISO 3166-2:DJ"],["DM","DMA","212","ISO 3166-2:DM"],["DO","DOM","214","ISO 3166-2:DO"],["EC","ECU","218","ISO 3166-2:EC"],["EG","EGY","818","ISO 3166-2:EG"],["SV","SLV","222","ISO 3166-2:SV"],["GQ","GNQ","226","ISO 3166-2:GQ"],["ER","ERI","232","ISO 3166-2:ER"],["EE","EST","233","ISO 3166-2:EE"],["ET","ETH","231","ISO 3166-2:ET"],["FK","FLK","238","ISO 3166-2:FK"],["FO","FRO","234","ISO 3166-2:FO"],["FJ","FJI","242","ISO 3166-2:FJ"],["FI","FIN","246","ISO 3166-2:FI"],["FR","FRA","250","ISO 3166-2:FR"],["GF","GUF","254","ISO 3166-2:GF"],["PF","PYF","258","ISO 3166-2:PF"],["TF","ATF","260","ISO 3166-2:TF"],["GA","GAB","266","ISO 3166-2:GA"],["GM","GMB","270","ISO 3166-2:GM"],["GE","GEO","268","ISO 3166-2:GE"],["DE","DEU","276","ISO 3166-2:DE"],["GH","GHA","288","ISO 3166-2:GH"],["GI","GIB","292","ISO 3166-2:GI"],["GR","GRC","300","ISO 3166-2:GR"],["GL","GRL","304","ISO 3166-2:GL"],["GD","GRD","308","ISO 3166-2:GD"],["GP","GLP","312","ISO 3166-2:GP"],["GU","GUM","316","ISO 3166-2:GU"],["GT","GTM","320","ISO 3166-2:GT"],["GG","GGY","831","ISO 3166-2:GG"],["GN","GIN","324","ISO 3166-2:GN"],["GW","GNB","624","ISO 3166-2:GW"],["GY","GUY","328","ISO 3166-2:GY"],["HT","HTI","332","ISO 3166-2:HT"],["HM","HMD","334","ISO 3166-2:HM"],["VA","VAT","336","ISO 3166-2:VA"],["HN","HND","340","ISO 3166-2:HN"],["HK","HKG","344","ISO 3166-2:HK"],["HU","HUN","348","ISO 3166-2:HU"],["IS","ISL","352","ISO 3166-2:IS"],["IN","IND","356","ISO 3166-2:IN"],["ID","IDN","360","ISO 3166-2:ID"],["IR","IRN","364","ISO 3166-2:IR"],["IQ","IRQ","368","ISO 3166-2:IQ"],["IE","IRL","372","ISO 3166-2:IE"],["IM","IMN","833","ISO 3166-2:IM"],["IL","ISR","376","ISO 3166-2:IL"],["IT","ITA","380","ISO 3166-2:IT"],["JM","JAM","388","ISO 3166-2:JM"],["JP","JPN","392","ISO 3166-2:JP"],["JE","JEY","832","ISO 3166-2:JE"],["JO","JOR","400","ISO 3166-2:JO"],["KZ","KAZ","398","ISO 3166-2:KZ"],["KE","KEN","404","ISO 3166-2:KE"],["KI","KIR","296","ISO 3166-2:KI"],["KP","PRK","408","ISO 3166-2:KP"],["KR","KOR","410","ISO 3166-2:KR"],["KW","KWT","414","ISO 3166-2:KW"],["KG","KGZ","417","ISO 3166-2:KG"],["LA","LAO","418","ISO 3166-2:LA"],["LV","LVA","428","ISO 3166-2:LV"],["LB","LBN","422","ISO 3166-2:LB"],["LS","LSO","426","ISO 3166-2:LS"],["LR","LBR","430","ISO 3166-2:LR"],["LY","LBY","434","ISO 3166-2:LY"],["LI","LIE","438","ISO 3166-2:LI"],["LT","LTU","440","ISO 3166-2:LT"],["LU","LUX","442","ISO 3166-2:LU"],["MO","MAC","446","ISO 3166-2:MO"],["MK","MKD","807","ISO 3166-2:MK"],["MG","MDG","450","ISO 3166-2:MG"],["MW","MWI","454","ISO 3166-2:MW"],["MY","MYS","458","ISO 3166-2:MY"],["MV","MDV","462","ISO 3166-2:MV"],["ML","MLI","466","ISO 3166-2:ML"],["MT","MLT","470","ISO 3166-2:MT"],["MH","MHL","584","ISO 3166-2:MH"],["MQ","MTQ","474","ISO 3166-2:MQ"],["MR","MRT","478","ISO 3166-2:MR"],["MU","MUS","480","ISO 3166-2:MU"],["YT","MYT","175","ISO 3166-2:YT"],["MX","MEX","484","ISO 3166-2:MX"],["FM","FSM","583","ISO 3166-2:FM"],["MD","MDA","498","ISO 3166-2:MD"],["MC","MCO","492","ISO 3166-2:MC"],["MN","MNG","496","ISO 3166-2:MN"],["ME","MNE","499","ISO 3166-2:ME"],["MS","MSR","500","ISO 3166-2:MS"],["MA","MAR","504","ISO 3166-2:MA"],["MZ","MOZ","508","ISO 3166-2:MZ"],["MM","MMR","104","ISO 3166-2:MM"],["NA","NAM","516","ISO 3166-2:NA"],["NR","NRU","520","ISO 3166-2:NR"],["NP","NPL","524","ISO 3166-2:NP"],["NL","NLD","528","ISO 3166-2:NL"],["NC","NCL","540","ISO 3166-2:NC"],["NZ","NZL","554","ISO 3166-2:NZ"],["NI","NIC","558","ISO 3166-2:NI"],["NE","NER","562","ISO 3166-2:NE"],["NG","NGA","566","ISO 3166-2:NG"],["NU","NIU","570","ISO 3166-2:NU"],["NF","NFK","574","ISO 3166-2:NF"],["MP","MNP","580","ISO 3166-2:MP"],["NO","NOR","578","ISO 3166-2:NO"],["OM","OMN","512","ISO 3166-2:OM"],["PK","PAK","586","ISO 3166-2:PK"],["PW","PLW","585","ISO 3166-2:PW"],["PS","PSE","275","ISO 3166-2:PS"],["PA","PAN","591","ISO 3166-2:PA"],["PG","PNG","598","ISO 3166-2:PG"],["PY","PRY","600","ISO 3166-2:PY"],["PE","PER","604","ISO 3166-2:PE"],["PH","PHL","608","ISO 3166-2:PH"],["PN","PCN","612","ISO 3166-2:PN"],["PL","POL","616","ISO 3166-2:PL"],["PT","PRT","620","ISO 3166-2:PT"],["PR","PRI","630","ISO 3166-2:PR"],["QA","QAT","634","ISO 3166-2:QA"],["RE","REU","638","ISO 3166-2:RE"],["RO","ROU","642","ISO 3166-2:RO"],["RU","RUS","643","ISO 3166-2:RU"],["RW","RWA","646","ISO 3166-2:RW"],["BL","BLM","652","ISO 3166-2:BL"],["SH","SHN","654","ISO 3166-2:SH"],["KN","KNA","659","ISO 3166-2:KN"],["LC","LCA","662","ISO 3166-2:LC"],["MF","MAF","663","ISO 3166-2:MF"],["PM","SPM","666","ISO 3166-2:PM"],["VC","VCT","670","ISO 3166-2:VC"],["WS","WSM","882","ISO 3166-2:WS"],["SM","SMR","674","ISO 3166-2:SM"],["ST","STP","678","ISO 3166-2:ST"],["SA","SAU","682","ISO 3166-2:SA"],["SN","SEN","686","ISO 3166-2:SN"],["RS","SRB","688","ISO 3166-2:RS"],["SC","SYC","690","ISO 3166-2:SC"],["SL","SLE","694","ISO 3166-2:SL"],["SG","SGP","702","ISO 3166-2:SG"],["SX","SXM","534","ISO 3166-2:SX"],["SK","SVK","703","ISO 3166-2:SK"],["SI","SVN","705","ISO 3166-2:SI"],["SB","SLB","090","ISO 3166-2:SB"],["SO","SOM","706","ISO 3166-2:SO"],["ZA","ZAF","710","ISO 3166-2:ZA"],["GS","SGS","239","ISO 3166-2:GS"],["SS","SSD","728","ISO 3166-2:SS"],["ES","ESP","724","ISO 3166-2:ES"],["LK","LKA","144","ISO 3166-2:LK"],["SD","SDN","729","ISO 3166-2:SD"],["SR","SUR","740","ISO 3166-2:SR"],["SJ","SJM","744","ISO 3166-2:SJ"],["SZ","SWZ","748","ISO 3166-2:SZ"],["SE","SWE","752","ISO 3166-2:SE"],["CH","CHE","756","ISO 3166-2:CH"],["SY","SYR","760","ISO 3166-2:SY"],["TW","TWN","158","ISO 3166-2:TW"],["TJ","TJK","762","ISO 3166-2:TJ"],["TZ","TZA","834","ISO 3166-2:TZ"],["TH","THA","764","ISO 3166-2:TH"],["TL","TLS","626","ISO 3166-2:TL"],["TG","TGO","768","ISO 3166-2:TG"],["TK","TKL","772","ISO 3166-2:TK"],["TO","TON","776","ISO 3166-2:TO"],["TT","TTO","780","ISO 3166-2:TT"],["TN","TUN","788","ISO 3166-2:TN"],["TR","TUR","792","ISO 3166-2:TR"],["TM","TKM","795","ISO 3166-2:TM"],["TC","TCA","796","ISO 3166-2:TC"],["TV","TUV","798","ISO 3166-2:TV"],["UG","UGA","800","ISO 3166-2:UG"],["UA","UKR","804","ISO 3166-2:UA"],["AE","ARE","784","ISO 3166-2:AE"],["GB","GBR","826","ISO 3166-2:GB"],["US","USA","840","ISO 3166-2:US"],["UM","UMI","581","ISO 3166-2:UM"],["UY","URY","858","ISO 3166-2:UY"],["UZ","UZB","860","ISO 3166-2:UZ"],["VU","VUT","548","ISO 3166-2:VU"],["VE","VEN","862","ISO 3166-2:VE"],["VN","VNM","704","ISO 3166-2:VN"],["VG","VGB","092","ISO 3166-2:VG"],["VI","VIR","850","ISO 3166-2:VI"],["WF","WLF","876","ISO 3166-2:WF"],["EH","ESH","732","ISO 3166-2:EH"],["YE","YEM","887","ISO 3166-2:YE"],["ZM","ZMB","894","ISO 3166-2:ZM"],["ZW","ZWE","716","ISO 3166-2:ZW"],["XK","XKX","","ISO 3166-2:XK"]]')},function(e,t){t.remove=function(e){return e.replace(/[^\u0000-\u007e]/g,(function(e){return n[e]||e}))};for(var a=[{base:" ",chars:" "},{base:"0",chars:"߀"},{base:"A",chars:"ⒶＡÀÁÂẦẤẪẨÃĀĂẰẮẴẲȦǠÄǞẢÅǺǍȀȂẠẬẶḀĄȺⱯ"},{base:"AA",chars:"Ꜳ"},{base:"AE",chars:"ÆǼǢ"},{base:"AO",chars:"Ꜵ"},{base:"AU",chars:"Ꜷ"},{base:"AV",chars:"ꜸꜺ"},{base:"AY",chars:"Ꜽ"},{base:"B",chars:"ⒷＢḂḄḆɃƁ"},{base:"C",chars:"ⒸＣꜾḈĆCĈĊČÇƇȻ"},{base:"D",chars:"ⒹＤḊĎḌḐḒḎĐƊƉᴅꝹ"},{base:"Dh",chars:"Ð"},{base:"DZ",chars:"DZDŽ"},{base:"Dz",chars:"DzDž"},{base:"E",chars:"ɛⒺＥÈÉÊỀẾỄỂẼĒḔḖĔĖËẺĚȄȆẸỆȨḜĘḘḚƐƎᴇ"},{base:"F",chars:"ꝼⒻＦḞƑꝻ"},{base:"G",chars:"ⒼＧǴĜḠĞĠǦĢǤƓꞠꝽꝾɢ"},{base:"H",chars:"ⒽＨĤḢḦȞḤḨḪĦⱧⱵꞍ"},{base:"I",chars:"ⒾＩÌÍÎĨĪĬİÏḮỈǏȈȊỊĮḬƗ"},{base:"J",chars:"ⒿＪĴɈȷ"},{base:"K",chars:"ⓀＫḰǨḲĶḴƘⱩꝀꝂꝄꞢ"},{base:"L",chars:"ⓁＬĿĹĽḶḸĻḼḺŁȽⱢⱠꝈꝆꞀ"},{base:"LJ",chars:"LJ"},{base:"Lj",chars:"Lj"},{base:"M",chars:"ⓂＭḾṀṂⱮƜϻ"},{base:"N",chars:"ꞤȠⓃＮǸŃÑṄŇṆŅṊṈƝꞐᴎ"},{base:"NJ",chars:"NJ"},{base:"Nj",chars:"Nj"},{base:"O",chars:"ⓄＯÒÓÔỒỐỖỔÕṌȬṎŌṐṒŎȮȰÖȪỎŐǑȌȎƠỜỚỠỞỢỌỘǪǬØǾƆƟꝊꝌ"},{base:"OE",chars:"Œ"},{base:"OI",chars:"Ƣ"},{base:"OO",chars:"Ꝏ"},{base:"OU",chars:"Ȣ"},{base:"P",chars:"ⓅＰṔṖƤⱣꝐꝒꝔ"},{base:"Q",chars:"ⓆＱꝖꝘɊ"},{base:"R",chars:"ⓇＲŔṘŘȐȒṚṜŖṞɌⱤꝚꞦꞂ"},{base:"S",chars:"ⓈＳẞŚṤŜṠŠṦṢṨȘŞⱾꞨꞄ"},{base:"T",chars:"ⓉＴṪŤṬȚŢṰṮŦƬƮȾꞆ"},{base:"Th",chars:"Þ"},{base:"TZ",chars:"Ꜩ"},{base:"U",chars:"ⓊＵÙÚÛŨṸŪṺŬÜǛǗǕǙỦŮŰǓȔȖƯỪỨỮỬỰỤṲŲṶṴɄ"},{base:"V",chars:"ⓋＶṼṾƲꝞɅ"},{base:"VY",chars:"Ꝡ"},{base:"W",chars:"ⓌＷẀẂŴẆẄẈⱲ"},{base:"X",chars:"ⓍＸẊẌ"},{base:"Y",chars:"ⓎＹỲÝŶỸȲẎŸỶỴƳɎỾ"},{base:"Z",chars:"ⓏＺŹẐŻŽẒẔƵȤⱿⱫꝢ"},{base:"a",chars:"ⓐａẚàáâầấẫẩãāăằắẵẳȧǡäǟảåǻǎȁȃạậặḁąⱥɐɑ"},{base:"aa",chars:"ꜳ"},{base:"ae",chars:"æǽǣ"},{base:"ao",chars:"ꜵ"},{base:"au",chars:"ꜷ"},{base:"av",chars:"ꜹꜻ"},{base:"ay",chars:"ꜽ"},{base:"b",chars:"ⓑｂḃḅḇƀƃɓƂ"},{base:"c",chars:"ｃⓒćĉċčçḉƈȼꜿↄ"},{base:"d",chars:"ⓓｄḋďḍḑḓḏđƌɖɗƋᏧԁꞪ"},{base:"dh",chars:"ð"},{base:"dz",chars:"dzdž"},{base:"e",chars:"ⓔｅèéêềếễểẽēḕḗĕėëẻěȅȇẹệȩḝęḙḛɇǝ"},{base:"f",chars:"ⓕｆḟƒ"},{base:"ff",chars:"ff"},{base:"fi",chars:"fi"},{base:"fl",chars:"fl"},{base:"ffi",chars:"ffi"},{base:"ffl",chars:"ffl"},{base:"g",chars:"ⓖｇǵĝḡğġǧģǥɠꞡꝿᵹ"},{base:"h",chars:"ⓗｈĥḣḧȟḥḩḫẖħⱨⱶɥ"},{base:"hv",chars:"ƕ"},{base:"i",chars:"ⓘｉìíîĩīĭïḯỉǐȉȋịįḭɨı"},{base:"j",chars:"ⓙｊĵǰɉ"},{base:"k",chars:"ⓚｋḱǩḳķḵƙⱪꝁꝃꝅꞣ"},{base:"l",chars:"ⓛｌŀĺľḷḹļḽḻſłƚɫⱡꝉꞁꝇɭ"},{base:"lj",chars:"lj"},{base:"m",chars:"ⓜｍḿṁṃɱɯ"},{base:"n",chars:"ⓝｎǹńñṅňṇņṋṉƞɲʼnꞑꞥлԉ"},{base:"nj",chars:"nj"},{base:"o",chars:"ⓞｏòóôồốỗổõṍȭṏōṑṓŏȯȱöȫỏőǒȍȏơờớỡởợọộǫǭøǿꝋꝍɵɔᴑ"},{base:"oe",chars:"œ"},{base:"oi",chars:"ƣ"},{base:"oo",chars:"ꝏ"},{base:"ou",chars:"ȣ"},{base:"p",chars:"ⓟｐṕṗƥᵽꝑꝓꝕρ"},{base:"q",chars:"ⓠｑɋꝗꝙ"},{base:"r",chars:"ⓡｒŕṙřȑȓṛṝŗṟɍɽꝛꞧꞃ"},{base:"s",chars:"ⓢｓśṥŝṡšṧṣṩșşȿꞩꞅẛʂ"},{base:"ss",chars:"ß"},{base:"t",chars:"ⓣｔṫẗťṭțţṱṯŧƭʈⱦꞇ"},{base:"th",chars:"þ"},{base:"tz",chars:"ꜩ"},{base:"u",chars:"ⓤｕùúûũṹūṻŭüǜǘǖǚủůűǔȕȗưừứữửựụṳųṷṵʉ"},{base:"v",chars:"ⓥｖṽṿʋꝟʌ"},{base:"vy",chars:"ꝡ"},{base:"w",chars:"ⓦｗẁẃŵẇẅẘẉⱳ"},{base:"x",chars:"ⓧｘẋẍ"},{base:"y",chars:"ⓨｙỳýŷỹȳẏÿỷẙỵƴɏỿ"},{base:"z",chars:"ⓩｚźẑżžẓẕƶȥɀⱬꝣ"}],n={},i=0;i<a.length;i+=1)for(var r=a[i].chars,o=0;o<r.length;o+=1)n[r[o]]=a[i].base;t.replacementList=a,t.diacriticsMap=n},function(e){e.exports=JSON.parse('{"locale":"en","countries":{"AF":"Afghanistan","AL":"Albania","DZ":"Algeria","AS":"American Samoa","AD":"Andorra","AO":"Angola","AI":"Anguilla","AQ":"Antarctica","AG":"Antigua and Barbuda","AR":"Argentina","AM":"Armenia","AW":"Aruba","AU":"Australia","AT":"Austria","AZ":"Azerbaijan","BS":"Bahamas","BH":"Bahrain","BD":"Bangladesh","BB":"Barbados","BY":"Belarus","BE":"Belgium","BZ":"Belize","BJ":"Benin","BM":"Bermuda","BT":"Bhutan","BO":"Bolivia","BA":"Bosnia and Herzegovina","BW":"Botswana","BV":"Bouvet Island","BR":"Brazil","IO":"British Indian Ocean Territory","BN":"Brunei Darussalam","BG":"Bulgaria","BF":"Burkina Faso","BI":"Burundi","KH":"Cambodia","CM":"Cameroon","CA":"Canada","CV":"Cape Verde","KY":"Cayman Islands","CF":"Central African Republic","TD":"Chad","CL":"Chile","CN":"China","CX":"Christmas Island","CC":"Cocos (Keeling) Islands","CO":"Colombia","KM":"Comoros","CG":"Congo","CD":"Congo, the Democratic Republic of the","CK":"Cook Islands","CR":"Costa Rica","CI":"Cote D\'Ivoire","HR":"Croatia","CU":"Cuba","CY":"Cyprus","CZ":"Czech Republic","DK":"Denmark","DJ":"Djibouti","DM":"Dominica","DO":"Dominican Republic","EC":"Ecuador","EG":"Egypt","SV":"El Salvador","GQ":"Equatorial Guinea","ER":"Eritrea","EE":"Estonia","ET":"Ethiopia","FK":"Falkland Islands (Malvinas)","FO":"Faroe Islands","FJ":"Fiji","FI":"Finland","FR":"France","GF":"French Guiana","PF":"French Polynesia","TF":"French Southern Territories","GA":"Gabon","GM":"Gambia","GE":"Georgia","DE":"Germany","GH":"Ghana","GI":"Gibraltar","GR":"Greece","GL":"Greenland","GD":"Grenada","GP":"Guadeloupe","GU":"Guam","GT":"Guatemala","GN":"Guinea","GW":"Guinea-Bissau","GY":"Guyana","HT":"Haiti","HM":"Heard Island and Mcdonald Islands","VA":"Holy See (Vatican City State)","HN":"Honduras","HK":"Hong Kong","HU":"Hungary","IS":"Iceland","IN":"India","ID":"Indonesia","IR":"Iran, Islamic Republic of","IQ":"Iraq","IE":"Ireland","IL":"Israel","IT":"Italy","JM":"Jamaica","JP":"Japan","JO":"Jordan","KZ":"Kazakhstan","KE":"Kenya","KI":"Kiribati","KP":"North Korea","KR":"South Korea","KW":"Kuwait","KG":"Kyrgyzstan","LA":"Lao People\'s Democratic Republic","LV":"Latvia","LB":"Lebanon","LS":"Lesotho","LR":"Liberia","LY":"Libya","LI":"Liechtenstein","LT":"Lithuania","LU":"Luxembourg","MO":"Macao","MG":"Madagascar","MW":"Malawi","MY":"Malaysia","MV":"Maldives","ML":"Mali","MT":"Malta","MH":"Marshall Islands","MQ":"Martinique","MR":"Mauritania","MU":"Mauritius","YT":"Mayotte","MX":"Mexico","FM":"Micronesia, Federated States of","MD":"Moldova, Republic of","MC":"Monaco","MN":"Mongolia","MS":"Montserrat","MA":"Morocco","MZ":"Mozambique","MM":"Myanmar","NA":"Namibia","NR":"Nauru","NP":"Nepal","NL":"Netherlands","NC":"New Caledonia","NZ":"New Zealand","NI":"Nicaragua","NE":"Niger","NG":"Nigeria","NU":"Niue","NF":"Norfolk Island","MK":"North Macedonia, Republic of","MP":"Northern Mariana Islands","NO":"Norway","OM":"Oman","PK":"Pakistan","PW":"Palau","PS":"Palestinian Territory, Occupied","PA":"Panama","PG":"Papua New Guinea","PY":"Paraguay","PE":"Peru","PH":"Philippines","PN":"Pitcairn","PL":"Poland","PT":"Portugal","PR":"Puerto Rico","QA":"Qatar","RE":"Reunion","RO":"Romania","RU":"Russian Federation","RW":"Rwanda","SH":"Saint Helena","KN":"Saint Kitts and Nevis","LC":"Saint Lucia","PM":"Saint Pierre and Miquelon","VC":"Saint Vincent and the Grenadines","WS":"Samoa","SM":"San Marino","ST":"Sao Tome and Principe","SA":"Saudi Arabia","SN":"Senegal","SC":"Seychelles","SL":"Sierra Leone","SG":"Singapore","SK":"Slovakia","SI":"Slovenia","SB":"Solomon Islands","SO":"Somalia","ZA":"South Africa","GS":"South Georgia and the South Sandwich Islands","ES":"Spain","LK":"Sri Lanka","SD":"Sudan","SR":"Suriname","SJ":"Svalbard and Jan Mayen","SZ":"Swaziland","SE":"Sweden","CH":"Switzerland","SY":"Syrian Arab Republic","TW":"Taiwan","TJ":"Tajikistan","TZ":"Tanzania, United Republic of","TH":"Thailand","TL":"Timor-Leste","TG":"Togo","TK":"Tokelau","TO":"Tonga","TT":"Trinidad and Tobago","TN":"Tunisia","TR":"Turkey","TM":"Turkmenistan","TC":"Turks and Caicos Islands","TV":"Tuvalu","UG":"Uganda","UA":"Ukraine","AE":"United Arab Emirates","GB":"United Kingdom","US":"United States of America","UM":"United States Minor Outlying Islands","UY":"Uruguay","UZ":"Uzbekistan","VU":"Vanuatu","VE":"Venezuela","VN":"Viet Nam","VG":"Virgin Islands, British","VI":"Virgin Islands, U.S.","WF":"Wallis and Futuna","EH":"Western Sahara","YE":"Yemen","ZM":"Zambia","ZW":"Zimbabwe","AX":"Åland Islands","BQ":"Bonaire, Sint Eustatius and Saba","CW":"Curaçao","GG":"Guernsey","IM":"Isle of Man","JE":"Jersey","ME":"Montenegro","BL":"Saint Barthélemy","MF":"Saint Martin (French part)","RS":"Serbia","SX":"Sint Maarten (Dutch part)","SS":"South Sudan","XK":"Kosovo"}}')},function(e,t,a){const n=a(310),i=a(326),r=a(157),o=a(559),s=a(292),l=a(678),c=a(1285),u=a(1286),d=a(1287),p=a(1288),m=a(1289),g=a(1290),y=a(1291),f=a(192),b=a(1292),h=a(1293),E=a(577),v=a(1294),x=a(1295),k=a(462),S=a(578),w=a(836),j=a(837),O=a(489),I=a(396),T=a(838),C=a(1103),M=a(463),F=a(205),D=a(464),A=a(1299),_=a(1300),N=a(1301),R=a(1302),q=a(1303),P=a(579),L=a(1304),B=a(1305),z=a(1306),$=a(1307),V=a(1308);e.exports={parse:s,valid:l,clean:c,inc:u,diff:d,major:p,minor:m,patch:g,prerelease:y,compare:f,rcompare:b,compareLoose:h,compareBuild:E,sort:v,rsort:x,gt:k,lt:S,eq:w,neq:j,gte:O,lte:I,cmp:T,coerce:C,Comparator:M,Range:F,satisfies:D,toComparators:A,maxSatisfying:_,minSatisfying:N,minVersion:R,validRange:q,outside:P,gtr:L,ltr:B,intersects:z,simplifyRange:$,subset:V,SemVer:r,re:n.re,src:n.src,tokens:n.t,SEMVER_SPEC_VERSION:i.SEMVER_SPEC_VERSION,RELEASE_TYPES:i.RELEASE_TYPES,compareIdentifiers:o.compareIdentifiers,rcompareIdentifiers:o.rcompareIdentifiers}},function(e,t,a){const n=a(292);e.exports=(e,t)=>{const a=n(e.trim().replace(/^[=v]+/,""),t);return a?a.version:null}},function(e,t,a){const n=a(157);e.exports=(e,t,a,i,r)=>{"string"==typeof a&&(r=i,i=a,a=void 0);try{return new n(e instanceof n?e.version:e,a).inc(t,i,r).version}catch(e){return null}}},function(e,t,a){const n=a(292);e.exports=(e,t)=>{const a=n(e,null,!0),i=n(t,null,!0),r=a.compare(i);if(0===r)return null;const o=r>0,s=o?a:i,l=o?i:a,c=!!s.prerelease.length;if(l.prerelease.length&&!c)return l.patch||l.minor?s.patch?"patch":s.minor?"minor":"major":"major";const u=c?"pre":"";return a.major!==i.major?u+"major":a.minor!==i.minor?u+"minor":a.patch!==i.patch?u+"patch":"prerelease"}},function(e,t,a){const n=a(157);e.exports=(e,t)=>new n(e,t).major},function(e,t,a){const n=a(157);e.exports=(e,t)=>new n(e,t).minor},function(e,t,a){const n=a(157);e.exports=(e,t)=>new n(e,t).patch},function(e,t,a){const n=a(292);e.exports=(e,t)=>{const a=n(e,t);return a&&a.prerelease.length?a.prerelease:null}},function(e,t,a){const n=a(192);e.exports=(e,t,a)=>n(t,e,a)},function(e,t,a){const n=a(192);e.exports=(e,t)=>n(e,t,!0)},function(e,t,a){const n=a(577);e.exports=(e,t)=>e.sort(((e,a)=>n(e,a,t)))},function(e,t,a){const n=a(577);e.exports=(e,t)=>e.sort(((e,a)=>n(a,e,t)))},function(e,t,a){"use strict";const n=a(1297),i=Symbol("max"),r=Symbol("length"),o=Symbol("lengthCalculator"),s=Symbol("allowStale"),l=Symbol("maxAge"),c=Symbol("dispose"),u=Symbol("noDisposeOnSet"),d=Symbol("lruList"),p=Symbol("cache"),m=Symbol("updateAgeOnGet"),g=()=>1,y=(e,t,a)=>{const n=e[p].get(t);if(n){const t=n.value;if(f(e,t)){if(h(e,n),!e[s])return}else a&&(e[m]&&(n.value.now=Date.now()),e[d].unshiftNode(n));return t.value}},f=(e,t)=>{if(!t||!t.maxAge&&!e[l])return!1;const a=Date.now()-t.now;return t.maxAge?a>t.maxAge:e[l]&&a>e[l]},b=e=>{if(e[r]>e[i])for(let t=e[d].tail;e[r]>e[i]&&null!==t;){const a=t.prev;h(e,t),t=a}},h=(e,t)=>{if(t){const a=t.value;e[c]&&e[c](a.key,a.value),e[r]-=a.length,e[p].delete(a.key),e[d].removeNode(t)}};class Entry{constructor(e,t,a,n,i){this.key=e,this.value=t,this.length=a,this.now=n,this.maxAge=i||0}}const E=(e,t,a,n)=>{let i=a.value;f(e,i)&&(h(e,a),e[s]||(i=void 0)),i&&t.call(n,i.value,i.key,e)};e.exports=class LRUCache{constructor(e){if("number"==typeof e&&(e={max:e}),e||(e={}),e.max&&("number"!=typeof e.max||e.max<0))throw new TypeError("max must be a non-negative number");this[i]=e.max||1/0;const t=e.length||g;if(this[o]="function"!=typeof t?g:t,this[s]=e.stale||!1,e.maxAge&&"number"!=typeof e.maxAge)throw new TypeError("maxAge must be a number");this[l]=e.maxAge||0,this[c]=e.dispose,this[u]=e.noDisposeOnSet||!1,this[m]=e.updateAgeOnGet||!1,this.reset()}set max(e){if("number"!=typeof e||e<0)throw new TypeError("max must be a non-negative number");this[i]=e||1/0,b(this)}get max(){return this[i]}set allowStale(e){this[s]=!!e}get allowStale(){return this[s]}set maxAge(e){if("number"!=typeof e)throw new TypeError("maxAge must be a non-negative number");this[l]=e,b(this)}get maxAge(){return this[l]}set lengthCalculator(e){"function"!=typeof e&&(e=g),e!==this[o]&&(this[o]=e,this[r]=0,this[d].forEach((e=>{e.length=this[o](e.value,e.key),this[r]+=e.length}))),b(this)}get lengthCalculator(){return this[o]}get length(){return this[r]}get itemCount(){return this[d].length}rforEach(e,t){t=t||this;for(let a=this[d].tail;null!==a;){const n=a.prev;E(this,e,a,t),a=n}}forEach(e,t){t=t||this;for(let a=this[d].head;null!==a;){const n=a.next;E(this,e,a,t),a=n}}keys(){return this[d].toArray().map((e=>e.key))}values(){return this[d].toArray().map((e=>e.value))}reset(){this[c]&&this[d]&&this[d].length&&this[d].forEach((e=>this[c](e.key,e.value))),this[p]=new Map,this[d]=new n,this[r]=0}dump(){return this[d].map((e=>!f(this,e)&&{k:e.key,v:e.value,e:e.now+(e.maxAge||0)})).toArray().filter((e=>e))}dumpLru(){return this[d]}set(e,t,a){if((a=a||this[l])&&"number"!=typeof a)throw new TypeError("maxAge must be a number");const n=a?Date.now():0,s=this[o](t,e);if(this[p].has(e)){if(s>this[i])return h(this,this[p].get(e)),!1;const o=this[p].get(e).value;return this[c]&&(this[u]||this[c](e,o.value)),o.now=n,o.maxAge=a,o.value=t,this[r]+=s-o.length,o.length=s,this.get(e),b(this),!0}const m=new Entry(e,t,s,n,a);return m.length>this[i]?(this[c]&&this[c](e,t),!1):(this[r]+=m.length,this[d].unshift(m),this[p].set(e,this[d].head),b(this),!0)}has(e){if(!this[p].has(e))return!1;const t=this[p].get(e).value;return!f(this,t)}get(e){return y(this,e,!0)}peek(e){return y(this,e,!1)}pop(){const e=this[d].tail;return e?(h(this,e),e.value):null}del(e){h(this,this[p].get(e))}load(e){this.reset();const t=Date.now();for(let a=e.length-1;a>=0;a--){const n=e[a],i=n.e||0;if(0===i)this.set(n.k,n.v);else{const e=i-t;e>0&&this.set(n.k,n.v,e)}}}prune(){this[p].forEach(((e,t)=>y(this,t,!1)))}}},function(e,t,a){"use strict";function n(e){var t=this;if(t instanceof n||(t=new n),t.tail=null,t.head=null,t.length=0,e&&"function"==typeof e.forEach)e.forEach((function(e){t.push(e)}));else if(arguments.length>0)for(var a=0,i=arguments.length;a<i;a++)t.push(arguments[a]);return t}function i(e,t,a){var n=t===e.head?new s(a,null,t,e):new s(a,t,t.next,e);return null===n.next&&(e.tail=n),null===n.prev&&(e.head=n),e.length++,n}function r(e,t){e.tail=new s(t,e.tail,null,e),e.head||(e.head=e.tail),e.length++}function o(e,t){e.head=new s(t,null,e.head,e),e.tail||(e.tail=e.head),e.length++}function s(e,t,a,n){if(!(this instanceof s))return new s(e,t,a,n);this.list=n,this.value=e,t?(t.next=this,this.prev=t):this.prev=null,a?(a.prev=this,this.next=a):this.next=null}e.exports=n,n.Node=s,n.create=n,n.prototype.removeNode=function(e){if(e.list!==this)throw new Error("removing node which does not belong to this list");var t=e.next,a=e.prev;return t&&(t.prev=a),a&&(a.next=t),e===this.head&&(this.head=t),e===this.tail&&(this.tail=a),e.list.length--,e.next=null,e.prev=null,e.list=null,t},n.prototype.unshiftNode=function(e){if(e!==this.head){e.list&&e.list.removeNode(e);var t=this.head;e.list=this,e.next=t,t&&(t.prev=e),this.head=e,this.tail||(this.tail=e),this.length++}},n.prototype.pushNode=function(e){if(e!==this.tail){e.list&&e.list.removeNode(e);var t=this.tail;e.list=this,e.prev=t,t&&(t.next=e),this.tail=e,this.head||(this.head=e),this.length++}},n.prototype.push=function(){for(var e=0,t=arguments.length;e<t;e++)r(this,arguments[e]);return this.length},n.prototype.unshift=function(){for(var e=0,t=arguments.length;e<t;e++)o(this,arguments[e]);return this.length},n.prototype.pop=function(){if(this.tail){var e=this.tail.value;return this.tail=this.tail.prev,this.tail?this.tail.next=null:this.head=null,this.length--,e}},n.prototype.shift=function(){if(this.head){var e=this.head.value;return this.head=this.head.next,this.head?this.head.prev=null:this.tail=null,this.length--,e}},n.prototype.forEach=function(e,t){t=t||this;for(var a=this.head,n=0;null!==a;n++)e.call(t,a.value,n,this),a=a.next},n.prototype.forEachReverse=function(e,t){t=t||this;for(var a=this.tail,n=this.length-1;null!==a;n--)e.call(t,a.value,n,this),a=a.prev},n.prototype.get=function(e){for(var t=0,a=this.head;null!==a&&t<e;t++)a=a.next;if(t===e&&null!==a)return a.value},n.prototype.getReverse=function(e){for(var t=0,a=this.tail;null!==a&&t<e;t++)a=a.prev;if(t===e&&null!==a)return a.value},n.prototype.map=function(e,t){t=t||this;for(var a=new n,i=this.head;null!==i;)a.push(e.call(t,i.value,this)),i=i.next;return a},n.prototype.mapReverse=function(e,t){t=t||this;for(var a=new n,i=this.tail;null!==i;)a.push(e.call(t,i.value,this)),i=i.prev;return a},n.prototype.reduce=function(e,t){var a,n=this.head;if(arguments.length>1)a=t;else{if(!this.head)throw new TypeError("Reduce of empty list with no initial value");n=this.head.next,a=this.head.value}for(var i=0;null!==n;i++)a=e(a,n.value,i),n=n.next;return a},n.prototype.reduceReverse=function(e,t){var a,n=this.tail;if(arguments.length>1)a=t;else{if(!this.tail)throw new TypeError("Reduce of empty list with no initial value");n=this.tail.prev,a=this.tail.value}for(var i=this.length-1;null!==n;i--)a=e(a,n.value,i),n=n.prev;return a},n.prototype.toArray=function(){for(var e=new Array(this.length),t=0,a=this.head;null!==a;t++)e[t]=a.value,a=a.next;return e},n.prototype.toArrayReverse=function(){for(var e=new Array(this.length),t=0,a=this.tail;null!==a;t++)e[t]=a.value,a=a.prev;return e},n.prototype.slice=function(e,t){(t=t||this.length)<0&&(t+=this.length),(e=e||0)<0&&(e+=this.length);var a=new n;if(t<e||t<0)return a;e<0&&(e=0),t>this.length&&(t=this.length);for(var i=0,r=this.head;null!==r&&i<e;i++)r=r.next;for(;null!==r&&i<t;i++,r=r.next)a.push(r.value);return a},n.prototype.sliceReverse=function(e,t){(t=t||this.length)<0&&(t+=this.length),(e=e||0)<0&&(e+=this.length);var a=new n;if(t<e||t<0)return a;e<0&&(e=0),t>this.length&&(t=this.length);for(var i=this.length,r=this.tail;null!==r&&i>t;i--)r=r.prev;for(;null!==r&&i>e;i--,r=r.prev)a.push(r.value);return a},n.prototype.splice=function(e,t,...a){e>this.length&&(e=this.length-1),e<0&&(e=this.length+e);for(var n=0,r=this.head;null!==r&&n<e;n++)r=r.next;var o=[];for(n=0;r&&n<t;n++)o.push(r.value),r=this.removeNode(r);for(null===r&&(r=this.tail),r!==this.head&&r!==this.tail&&(r=r.prev),n=0;n<a.length;n++)r=i(this,r,a[n]);return o},n.prototype.reverse=function(){for(var e=this.head,t=this.tail,a=e;null!==a;a=a.prev){var n=a.prev;a.prev=a.next,a.next=n}return this.head=t,this.tail=e,this};try{a(1298)(n)}catch(e){}},function(e,t,a){"use strict";e.exports=function(e){e.prototype[Symbol.iterator]=function*(){for(let e=this.head;e;e=e.next)yield e.value}}},function(e,t,a){const n=a(205);e.exports=(e,t)=>new n(e,t).set.map((e=>e.map((e=>e.value)).join(" ").trim().split(" ")))},function(e,t,a){const n=a(157),i=a(205);e.exports=(e,t,a)=>{let r=null,o=null,s=null;try{s=new i(t,a)}catch(e){return null}return e.forEach((e=>{s.test(e)&&(r&&-1!==o.compare(e)||(r=e,o=new n(r,a)))})),r}},function(e,t,a){const n=a(157),i=a(205);e.exports=(e,t,a)=>{let r=null,o=null,s=null;try{s=new i(t,a)}catch(e){return null}return e.forEach((e=>{s.test(e)&&(r&&1!==o.compare(e)||(r=e,o=new n(r,a)))})),r}},function(e,t,a){const n=a(157),i=a(205),r=a(462);e.exports=(e,t)=>{e=new i(e,t);let a=new n("0.0.0");if(e.test(a))return a;if(a=new n("0.0.0-0"),e.test(a))return a;a=null;for(let t=0;t<e.set.length;++t){const i=e.set[t];let o=null;i.forEach((e=>{const t=new n(e.semver.version);switch(e.operator){case">":0===t.prerelease.length?t.patch++:t.prerelease.push(0),t.raw=t.format();case"":case">=":o&&!r(t,o)||(o=t);break;case"<":case"<=":break;default:throw new Error(`Unexpected operation: ${e.operator}`)}})),!o||a&&!r(a,o)||(a=o)}return a&&e.test(a)?a:null}},function(e,t,a){const n=a(205);e.exports=(e,t)=>{try{return new n(e,t).range||"*"}catch(e){return null}}},function(e,t,a){const n=a(579);e.exports=(e,t,a)=>n(e,t,">",a)},function(e,t,a){const n=a(579);e.exports=(e,t,a)=>n(e,t,"<",a)},function(e,t,a){const n=a(205);e.exports=(e,t,a)=>(e=new n(e,a),t=new n(t,a),e.intersects(t,a))},function(e,t,a){const n=a(464),i=a(192);e.exports=(e,t,a)=>{const r=[];let o=null,s=null;const l=e.sort(((e,t)=>i(e,t,a)));for(const e of l)n(e,t,a)?(s=e,o||(o=e)):(s&&r.push([o,s]),s=null,o=null);o&&r.push([o,null]);const c=[];for(const[e,t]of r)e===t?c.push(e):t||e!==l[0]?t?e===l[0]?c.push(`<=${t}`):c.push(`${e} - ${t}`):c.push(`>=${e}`):c.push("*");const u=c.join(" || "),d="string"==typeof t.raw?t.raw:String(t);return u.length<d.length?u:t}},function(e,t,a){const n=a(205),i=a(463),{ANY:r}=i,o=a(464),s=a(192),l=[new i(">=0.0.0-0")],c=[new i(">=0.0.0")],u=(e,t,a)=>{if(e===t)return!0;if(1===e.length&&e[0].semver===r){if(1===t.length&&t[0].semver===r)return!0;e=a.includePrerelease?l:c}if(1===t.length&&t[0].semver===r){if(a.includePrerelease)return!0;t=c}const n=new Set;let i,u,m,g,y,f,b;for(const t of e)">"===t.operator||">="===t.operator?i=d(i,t,a):"<"===t.operator||"<="===t.operator?u=p(u,t,a):n.add(t.semver);if(n.size>1)return null;if(i&&u){if(m=s(i.semver,u.semver,a),m>0)return null;if(0===m&&(">="!==i.operator||"<="!==u.operator))return null}for(const e of n){if(i&&!o(e,String(i),a))return null;if(u&&!o(e,String(u),a))return null;for(const n of t)if(!o(e,String(n),a))return!1;return!0}let h=!(!u||a.includePrerelease||!u.semver.prerelease.length)&&u.semver,E=!(!i||a.includePrerelease||!i.semver.prerelease.length)&&i.semver;h&&1===h.prerelease.length&&"<"===u.operator&&0===h.prerelease[0]&&(h=!1);for(const e of t){if(b=b||">"===e.operator||">="===e.operator,f=f||"<"===e.operator||"<="===e.operator,i)if(E&&e.semver.prerelease&&e.semver.prerelease.length&&e.semver.major===E.major&&e.semver.minor===E.minor&&e.semver.patch===E.patch&&(E=!1),">"===e.operator||">="===e.operator){if(g=d(i,e,a),g===e&&g!==i)return!1}else if(">="===i.operator&&!o(i.semver,String(e),a))return!1;if(u)if(h&&e.semver.prerelease&&e.semver.prerelease.length&&e.semver.major===h.major&&e.semver.minor===h.minor&&e.semver.patch===h.patch&&(h=!1),"<"===e.operator||"<="===e.operator){if(y=p(u,e,a),y===e&&y!==u)return!1}else if("<="===u.operator&&!o(u.semver,String(e),a))return!1;if(!e.operator&&(u||i)&&0!==m)return!1}return!(i&&f&&!u&&0!==m||u&&b&&!i&&0!==m||E||h)},d=(e,t,a)=>{if(!e)return t;const n=s(e.semver,t.semver,a);return n>0?e:n<0||">"===t.operator&&">="===e.operator?t:e},p=(e,t,a)=>{if(!e)return t;const n=s(e.semver,t.semver,a);return n<0?e:n>0||"<"===t.operator&&"<="===e.operator?t:e};e.exports=(e,t,a={})=>{if(e===t)return!0;e=new n(e,a),t=new n(t,a);let i=!1;e:for(const n of e.set){for(const e of t.set){const t=u(n,e,a);if(i=i||null!==t,t)continue e}if(i)return!1}return!0}},function(e,t,a){e.exports=a(33)(1937)},function(e,t,a){e.exports=a(33)(3704)},function(e,t,a){"use strict";e.exports=function(e){var t=this;this.Parser=function(a){return n(a,Object.assign({},t.data("settings"),e,{extensions:t.data("micromarkExtensions")||[],mdastExtensions:t.data("fromMarkdownExtensions")||[]}))}};var n=a(1312)},function(e,t,a){"use strict";e.exports=a(1313)},function(e,t,a){"use strict";e.exports=function(e,t,a){return"string"!=typeof t&&(a=t,t=void 0),function(e){var t=e||{},a=function(e,t){for(var a=-1;++a<t.length;)m(e,t[a]);return e}({canContainEols:["emphasis","fragment","heading","paragraph","strong"],enter:{autolink:f(M),autolinkProtocol:k,autolinkEmail:k,atxHeading:f(I),blockQuote:f((function(){return{type:"blockquote",children:[]}})),characterEscape:k,characterReference:k,codeFenced:f(O),codeFencedFenceInfo:b,codeFencedFenceMeta:b,codeIndented:f(O,b),codeText:f((function(){return{type:"inlineCode",value:""}}),b),codeTextData:k,data:k,codeFlowValue:k,definition:f((function(){return{type:"definition",identifier:"",label:null,title:null,url:""}})),definitionDestinationString:b,definitionLabelString:b,definitionTitleString:b,emphasis:f((function(){return{type:"emphasis",children:[]}})),hardBreakEscape:f(T),hardBreakTrailing:f(T),htmlFlow:f(C,b),htmlFlowData:k,htmlText:f(C,b),htmlTextData:k,image:f((function(){return{type:"image",title:null,url:"",alt:null}})),label:b,link:f(M),listItem:f((function(e){return{type:"listItem",spread:e._spread,checked:null,children:[]}})),listItemValue:function(e){g("expectingFirstListItemValue")&&(this.stack[this.stack.length-2].start=parseInt(this.sliceSerialize(e),10),u("expectingFirstListItemValue"))},listOrdered:f(F,(function(){u("expectingFirstListItemValue",!0)})),listUnordered:f(F),paragraph:f((function(){return{type:"paragraph",children:[]}})),reference:function(){u("referenceType","collapsed")},referenceString:b,resourceDestinationString:b,resourceTitleString:b,setextHeading:f(I),strong:f((function(){return{type:"strong",children:[]}})),thematicBreak:f((function(){return{type:"thematicBreak"}}))},exit:{atxHeading:E(),atxHeadingSequence:function(e){this.stack[this.stack.length-1].depth||(this.stack[this.stack.length-1].depth=this.sliceSerialize(e).length)},autolink:E(),autolinkEmail:function(e){S.call(this,e),this.stack[this.stack.length-1].url="mailto:"+this.sliceSerialize(e)},autolinkProtocol:function(e){S.call(this,e),this.stack[this.stack.length-1].url=this.sliceSerialize(e)},blockQuote:E(),characterEscapeValue:S,characterReferenceMarkerHexadecimal:j,characterReferenceMarkerNumeric:j,characterReferenceValue:function(e){var t,a,n=this.sliceSerialize(e),i=g("characterReferenceType");i?(t=s(n,"characterReferenceMarkerNumeric"===i?10:16),u("characterReferenceType")):t=d(n),(a=this.stack.pop()).value+=t,a.position.end=y(e.end)},codeFenced:E((function(){var e=this.resume();this.stack[this.stack.length-1].value=e.replace(/^(\r?\n|\r)|(\r?\n|\r)$/g,""),u("flowCodeInside")})),codeFencedFence:function(){g("flowCodeInside")||(this.buffer(),u("flowCodeInside",!0))},codeFencedFenceInfo:function(){var e=this.resume();this.stack[this.stack.length-1].lang=e},codeFencedFenceMeta:function(){var e=this.resume();this.stack[this.stack.length-1].meta=e},codeFlowValue:S,codeIndented:E((function(){var e=this.resume();this.stack[this.stack.length-1].value=e})),codeText:E((function(){var e=this.resume();this.stack[this.stack.length-1].value=e})),codeTextData:S,data:S,definition:E(),definitionDestinationString:function(){var e=this.resume();this.stack[this.stack.length-1].url=e},definitionLabelString:function(e){var t=this.resume();this.stack[this.stack.length-1].label=t,this.stack[this.stack.length-1].identifier=o(this.sliceSerialize(e)).toLowerCase()},definitionTitleString:function(){var e=this.resume();this.stack[this.stack.length-1].title=e},emphasis:E(),hardBreakEscape:E(w),hardBreakTrailing:E(w),htmlFlow:E((function(){var e=this.resume();this.stack[this.stack.length-1].value=e})),htmlFlowData:S,htmlText:E((function(){var e=this.resume();this.stack[this.stack.length-1].value=e})),htmlTextData:S,image:E((function(){var e=this.stack[this.stack.length-1];g("inReference")?(e.type+="Reference",e.referenceType=g("referenceType")||"shortcut",delete e.url,delete e.title):(delete e.identifier,delete e.label,delete e.referenceType),u("referenceType")})),label:function(){var e=this.stack[this.stack.length-1],t=this.resume();this.stack[this.stack.length-1].label=t,u("inReference",!0),"link"===this.stack[this.stack.length-1].type?this.stack[this.stack.length-1].children=e.children:this.stack[this.stack.length-1].alt=t},labelText:function(e){this.stack[this.stack.length-2].identifier=o(this.sliceSerialize(e)).toLowerCase()},lineEnding:function(e){var t=this.stack[this.stack.length-1];if(g("atHardBreak"))return t.children[t.children.length-1].position.end=y(e.end),void u("atHardBreak");!g("setextHeadingSlurpLineEnding")&&a.canContainEols.indexOf(t.type)>-1&&(k.call(this,e),S.call(this,e))},link:E((function(){var e=this.stack[this.stack.length-1];g("inReference")?(e.type+="Reference",e.referenceType=g("referenceType")||"shortcut",delete e.url,delete e.title):(delete e.identifier,delete e.label,delete e.referenceType),u("referenceType")})),listItem:E(),listOrdered:E(),listUnordered:E(),paragraph:E(),referenceString:function(e){var t=this.resume();this.stack[this.stack.length-1].label=t,this.stack[this.stack.length-1].identifier=o(this.sliceSerialize(e)).toLowerCase(),u("referenceType","full")},resourceDestinationString:function(){var e=this.resume();this.stack[this.stack.length-1].url=e},resourceTitleString:function(){var e=this.resume();this.stack[this.stack.length-1].title=e},resource:function(){u("inReference")},setextHeading:E((function(){u("setextHeadingSlurpLineEnding")})),setextHeadingLineSequence:function(e){this.stack[this.stack.length-1].depth=61===this.sliceSerialize(e).charCodeAt(0)?1:2},setextHeadingText:function(){u("setextHeadingSlurpLineEnding",!0)},strong:E(),thematicBreak:E()}},t.mdastExtensions||[]),l={};return function(e){for(var t,n=[{type:"root",children:[]}],o=[],s=[],l=-1,d={stack:n,tokenStack:o,config:a,enter:h,exit:v,buffer:b,resume:x,setData:u,getData:g};++l<e.length;)"listOrdered"!==e[l][1].type&&"listUnordered"!==e[l][1].type||("enter"===e[l][0]?s.push(l):l=c(e,s.pop(l),l));for(l=-1;++l<e.length;)t=a[e[l][0]],r.call(t,e[l][1].type)&&t[e[l][1].type].call(i({sliceSerialize:e[l][2].sliceSerialize},d),e[l][1]);if(o.length)throw new Error("Cannot close document, a token (`"+o[o.length-1].type+"`, "+p({start:o[o.length-1].start,end:o[o.length-1].end})+") is still open");return n[0].position={start:y(e.length?e[0][1].start:{line:1,column:1,offset:0}),end:y(e.length?e[e.length-2][1].end:{line:1,column:1,offset:0})},n[0]};function c(e,t,a){for(var n,i,r,o,s,l,c,u=t-1,d=-1,p=!1;++u<=a;)if("listUnordered"===(s=e[u])[1].type||"listOrdered"===s[1].type||"blockQuote"===s[1].type?("enter"===s[0]?d++:d--,c=void 0):"lineEndingBlank"===s[1].type?"enter"===s[0]&&(!n||c||d||l||(l=u),c=void 0):"linePrefix"===s[1].type||"listItemValue"===s[1].type||"listItemMarker"===s[1].type||"listItemPrefix"===s[1].type||"listItemPrefixWhitespace"===s[1].type||(c=void 0),!d&&"enter"===s[0]&&"listItemPrefix"===s[1].type||-1===d&&"exit"===s[0]&&("listUnordered"===s[1].type||"listOrdered"===s[1].type)){if(n){for(i=u,r=void 0;i--;)if("lineEnding"===(o=e[i])[1].type||"lineEndingBlank"===o[1].type){if("exit"===o[0])continue;r&&(e[r][1].type="lineEndingBlank",p=!0),o[1].type="lineEnding",r=i}else if("linePrefix"!==o[1].type&&"blockQuotePrefix"!==o[1].type&&"blockQuotePrefixWhitespace"!==o[1].type&&"blockQuoteMarker"!==o[1].type&&"listItemIndent"!==o[1].type)break;l&&(!r||l<r)&&(n._spread=!0),n.end=y(r?e[r][1].start:s[1].end),e.splice(r||u,0,["exit",n,s[2]]),u++,a++}"listItemPrefix"===s[1].type&&(n={type:"listItem",_spread:!1,start:y(s[1].start)},e.splice(u,0,["enter",n,s[2]]),u++,a++,l=void 0,c=!0)}return e[t][1]._spread=p,a}function u(e,t){l[e]=t}function g(e){return l[e]}function y(e){return{line:e.line,column:e.column,offset:e.offset}}function f(e,t){return function(a){h.call(this,e(a),a),t&&t.call(this,a)}}function b(){this.stack.push({type:"fragment",children:[]})}function h(e,t){return this.stack[this.stack.length-1].children.push(e),this.stack.push(e),this.tokenStack.push(t),e.position={start:y(t.start)},e}function E(e){return function(t){e&&e.call(this,t),v.call(this,t)}}function v(e){var t=this.stack.pop(),a=this.tokenStack.pop();if(!a)throw new Error("Cannot close `"+e.type+"` ("+p({start:e.start,end:e.end})+"): it’s not open");if(a.type!==e.type)throw new Error("Cannot close `"+e.type+"` ("+p({start:e.start,end:e.end})+"): a different token (`"+a.type+"`, "+p({start:a.start,end:a.end})+") is open");return t.position.end=y(e.end),t}function x(){return n(this.stack.pop())}function k(e){var t=this.stack[this.stack.length-1].children,a=t[t.length-1];a&&"text"===a.type||((a={type:"text",value:""}).position={start:y(e.start)},this.stack[this.stack.length-1].children.push(a)),this.stack.push(a)}function S(e){var t=this.stack.pop();t.value+=this.sliceSerialize(e),t.position.end=y(e.end)}function w(){u("atHardBreak",!0)}function j(e){u("characterReferenceType",e.type)}function O(){return{type:"code",lang:null,meta:null,value:""}}function I(){return{type:"heading",depth:void 0,children:[]}}function T(){return{type:"break"}}function C(){return{type:"html",value:""}}function M(){return{type:"link",title:null,url:"",children:[]}}function F(e){return{type:"list",ordered:"listOrdered"===e.type,start:null,spread:e._spread,children:[]}}}(a)(u(l(a).document().write(c()(e,t,!0))))};var n=a(1314),i=a(369),r=a(840),o=a(580),s=a(1315),l=a(1316),c=a(1355),u=a(1356),d=a(845),p=a(1357);function m(e,t){var a,n;for(a in t)n=r.call(e,a)?e[a]:e[a]={},"canContainEols"===a?e[a]=[].concat(n,t[a]):Object.assign(n,t[a])}},function(e,t,a){"use strict";function n(e){return e&&(e.value||e.alt||e.title||"children"in e&&i(e.children)||"length"in e&&i(e))||""}function i(e){for(var t=[],a=-1;++a<e.length;)t[a]=n(e[a]);return t.join("")}e.exports=n},function(e,t,a){"use strict";var n=a(465);e.exports=function(e,t){var a=parseInt(e,t);return a<9||11===a||a>13&&a<32||a>126&&a<160||a>55295&&a<57344||a>64975&&a<65008||65535==(65535&a)||65534==(65535&a)||a>1114111?"�":n(a)}},function(e,t,a){"use strict";var n=a(1317),i=a(1318),r=a(1319),o=a(843),s=a(1322),l=a(1323),c=a(581),u=a(1326);e.exports=function(e){var t={defined:[],constructs:s([u].concat(c((e||{}).extensions))),content:a(n),document:a(i),flow:a(r),string:a(o.string),text:a(o.text)};return t;function a(e){return function(a){return l(t,e,a)}}}},function(e,t,a){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var n=a(147),i=a(154);t.tokenize=function(e){var t,a=e.attempt(this.parser.constructs.contentInitial,(function(t){if(null!==t)return e.enter("lineEnding"),e.consume(t),e.exit("lineEnding"),i(e,a,"linePrefix");e.consume(t)}),(function(t){return e.enter("paragraph"),r(t)}));return a;function r(a){var n=e.enter("chunkText",{contentType:"text",previous:t});return t&&(t.next=n),t=n,o(a)}function o(t){return null===t?(e.exit("chunkText"),e.exit("paragraph"),void e.consume(t)):n(t)?(e.consume(t),e.exit("chunkText"),r):(e.consume(t),o)}}},function(e,t,a){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var n=a(147),i=a(154),r=a(466),o={tokenize:function(e,t,a){return i(e,e.attempt(this.parser.constructs.document,t,a),"linePrefix",this.parser.constructs.disable.null.indexOf("codeIndented")>-1?void 0:4)}},s={tokenize:function(e,t,a){return i(e,e.lazy(this.parser.constructs.flow,t,a),"linePrefix",this.parser.constructs.disable.null.indexOf("codeIndented")>-1?void 0:4)}};t.tokenize=function(e){var t,a,i,l=this,c=[],u=0,d={tokenize:function(e,n){var i=0;return t={},u;function u(n){return i<c.length?(l.containerState=c[i][1],e.attempt(c[i][0].continuation,d,p)(n)):a.currentConstruct&&a.currentConstruct.concrete?(t.flowContinue=!0,y(n)):(l.interrupt=a.currentConstruct&&a.currentConstruct.interruptible,l.containerState={},e.attempt(o,g,y)(n))}function d(e){return i++,l.containerState._closeFlow?g(e):u(e)}function p(t){return a.currentConstruct&&a.currentConstruct.lazy?(l.containerState={},e.attempt(o,g,e.attempt(s,g,e.check(r,g,m)))(t)):g(t)}function m(e){return i=c.length,t.lazy=!0,t.flowContinue=!0,y(e)}function g(e){return t.flowEnd=!0,y(e)}function y(e){return t.continued=i,l.interrupt=l.containerState=void 0,n(e)}},partial:!0};return p;function p(t){return u<c.length?(l.containerState=c[u][1],e.attempt(c[u][0].continuation,m,g)(t)):g(t)}function m(e){return u++,p(e)}function g(n){return t&&t.flowContinue?f(n):(l.interrupt=a&&a.currentConstruct&&a.currentConstruct.interruptible,l.containerState={},e.attempt(o,y,f)(n))}function y(e){return c.push([l.currentConstruct,l.containerState]),l.containerState=void 0,g(e)}function f(t){return null===t?(v(0,!0),void e.consume(t)):(a=a||l.parser.flow(l.now()),e.enter("chunkFlow",{contentType:"flow",previous:i,_tokenizer:a}),b(t))}function b(t){return null===t?(E(e.exit("chunkFlow")),f(t)):n(t)?(e.consume(t),E(e.exit("chunkFlow")),e.check(d,h)):(e.consume(t),b)}function h(e){return v(t.continued,t&&t.flowEnd),u=0,p(e)}function E(e){i&&(i.next=e),i=e,a.lazy=t&&t.lazy,a.defineSkip(e.start),a.write(l.sliceStream(e))}function v(t,n){var r=c.length;for(a&&n&&(a.write([null]),i=a=void 0);r-- >t;)l.containerState=c[r][1],c[r][0].exit.call(l,e);c.length=t}}},function(e,t,a){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var n=a(1320),i=a(154),r=a(466);t.tokenize=function(e){var t=this,a=e.attempt(r,(function(n){if(null!==n)return e.enter("lineEndingBlank"),e.consume(n),e.exit("lineEndingBlank"),t.currentConstruct=void 0,a;e.consume(n)}),e.attempt(this.parser.constructs.flowInitial,o,i(e,e.attempt(this.parser.constructs.flow,o,e.attempt(n,o)),"linePrefix")));return a;function o(n){if(null!==n)return e.enter("lineEnding"),e.consume(n),e.exit("lineEnding"),t.currentConstruct=void 0,a;e.consume(n)}}},function(e,t,a){"use strict";var n=a(147),i=a(467),r=a(842),o=a(154),s={tokenize:function(e,t){var a;return function(t){return e.enter("content"),a=e.enter("chunkContent",{contentType:"content"}),i(t)};function i(t){return null===t?r(t):n(t)?e.check(l,o,r)(t):(e.consume(t),i)}function r(a){return e.exit("chunkContent"),e.exit("content"),t(a)}function o(t){return e.consume(t),e.exit("chunkContent"),a=a.next=e.enter("chunkContent",{contentType:"content",previous:a}),i}},resolve:function(e){return r(e),e},interruptible:!0,lazy:!0},l={tokenize:function(e,t,a){var r=this;return function(t){return e.enter("lineEnding"),e.consume(t),e.exit("lineEnding"),o(e,s,"linePrefix")};function s(o){return null===o||n(o)?a(o):r.parser.constructs.disable.null.indexOf("codeIndented")>-1||i(r.events,"linePrefix")<4?e.interrupt(r.parser.constructs.flow,a,t)(o):t(o)}},partial:!0};e.exports=s},function(e,t,a){"use strict";var n=[].splice;e.exports=n},function(e,t,a){"use strict";var n=a(840),i=a(251),r=a(581);function o(e,t){var a,i,o,l;for(a in t)for(l in i=n.call(e,a)?e[a]:e[a]={},o=t[a])i[l]=s(r(o[l]),n.call(i,l)?i[l]:[])}function s(e,t){for(var a=-1,n=[];++a<e.length;)("after"===e[a].add?t:n).push(e[a]);return i(t,0,0,n),t}e.exports=function(e){for(var t={},a=-1;++a<e.length;)o(t,e[a]);return t}},function(e,t,a){"use strict";var n=a(369),i=a(147),r=a(582),o=a(251),s=a(581),l=a(583),c=a(1324),u=a(315),d=a(1325);e.exports=function(e,t,a){var p=a?u(a):{line:1,column:1,offset:0},m={},g=[],y=[],f=[],b={consume:function(e){i(e)?(p.line++,p.column=1,p.offset+=-3===e?2:1,O()):-1!==e&&(p.column++,p.offset++),p._bufferIndex<0?p._index++:(p._bufferIndex++,p._bufferIndex===y[p._index].length&&(p._bufferIndex=-1,p._index++)),h.previous=e},enter:function(e,t){var a=t||{};return a.type=e,a.start=x(),h.events.push(["enter",a,h]),f.push(a),a},exit:function(e){var t=f.pop();return t.end=x(),h.events.push(["exit",t,h]),t},attempt:w((function(e,t){j(e,t.from)})),check:w(S),interrupt:w(S,{interrupt:!0}),lazy:w(S,{lazy:!0})},h={previous:null,events:[],parser:e,sliceStream:v,sliceSerialize:function(e){return c(v(e))},now:x,defineSkip:function(e){m[e.line]=e.column,O()},write:function(e){return y=r(y,e),function(){for(var e,t;p._index<y.length;)if("string"==typeof(t=y[p._index]))for(e=p._index,p._bufferIndex<0&&(p._bufferIndex=0);p._index===e&&p._bufferIndex<t.length;)k(t.charCodeAt(p._bufferIndex));else k(t)}(),null!==y[y.length-1]?[]:(j(t,0),h.events=l(g,h.events,h),h.events)}},E=t.tokenize.call(h,b);return t.resolveAll&&g.push(t),p._index=0,p._bufferIndex=-1,h;function v(e){return d(y,e)}function x(){return u(p)}function k(e){E=E(e)}function S(e,t){t.restore()}function w(e,t){return function(a,i,r){var o,l,c,u;return a.tokenize||"length"in a?d(s(a)):function(e){return e in a||null in a?d(a.null?s(a[e]).concat(s(a.null)):a[e])(e):r(e)};function d(e){return o=e,m(e[l=0])}function m(e){return function(a){var i,r,o,s,l;return i=x(),r=h.previous,o=h.currentConstruct,s=h.events.length,l=Array.from(f),u={restore:function(){p=i,h.previous=r,h.currentConstruct=o,h.events.length=s,f=l,O()},from:s},c=e,e.partial||(h.currentConstruct=e),e.name&&h.parser.constructs.disable.null.indexOf(e.name)>-1?y():e.tokenize.call(t?n({},h,t):h,b,g,y)(a)}}function g(t){return e(c,u),i}function y(e){return u.restore(),++l<o.length?m(o[l]):r}}}function j(e,t){e.resolveAll&&g.indexOf(e)<0&&g.push(e),e.resolve&&o(h.events,t,h.events.length-t,e.resolve(h.events.slice(t),h)),e.resolveTo&&(h.events=e.resolveTo(h.events,h))}function O(){p.line in m&&p.column<2&&(p.column=m[p.line],p.offset+=m[p.line]-1)}}},function(e,t,a){"use strict";var n=a(465);e.exports=function(e){for(var t,a,i,r=-1,o=[];++r<e.length;){if("string"==typeof(t=e[r]))a=t;else if(-5===t)a="\r";else if(-4===t)a="\n";else if(-3===t)a="\r\n";else if(-2===t)a="\t";else if(-1===t){if(i)continue;a=" "}else a=n(t);i=-2===t,o.push(a)}return o.join("")}},function(e,t,a){"use strict";e.exports=function(e,t){var a,n=t.start._index,i=t.start._bufferIndex,r=t.end._index,o=t.end._bufferIndex;return n===r?a=[e[n].slice(i,o)]:(a=e.slice(n,r),i>-1&&(a[0]=a[0].slice(i)),o>0&&a.push(e[r].slice(0,o))),a}},function(e,t,a){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var n=a(843),i=a(1327),r=a(1333),o=a(1335),s=a(1336),l=a(1338),c=a(1340),u=a(1341),d=a(1342),p=a(1343),m=a(1344),g=a(1345),y=a(1346),f=a(1349),b=a(585),h=a(1350),E=a(1351),v=a(1352),x=a(1353),k=a(1354),S=a(851),w={42:x,43:x,45:x,48:x,49:x,50:x,51:x,52:x,53:x,54:x,55:x,56:x,57:x,62:o},j={91:p},O={"-2":u,"-1":u,32:u},I={35:g,42:S,45:[k,S],60:y,61:k,95:S,96:c,126:c},T={38:l,92:s},C={"-5":v,"-4":v,"-3":v,33:h,38:l,42:i,60:[r,f],91:E,92:[m,s],93:b,95:i,96:d},M={null:[i,n.resolver]};t.contentInitial=j,t.disable={null:[]},t.document=w,t.flow=I,t.flowInitial=O,t.insideSpan=M,t.string=T,t.text=C},function(e,t,a){"use strict";var n=a(582),i=a(251),r=a(1328),o=a(1332),s=a(583),l=a(315),c={name:"attention",tokenize:function(e,t){var a,n=r(this.previous);return function(t){return e.enter("attentionSequence"),a=t,i(t)};function i(o){var s,l,c,u;return o===a?(e.consume(o),i):(s=e.exit("attentionSequence"),c=!(l=r(o))||2===l&&n,u=!n||2===n&&l,s._open=42===a?c:c&&(n||!u),s._close=42===a?u:u&&(l||!c),t(o))}},resolveAll:function(e,t){for(var a,r,c,u,d,p,m,g,y=-1;++y<e.length;)if("enter"===e[y][0]&&"attentionSequence"===e[y][1].type&&e[y][1]._close)for(a=y;a--;)if("exit"===e[a][0]&&"attentionSequence"===e[a][1].type&&e[a][1]._open&&t.sliceSerialize(e[a][1]).charCodeAt(0)===t.sliceSerialize(e[y][1]).charCodeAt(0)){if((e[a][1]._close||e[y][1]._open)&&(e[y][1].end.offset-e[y][1].start.offset)%3&&!((e[a][1].end.offset-e[a][1].start.offset+e[y][1].end.offset-e[y][1].start.offset)%3))continue;u={type:(p=e[a][1].end.offset-e[a][1].start.offset>1&&e[y][1].end.offset-e[y][1].start.offset>1?2:1)>1?"strongSequence":"emphasisSequence",start:o(l(e[a][1].end),-p),end:l(e[a][1].end)},d={type:p>1?"strongSequence":"emphasisSequence",start:l(e[y][1].start),end:o(l(e[y][1].start),p)},c={type:p>1?"strongText":"emphasisText",start:l(e[a][1].end),end:l(e[y][1].start)},r={type:p>1?"strong":"emphasis",start:l(u.start),end:l(d.end)},e[a][1].end=l(u.start),e[y][1].start=l(d.end),m=[],e[a][1].end.offset-e[a][1].start.offset&&(m=n(m,[["enter",e[a][1],t],["exit",e[a][1],t]])),m=n(m,[["enter",r,t],["enter",u,t],["exit",u,t],["enter",c,t]]),m=n(m,s(t.parser.constructs.insideSpan.null,e.slice(a+1,y),t)),m=n(m,[["exit",c,t],["enter",d,t],["exit",d,t],["exit",r,t]]),e[y][1].end.offset-e[y][1].start.offset?(g=2,m=n(m,[["enter",e[y][1],t],["exit",e[y][1],t]])):g=0,i(e,a-1,y-a+3,m),y=a+m.length-g-2;break}for(y=-1;++y<e.length;)"attentionSequence"===e[y][1].type&&(e[y][1].type="data");return e}};e.exports=c},function(e,t,a){"use strict";var n=a(252),i=a(1329),r=a(1331);e.exports=function(e){return null===e||n(e)||r(e)?1:i(e)?2:void 0}},function(e,t,a){"use strict";var n=a(1330),i=a(253)(n);e.exports=i},function(e,t,a){"use strict";e.exports=/[!-\/:-@\[-`\{-~\xA1\xA7\xAB\xB6\xB7\xBB\xBF\u037E\u0387\u055A-\u055F\u0589\u058A\u05BE\u05C0\u05C3\u05C6\u05F3\u05F4\u0609\u060A\u060C\u060D\u061B\u061E\u061F\u066A-\u066D\u06D4\u0700-\u070D\u07F7-\u07F9\u0830-\u083E\u085E\u0964\u0965\u0970\u09FD\u0A76\u0AF0\u0C77\u0C84\u0DF4\u0E4F\u0E5A\u0E5B\u0F04-\u0F12\u0F14\u0F3A-\u0F3D\u0F85\u0FD0-\u0FD4\u0FD9\u0FDA\u104A-\u104F\u10FB\u1360-\u1368\u1400\u166E\u169B\u169C\u16EB-\u16ED\u1735\u1736\u17D4-\u17D6\u17D8-\u17DA\u1800-\u180A\u1944\u1945\u1A1E\u1A1F\u1AA0-\u1AA6\u1AA8-\u1AAD\u1B5A-\u1B60\u1BFC-\u1BFF\u1C3B-\u1C3F\u1C7E\u1C7F\u1CC0-\u1CC7\u1CD3\u2010-\u2027\u2030-\u2043\u2045-\u2051\u2053-\u205E\u207D\u207E\u208D\u208E\u2308-\u230B\u2329\u232A\u2768-\u2775\u27C5\u27C6\u27E6-\u27EF\u2983-\u2998\u29D8-\u29DB\u29FC\u29FD\u2CF9-\u2CFC\u2CFE\u2CFF\u2D70\u2E00-\u2E2E\u2E30-\u2E4F\u2E52\u3001-\u3003\u3008-\u3011\u3014-\u301F\u3030\u303D\u30A0\u30FB\uA4FE\uA4FF\uA60D-\uA60F\uA673\uA67E\uA6F2-\uA6F7\uA874-\uA877\uA8CE\uA8CF\uA8F8-\uA8FA\uA8FC\uA92E\uA92F\uA95F\uA9C1-\uA9CD\uA9DE\uA9DF\uAA5C-\uAA5F\uAADE\uAADF\uAAF0\uAAF1\uABEB\uFD3E\uFD3F\uFE10-\uFE19\uFE30-\uFE52\uFE54-\uFE61\uFE63\uFE68\uFE6A\uFE6B\uFF01-\uFF03\uFF05-\uFF0A\uFF0C-\uFF0F\uFF1A\uFF1B\uFF1F\uFF20\uFF3B-\uFF3D\uFF3F\uFF5B\uFF5D\uFF5F-\uFF65]/},function(e,t,a){"use strict";var n=a(253)(/\s/);e.exports=n},function(e,t,a){"use strict";e.exports=function(e,t){return e.column+=t,e.offset+=t,e._bufferIndex+=t,e}},function(e,t,a){"use strict";var n=a(584),i=a(468),r=a(1334),o=a(844),s={name:"autolink",tokenize:function(e,t,a){var s=1;return function(t){return e.enter("autolink"),e.enter("autolinkMarker"),e.consume(t),e.exit("autolinkMarker"),e.enter("autolinkProtocol"),l};function l(t){return n(t)?(e.consume(t),c):r(t)?p(t):a(t)}function c(e){return 43===e||45===e||46===e||i(e)?u(e):p(e)}function u(t){return 58===t?(e.consume(t),d):(43===t||45===t||46===t||i(t))&&s++<32?(e.consume(t),u):p(t)}function d(t){return 62===t?(e.exit("autolinkProtocol"),f(t)):32===t||60===t||o(t)?a(t):(e.consume(t),d)}function p(t){return 64===t?(e.consume(t),s=0,m):r(t)?(e.consume(t),p):a(t)}function m(e){return i(e)?g(e):a(e)}function g(t){return 46===t?(e.consume(t),s=0,m):62===t?(e.exit("autolinkProtocol").type="autolinkEmail",f(t)):y(t)}function y(t){return(45===t||i(t))&&s++<63?(e.consume(t),45===t?y:g):a(t)}function f(a){return e.enter("autolinkMarker"),e.consume(a),e.exit("autolinkMarker"),e.exit("autolink"),t}}};e.exports=s},function(e,t,a){"use strict";var n=a(253)(/[#-'*+\--9=?A-Z^-~]/);e.exports=n},function(e,t,a){"use strict";var n=a(237),i=a(154),r={name:"blockQuote",tokenize:function(e,t,a){var i=this;return function(t){return 62===t?(i.containerState.open||(e.enter("blockQuote",{_container:!0}),i.containerState.open=!0),e.enter("blockQuotePrefix"),e.enter("blockQuoteMarker"),e.consume(t),e.exit("blockQuoteMarker"),r):a(t)};function r(a){return n(a)?(e.enter("blockQuotePrefixWhitespace"),e.consume(a),e.exit("blockQuotePrefixWhitespace"),e.exit("blockQuotePrefix"),t):(e.exit("blockQuotePrefix"),t(a))}},continuation:{tokenize:function(e,t,a){return i(e,e.attempt(r,t,a),"linePrefix",this.parser.constructs.disable.null.indexOf("codeIndented")>-1?void 0:4)}},exit:function(e){e.exit("blockQuote")}};e.exports=r},function(e,t,a){"use strict";var n=a(1337),i={name:"characterEscape",tokenize:function(e,t,a){return function(t){return e.enter("characterEscape"),e.enter("escapeMarker"),e.consume(t),e.exit("escapeMarker"),i};function i(i){return n(i)?(e.enter("characterEscapeValue"),e.consume(i),e.exit("characterEscapeValue"),e.exit("characterEscape"),t):a(i)}}};e.exports=i},function(e,t,a){"use strict";var n=a(253)(/[!-/:-@[-`{-~]/);e.exports=n},function(e,t,a){"use strict";var n=a(845),i=a(468),r=a(846),o=a(1339);function s(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var l=s(n),c={name:"characterReference",tokenize:function(e,t,a){var n,s,c=this,u=0;return function(t){return e.enter("characterReference"),e.enter("characterReferenceMarker"),e.consume(t),e.exit("characterReferenceMarker"),d};function d(t){return 35===t?(e.enter("characterReferenceMarkerNumeric"),e.consume(t),e.exit("characterReferenceMarkerNumeric"),p):(e.enter("characterReferenceValue"),n=31,s=i,m(t))}function p(t){return 88===t||120===t?(e.enter("characterReferenceMarkerHexadecimal"),e.consume(t),e.exit("characterReferenceMarkerHexadecimal"),e.enter("characterReferenceValue"),n=6,s=o,m):(e.enter("characterReferenceValue"),n=7,s=r,m(t))}function m(r){var o;return 59===r&&u?(o=e.exit("characterReferenceValue"),s!==i||l.default(c.sliceSerialize(o))?(e.enter("characterReferenceMarker"),e.consume(r),e.exit("characterReferenceMarker"),e.exit("characterReference"),t):a(r)):s(r)&&u++<n?(e.consume(r),m):a(r)}}};e.exports=c},function(e,t,a){"use strict";var n=a(253)(/[\dA-Fa-f]/);e.exports=n},function(e,t,a){"use strict";var n=a(147),i=a(252),r=a(467),o=a(154),s={name:"codeFenced",tokenize:function(e,t,a){var s,l=this,c={tokenize:function(e,t,a){var i=0;return o(e,(function(t){return e.enter("codeFencedFence"),e.enter("codeFencedFenceSequence"),r(t)}),"linePrefix",this.parser.constructs.disable.null.indexOf("codeIndented")>-1?void 0:4);function r(t){return t===s?(e.consume(t),i++,r):i<d?a(t):(e.exit("codeFencedFenceSequence"),o(e,l,"whitespace")(t))}function l(i){return null===i||n(i)?(e.exit("codeFencedFence"),t(i)):a(i)}},partial:!0},u=r(this.events,"linePrefix"),d=0;return function(t){return e.enter("codeFenced"),e.enter("codeFencedFence"),e.enter("codeFencedFenceSequence"),s=t,p(t)};function p(t){return t===s?(e.consume(t),d++,p):(e.exit("codeFencedFenceSequence"),d<3?a(t):o(e,m,"whitespace")(t))}function m(t){return null===t||n(t)?b(t):(e.enter("codeFencedFenceInfo"),e.enter("chunkString",{contentType:"string"}),g(t))}function g(t){return null===t||i(t)?(e.exit("chunkString"),e.exit("codeFencedFenceInfo"),o(e,y,"whitespace")(t)):96===t&&t===s?a(t):(e.consume(t),g)}function y(t){return null===t||n(t)?b(t):(e.enter("codeFencedFenceMeta"),e.enter("chunkString",{contentType:"string"}),f(t))}function f(t){return null===t||n(t)?(e.exit("chunkString"),e.exit("codeFencedFenceMeta"),b(t)):96===t&&t===s?a(t):(e.consume(t),f)}function b(a){return e.exit("codeFencedFence"),l.interrupt?t(a):h(a)}function h(t){return null===t?v(t):n(t)?(e.enter("lineEnding"),e.consume(t),e.exit("lineEnding"),e.attempt(c,v,u?o(e,h,"linePrefix",u+1):h)):(e.enter("codeFlowValue"),E(t))}function E(t){return null===t||n(t)?(e.exit("codeFlowValue"),h(t)):(e.consume(t),E)}function v(a){return e.exit("codeFenced"),t(a)}},concrete:!0};e.exports=s},function(e,t,a){"use strict";var n=a(147),i=a(251),r=a(467),o=a(154),s={name:"codeIndented",tokenize:function(e,t,a){return e.attempt(l,i,a);function i(a){return null===a?t(a):n(a)?e.attempt(l,i,t)(a):(e.enter("codeFlowValue"),r(a))}function r(t){return null===t||n(t)?(e.exit("codeFlowValue"),i(t)):(e.consume(t),r)}},resolve:function(e,t){var a={type:"codeIndented",start:e[0][1].start,end:e[e.length-1][1].end};return i(e,0,0,[["enter",a,t]]),i(e,e.length,0,[["exit",a,t]]),e}},l={tokenize:function(e,t,a){var i=this;return o(e,(function s(l){return n(l)?(e.enter("lineEnding"),e.consume(l),e.exit("lineEnding"),o(e,s,"linePrefix",5)):r(i.events,"linePrefix")<4?a(l):t(l)}),"linePrefix",5)},partial:!0};e.exports=s},function(e,t,a){"use strict";var n=a(147),i={name:"codeText",tokenize:function(e,t,a){var i,r,o=0;return function(t){return e.enter("codeText"),e.enter("codeTextSequence"),s(t)};function s(t){return 96===t?(e.consume(t),o++,s):(e.exit("codeTextSequence"),l(t))}function l(t){return null===t?a(t):96===t?(r=e.enter("codeTextSequence"),i=0,u(t)):32===t?(e.enter("space"),e.consume(t),e.exit("space"),l):n(t)?(e.enter("lineEnding"),e.consume(t),e.exit("lineEnding"),l):(e.enter("codeTextData"),c(t))}function c(t){return null===t||32===t||96===t||n(t)?(e.exit("codeTextData"),l(t)):(e.consume(t),c)}function u(a){return 96===a?(e.consume(a),i++,u):i===o?(e.exit("codeTextSequence"),e.exit("codeText"),t(a)):(r.type="codeTextData",c(a))}},resolve:function(e){var t,a,n=e.length-4,i=3;if(!("lineEnding"!==e[i][1].type&&"space"!==e[i][1].type||"lineEnding"!==e[n][1].type&&"space"!==e[n][1].type))for(t=i;++t<n;)if("codeTextData"===e[t][1].type){e[n][1].type=e[i][1].type="codeTextPadding",i+=2,n-=2;break}for(t=i-1,n++;++t<=n;)void 0===a?t!==n&&"lineEnding"!==e[t][1].type&&(a=t):t!==n&&"lineEnding"!==e[t][1].type||(e[a][1].type="codeTextData",t!==a+2&&(e[a][1].end=e[t-1][1].end,e.splice(a+2,t-a-2),n-=t-a-2,t=a+2),a=void 0);return e},previous:function(e){return 96!==e||"characterEscape"===this.events[this.events.length-1][1].type}};e.exports=i},function(e,t,a){"use strict";var n=a(147),i=a(252),r=a(580),o=a(847),s=a(848),l=a(154),c=a(849),u=a(850),d={name:"definition",tokenize:function(e,t,a){var i,u=this;return function(t){return e.enter("definition"),s.call(u,e,d,a,"definitionLabel","definitionLabelMarker","definitionLabelString")(t)};function d(t){return i=r(u.sliceSerialize(u.events[u.events.length-1][1]).slice(1,-1)),58===t?(e.enter("definitionMarker"),e.consume(t),e.exit("definitionMarker"),c(e,o(e,e.attempt(p,l(e,m,"whitespace"),l(e,m,"whitespace")),a,"definitionDestination","definitionDestinationLiteral","definitionDestinationLiteralMarker","definitionDestinationRaw","definitionDestinationString"))):a(t)}function m(r){return null===r||n(r)?(e.exit("definition"),u.parser.defined.indexOf(i)<0&&u.parser.defined.push(i),t(r)):a(r)}}},p={tokenize:function(e,t,a){return function(t){return i(t)?c(e,r)(t):a(t)};function r(t){return 34===t||39===t||40===t?u(e,l(e,o,"whitespace"),a,"definitionTitle","definitionTitleMarker","definitionTitleString")(t):a(t)}function o(e){return null===e||n(e)?t(e):a(e)}},partial:!0};e.exports=d},function(e,t,a){"use strict";var n=a(147),i={name:"hardBreakEscape",tokenize:function(e,t,a){return function(t){return e.enter("hardBreakEscape"),e.enter("escapeMarker"),e.consume(t),i};function i(i){return n(i)?(e.exit("escapeMarker"),e.exit("hardBreakEscape"),t(i)):a(i)}}};e.exports=i},function(e,t,a){"use strict";var n=a(147),i=a(252),r=a(237),o=a(251),s=a(154),l={name:"headingAtx",tokenize:function(e,t,a){var o=this,l=0;return function(t){return e.enter("atxHeading"),e.enter("atxHeadingSequence"),c(t)};function c(n){return 35===n&&l++<6?(e.consume(n),c):null===n||i(n)?(e.exit("atxHeadingSequence"),o.interrupt?t(n):u(n)):a(n)}function u(a){return 35===a?(e.enter("atxHeadingSequence"),d(a)):null===a||n(a)?(e.exit("atxHeading"),t(a)):r(a)?s(e,u,"whitespace")(a):(e.enter("atxHeadingText"),p(a))}function d(t){return 35===t?(e.consume(t),d):(e.exit("atxHeadingSequence"),u(t))}function p(t){return null===t||35===t||i(t)?(e.exit("atxHeadingText"),u(t)):(e.consume(t),p)}},resolve:function(e,t){var a,n,i=e.length-2,r=3;return"whitespace"===e[r][1].type&&(r+=2),i-2>r&&"whitespace"===e[i][1].type&&(i-=2),"atxHeadingSequence"===e[i][1].type&&(r===i-1||i-4>r&&"whitespace"===e[i-2][1].type)&&(i-=r+1===i?2:4),i>r&&(a={type:"atxHeadingText",start:e[r][1].start,end:e[i][1].end},n={type:"chunkText",start:e[r][1].start,end:e[i][1].end,contentType:"text"},o(e,r,i-r+1,[["enter",a,t],["enter",n,t],["exit",n,t],["exit",a,t]])),e}};e.exports=l},function(e,t,a){"use strict";var n=a(584),i=a(468),r=a(147),o=a(252),s=a(237),l=a(465),c=a(1347),u=a(1348),d=a(466),p={name:"htmlFlow",tokenize:function(e,t,a){var d,p,g,y,f,b=this;return function(t){return e.enter("htmlFlow"),e.enter("htmlFlowData"),e.consume(t),h};function h(i){return 33===i?(e.consume(i),E):47===i?(e.consume(i),k):63===i?(e.consume(i),d=3,b.interrupt?t:$):n(i)?(e.consume(i),g=l(i),p=!0,S):a(i)}function E(i){return 45===i?(e.consume(i),d=2,v):91===i?(e.consume(i),d=5,g="CDATA[",y=0,x):n(i)?(e.consume(i),d=4,b.interrupt?t:$):a(i)}function v(n){return 45===n?(e.consume(n),b.interrupt?t:$):a(n)}function x(n){return n===g.charCodeAt(y++)?(e.consume(n),y===g.length?b.interrupt?t:N:x):a(n)}function k(t){return n(t)?(e.consume(t),g=l(t),S):a(t)}function S(n){return null===n||47===n||62===n||o(n)?47!==n&&p&&u.indexOf(g.toLowerCase())>-1?(d=1,b.interrupt?t(n):N(n)):c.indexOf(g.toLowerCase())>-1?(d=6,47===n?(e.consume(n),w):b.interrupt?t(n):N(n)):(d=7,b.interrupt?a(n):p?O(n):j(n)):45===n||i(n)?(e.consume(n),g+=l(n),S):a(n)}function w(n){return 62===n?(e.consume(n),b.interrupt?t:N):a(n)}function j(t){return s(t)?(e.consume(t),j):A(t)}function O(t){return 47===t?(e.consume(t),A):58===t||95===t||n(t)?(e.consume(t),I):s(t)?(e.consume(t),O):A(t)}function I(t){return 45===t||46===t||58===t||95===t||i(t)?(e.consume(t),I):T(t)}function T(t){return 61===t?(e.consume(t),C):s(t)?(e.consume(t),T):O(t)}function C(t){return null===t||60===t||61===t||62===t||96===t?a(t):34===t||39===t?(e.consume(t),f=t,M):s(t)?(e.consume(t),C):(f=void 0,F(t))}function M(t){return t===f?(e.consume(t),D):null===t||r(t)?a(t):(e.consume(t),M)}function F(t){return null===t||34===t||39===t||60===t||61===t||62===t||96===t||o(t)?T(t):(e.consume(t),F)}function D(e){return 47===e||62===e||s(e)?O(e):a(e)}function A(t){return 62===t?(e.consume(t),_):a(t)}function _(t){return s(t)?(e.consume(t),_):null===t||r(t)?N(t):a(t)}function N(t){return 45===t&&2===d?(e.consume(t),P):60===t&&1===d?(e.consume(t),L):62===t&&4===d?(e.consume(t),V):63===t&&3===d?(e.consume(t),$):93===t&&5===d?(e.consume(t),z):!r(t)||6!==d&&7!==d?null===t||r(t)?R(t):(e.consume(t),N):e.check(m,V,R)(t)}function R(t){return e.exit("htmlFlowData"),q(t)}function q(t){return null===t?G(t):r(t)?(e.enter("lineEnding"),e.consume(t),e.exit("lineEnding"),q):(e.enter("htmlFlowData"),N(t))}function P(t){return 45===t?(e.consume(t),$):N(t)}function L(t){return 47===t?(e.consume(t),g="",B):N(t)}function B(t){return 62===t&&u.indexOf(g.toLowerCase())>-1?(e.consume(t),V):n(t)&&g.length<8?(e.consume(t),g+=l(t),B):N(t)}function z(t){return 93===t?(e.consume(t),$):N(t)}function $(t){return 62===t?(e.consume(t),V):N(t)}function V(t){return null===t||r(t)?(e.exit("htmlFlowData"),G(t)):(e.consume(t),V)}function G(a){return e.exit("htmlFlow"),t(a)}},resolveTo:function(e){for(var t=e.length;t--&&("enter"!==e[t][0]||"htmlFlow"!==e[t][1].type););return t>1&&"linePrefix"===e[t-2][1].type&&(e[t][1].start=e[t-2][1].start,e[t+1][1].start=e[t-2][1].start,e.splice(t-2,2)),e},concrete:!0},m={tokenize:function(e,t,a){return function(n){return e.exit("htmlFlowData"),e.enter("lineEndingBlank"),e.consume(n),e.exit("lineEndingBlank"),e.attempt(d,t,a)}},partial:!0};e.exports=p},function(e,t,a){"use strict";e.exports=["address","article","aside","base","basefont","blockquote","body","caption","center","col","colgroup","dd","details","dialog","dir","div","dl","dt","fieldset","figcaption","figure","footer","form","frame","frameset","h1","h2","h3","h4","h5","h6","head","header","hr","html","iframe","legend","li","link","main","menu","menuitem","nav","noframes","ol","optgroup","option","p","param","section","source","summary","table","tbody","td","tfoot","th","thead","title","tr","track","ul"]},function(e,t,a){"use strict";e.exports=["pre","script","style","textarea"]},function(e,t,a){"use strict";var n=a(584),i=a(468),r=a(147),o=a(252),s=a(237),l=a(154),c={name:"htmlText",tokenize:function(e,t,a){var c,u,d,p,m=this;return function(t){return e.enter("htmlText"),e.enter("htmlTextData"),e.consume(t),g};function g(t){return 33===t?(e.consume(t),y):47===t?(e.consume(t),T):63===t?(e.consume(t),O):n(t)?(e.consume(t),F):a(t)}function y(t){return 45===t?(e.consume(t),f):91===t?(e.consume(t),u="CDATA[",d=0,x):n(t)?(e.consume(t),j):a(t)}function f(t){return 45===t?(e.consume(t),b):a(t)}function b(t){return null===t||62===t?a(t):45===t?(e.consume(t),h):E(t)}function h(e){return null===e||62===e?a(e):E(e)}function E(t){return null===t?a(t):45===t?(e.consume(t),v):r(t)?(p=E,L(t)):(e.consume(t),E)}function v(t){return 45===t?(e.consume(t),z):E(t)}function x(t){return t===u.charCodeAt(d++)?(e.consume(t),d===u.length?k:x):a(t)}function k(t){return null===t?a(t):93===t?(e.consume(t),S):r(t)?(p=k,L(t)):(e.consume(t),k)}function S(t){return 93===t?(e.consume(t),w):k(t)}function w(t){return 62===t?z(t):93===t?(e.consume(t),w):k(t)}function j(t){return null===t||62===t?z(t):r(t)?(p=j,L(t)):(e.consume(t),j)}function O(t){return null===t?a(t):63===t?(e.consume(t),I):r(t)?(p=O,L(t)):(e.consume(t),O)}function I(e){return 62===e?z(e):O(e)}function T(t){return n(t)?(e.consume(t),C):a(t)}function C(t){return 45===t||i(t)?(e.consume(t),C):M(t)}function M(t){return r(t)?(p=M,L(t)):s(t)?(e.consume(t),M):z(t)}function F(t){return 45===t||i(t)?(e.consume(t),F):47===t||62===t||o(t)?D(t):a(t)}function D(t){return 47===t?(e.consume(t),z):58===t||95===t||n(t)?(e.consume(t),A):r(t)?(p=D,L(t)):s(t)?(e.consume(t),D):z(t)}function A(t){return 45===t||46===t||58===t||95===t||i(t)?(e.consume(t),A):_(t)}function _(t){return 61===t?(e.consume(t),N):r(t)?(p=_,L(t)):s(t)?(e.consume(t),_):D(t)}function N(t){return null===t||60===t||61===t||62===t||96===t?a(t):34===t||39===t?(e.consume(t),c=t,R):r(t)?(p=N,L(t)):s(t)?(e.consume(t),N):(e.consume(t),c=void 0,P)}function R(t){return t===c?(e.consume(t),q):null===t?a(t):r(t)?(p=R,L(t)):(e.consume(t),R)}function q(e){return 62===e||47===e||o(e)?D(e):a(e)}function P(t){return null===t||34===t||39===t||60===t||61===t||96===t?a(t):62===t||o(t)?D(t):(e.consume(t),P)}function L(t){return e.exit("htmlTextData"),e.enter("lineEnding"),e.consume(t),e.exit("lineEnding"),l(e,B,"linePrefix",m.parser.constructs.disable.null.indexOf("codeIndented")>-1?void 0:4)}function B(t){return e.enter("htmlTextData"),p(t)}function z(n){return 62===n?(e.consume(n),e.exit("htmlTextData"),e.exit("htmlText"),t):a(n)}}};e.exports=c},function(e,t,a){"use strict";var n={name:"labelStartImage",tokenize:function(e,t,a){var n=this;return function(t){return e.enter("labelImage"),e.enter("labelImageMarker"),e.consume(t),e.exit("labelImageMarker"),i};function i(t){return 91===t?(e.enter("labelMarker"),e.consume(t),e.exit("labelMarker"),e.exit("labelImage"),r):a(t)}function r(e){return 94===e&&"_hiddenFootnoteSupport"in n.parser.constructs?a(e):t(e)}},resolveAll:a(585).resolveAll};e.exports=n},function(e,t,a){"use strict";var n={name:"labelStartLink",tokenize:function(e,t,a){var n=this;return function(t){return e.enter("labelLink"),e.enter("labelMarker"),e.consume(t),e.exit("labelMarker"),e.exit("labelLink"),i};function i(e){return 94===e&&"_hiddenFootnoteSupport"in n.parser.constructs?a(e):t(e)}},resolveAll:a(585).resolveAll};e.exports=n},function(e,t,a){"use strict";var n=a(154),i={name:"lineEnding",tokenize:function(e,t){return function(a){return e.enter("lineEnding"),e.consume(a),e.exit("lineEnding"),n(e,t,"linePrefix")}}};e.exports=i},function(e,t,a){"use strict";var n=a(846),i=a(237),r=a(467),o=a(841),s=a(154),l=a(466),c=a(851),u={name:"list",tokenize:function(e,t,a){var s=this,u=r(s.events,"linePrefix"),p=0;return function(t){var i=s.containerState.type||(42===t||43===t||45===t?"listUnordered":"listOrdered");if("listUnordered"===i?!s.containerState.marker||t===s.containerState.marker:n(t)){if(s.containerState.type||(s.containerState.type=i,e.enter(i,{_container:!0})),"listUnordered"===i)return e.enter("listItemPrefix"),42===t||45===t?e.check(c,a,g)(t):g(t);if(!s.interrupt||49===t)return e.enter("listItemPrefix"),e.enter("listItemValue"),m(t)}return a(t)};function m(t){return n(t)&&++p<10?(e.consume(t),m):(!s.interrupt||p<2)&&(s.containerState.marker?t===s.containerState.marker:41===t||46===t)?(e.exit("listItemValue"),g(t)):a(t)}function g(t){return e.enter("listItemMarker"),e.consume(t),e.exit("listItemMarker"),s.containerState.marker=s.containerState.marker||t,e.check(l,s.interrupt?a:y,e.attempt(d,b,f))}function y(e){return s.containerState.initialBlankLine=!0,u++,b(e)}function f(t){return i(t)?(e.enter("listItemPrefixWhitespace"),e.consume(t),e.exit("listItemPrefixWhitespace"),b):a(t)}function b(a){return s.containerState.size=u+o(s.sliceStream(e.exit("listItemPrefix"))),t(a)}},continuation:{tokenize:function(e,t,a){var n=this;return n.containerState._closeFlow=void 0,e.check(l,(function(a){return n.containerState.furtherBlankLines=n.containerState.furtherBlankLines||n.containerState.initialBlankLine,s(e,t,"listItemIndent",n.containerState.size+1)(a)}),(function(a){return n.containerState.furtherBlankLines||!i(a)?(n.containerState.furtherBlankLines=n.containerState.initialBlankLine=void 0,r(a)):(n.containerState.furtherBlankLines=n.containerState.initialBlankLine=void 0,e.attempt(p,t,r)(a))}));function r(i){return n.containerState._closeFlow=!0,n.interrupt=void 0,s(e,e.attempt(u,t,a),"linePrefix",n.parser.constructs.disable.null.indexOf("codeIndented")>-1?void 0:4)(i)}}},exit:function(e){e.exit(this.containerState.type)}},d={tokenize:function(e,t,a){var n=this;return s(e,(function(e){return i(e)||!r(n.events,"listItemPrefixWhitespace")?a(e):t(e)}),"listItemPrefixWhitespace",n.parser.constructs.disable.null.indexOf("codeIndented")>-1?void 0:5)},partial:!0},p={tokenize:function(e,t,a){var n=this;return s(e,(function(e){return r(n.events,"listItemIndent")===n.containerState.size?t(e):a(e)}),"listItemIndent",n.containerState.size+1)},partial:!0};e.exports=u},function(e,t,a){"use strict";var n=a(147),i=a(315),r=a(154),o={name:"setextUnderline",tokenize:function(e,t,a){for(var i,o,s=this,l=s.events.length;l--;)if("lineEnding"!==s.events[l][1].type&&"linePrefix"!==s.events[l][1].type&&"content"!==s.events[l][1].type){o="paragraph"===s.events[l][1].type;break}return function(t){return s.lazy||!s.interrupt&&!o?a(t):(e.enter("setextHeadingLine"),e.enter("setextHeadingLineSequence"),i=t,c(t))};function c(t){return t===i?(e.consume(t),c):(e.exit("setextHeadingLineSequence"),r(e,u,"lineSuffix")(t))}function u(i){return null===i||n(i)?(e.exit("setextHeadingLine"),t(i)):a(i)}},resolveTo:function(e,t){for(var a,n,r,o,s=e.length;s--;)if("enter"===e[s][0]){if("content"===e[s][1].type){a=s;break}"paragraph"===e[s][1].type&&(n=s)}else"content"===e[s][1].type&&e.splice(s,1),r||"definition"!==e[s][1].type||(r=s);return o={type:"setextHeading",start:i(e[n][1].start),end:i(e[e.length-1][1].end)},e[n][1].type="setextHeadingText",r?(e.splice(n,0,["enter",o,t]),e.splice(r+1,0,["exit",e[a][1],t]),e[a][1].end=i(e[r][1].end)):e[a][1]=o,e.push(["exit",o,t]),e}};e.exports=o},function(e,t,a){"use strict";var n=/[\0\t\n\r]/g;e.exports=function(){var e,t=!0,a=1,i="";return function(r,o,s){var l,c,u,d,p,m=[];for(r=i+r.toString(o),u=0,i="",t&&(65279===r.charCodeAt(0)&&u++,t=void 0);u<r.length;){if(n.lastIndex=u,d=(l=n.exec(r))?l.index:r.length,p=r.charCodeAt(d),!l){i=r.slice(u);break}if(10===p&&u===d&&e)m.push(-3),e=void 0;else if(e&&(m.push(-5),e=void 0),u<d&&(m.push(r.slice(u,d)),a+=d-u),0===p)m.push(65533),a++;else if(9===p)for(c=4*Math.ceil(a/4),m.push(-2);a++<c;)m.push(-1);else 10===p?(m.push(-4),a=1):(e=!0,a=1);u=d+1}return s&&(e&&m.push(-5),i&&m.push(i),m.push(null)),m}}},function(e,t,a){"use strict";var n=a(842);e.exports=function(e){for(;!n(e););return e}},function(e,t,a){e.exports=a(33)(3706)},function(e,t,a){e.exports=a(33)(2050)},function(e,t,a){e.exports=a(33)(1622)},function(e,t,a){const n=a(1361);e.exports=function(e){if(e.allowedElements&&e.disallowedElements)throw new TypeError("Only one of `allowedElements` and `disallowedElements` should be defined");if(e.allowedElements||e.disallowedElements||e.allowElement)return e=>{n(e,"element",t)};function t(t,a,n){const i=t,r=n;let o;if(e.allowedElements?o=!e.allowedElements.includes(i.tagName):e.disallowedElements&&(o=e.disallowedElements.includes(i.tagName)),!o&&e.allowElement&&"number"==typeof a&&(o=!e.allowElement(i,a,r)),o&&"number"==typeof a)return e.unwrapDisallowed&&i.children?r.children.splice(a,1,...i.children):r.children.splice(a,1),a}}},function(e,t,a){e.exports=a(33)(362)},function(e,t){const a=["http","https","mailto","tel"];e.exports=function(e){const t=(e||"").trim(),n=t.charAt(0);if("#"===n||"/"===n)return t;const i=t.indexOf(":");if(-1===i)return t;let r=-1;for(;++r<a.length;){const e=a[r];if(i===e.length&&t.slice(0,e.length).toLowerCase()===e)return t}return r=t.indexOf("?"),-1!==r&&i>r?t:(r=t.indexOf("#"),-1!==r&&i>r?t:"javascript:void(0)")}},function(e,t,a){"use strict";const n=a(2),i=a(1400),r=a(1364),o=a(1365),s=a(1366),l=a(1367),c=a(1368),u=a(1369);t.hastToReact=g,t.hastChildrenToReact=m;const d={}.hasOwnProperty,p=new Set(["table","thead","tbody","tfoot","tr"]);function m(e,t){const a=[];let n,i=-1;for(;++i<t.children.length;)n=t.children[i],"element"===n.type?a.push(g(e,n,i,t)):"text"===n.type?"element"===t.type&&p.has(t.tagName)&&"\n"===n.value||a.push(n.value):"raw"!==n.type||e.options.skipHtml||a.push(n.value);return a}function g(e,t,a,o){const s=e.options,l=e.schema,c=t.tagName,u={};let p,g=l;if("html"===l.space&&"svg"===c&&(g=r,e.schema=g),t.properties)for(p in t.properties)d.call(t.properties,p)&&f(u,p,t.properties[p],e);"ol"!==c&&"ul"!==c||e.listDepth++;const b=m(e,t);"ol"!==c&&"ul"!==c||e.listDepth--,e.schema=l;const h=t.position||{start:{line:null,column:null,offset:null},end:{line:null,column:null,offset:null}},E=s.components&&d.call(s.components,c)?s.components[c]:c,v="string"==typeof E||E===n.Fragment;if(!i.isValidElementType(E))throw new TypeError(`Component for name \`${c}\` not defined or is not renderable`);if(u.key=[c,h.start.line,h.start.column,a].join("-"),"a"===c&&s.linkTarget&&(u.target="function"==typeof s.linkTarget?s.linkTarget(u.href,t.children,u.title):s.linkTarget),"a"===c&&s.transformLinkUri&&(u.href=s.transformLinkUri(u.href,t.children,u.title)),v||"code"!==c||"element"!==o.type||"pre"===o.tagName||(u.inline=!0),v||"h1"!==c&&"h2"!==c&&"h3"!==c&&"h4"!==c&&"h5"!==c&&"h6"!==c||(u.level=parseInt(c.charAt(1),10)),"img"===c&&s.transformImageUri&&(u.src=s.transformImageUri(u.src,u.alt,u.title)),!v&&"li"===c&&"element"===o.type){const e=function(e){let t=-1;for(;++t<e.children.length;){const a=e.children[t];if("element"===a.type&&"input"===a.tagName)return a}return null}(t);u.checked=e&&e.properties?Boolean(e.properties.checked):null,u.index=y(o,t),u.ordered="ol"===o.tagName}var x;return v||"ol"!==c&&"ul"!==c||(u.ordered="ol"===c,u.depth=e.listDepth),"td"!==c&&"th"!==c||(u.align&&(u.style||(u.style={}),u.style.textAlign=u.align,delete u.align),v||(u.isHeader="th"===c)),v||"tr"!==c||"element"!==o.type||(u.isHeader=Boolean("thead"===o.tagName)),s.sourcePos&&(u["data-sourcepos"]=[(x=h).start.line,":",x.start.column,"-",x.end.line,":",x.end.column].map((e=>String(e))).join("")),!v&&s.rawSourcePos&&(u.sourcePosition=t.position),!v&&s.includeElementIndex&&(u.index=y(o,t),u.siblingCount=y(o)),v||(u.node=t),b.length>0?n.createElement(E,u,b):n.createElement(E,u)}function y(e,t){let a=-1,n=0;for(;++a<e.children.length&&e.children[a]!==t;)"element"===e.children[a].type&&n++;return n}function f(e,t,a,n){const i=o(n.schema,t);let r=a;null!=r&&r==r&&(r&&"object"==typeof r&&"length"in r&&(r=(i.commaSeparated?c:l).stringify(r)),"style"===i.property&&"string"==typeof r&&(r=function(e){const t={};try{u(e,(function(e,a){const n="-ms-"===e.slice(0,4)?`ms-${e.slice(4)}`:e;t[n.replace(/-([a-z])/g,b)]=a}))}catch(e){}return t}(r)),i.space&&i.property?e[d.call(s,i.property)?s[i.property]:i.property]=r:i.attribute&&(e[i.attribute]=r))}function b(e,t){return t.toUpperCase()}},function(e,t,a){e.exports=a(33)(3768)},function(e,t,a){e.exports=a(33)(1633)},function(e,t,a){e.exports=a(33)(3770)},function(e,t,a){e.exports=a(33)(1634)},function(e,t,a){e.exports=a(33)(1635)},function(e,t,a){e.exports=a(33)(3771)},function(e,t,a){e.exports=a(33)(2046)},function(e,t,a){switch(window.__kbnThemeTag__){case"v8dark":return a(1372);case"v8light":return a(1374)}},function(e,t,a){var n=a(256),i=a(1373);"string"==typeof(i=i.__esModule?i.default:i)&&(i=[[e.i,i,""]]);n(i,{insert:"head",singleton:!1}),e.exports=i.locals||{}},function(e,t,a){(t=a(257)(!1)).push([e.i,".kbnOverlayMountWrapper{display:flex;flex-direction:column;height:100%;overflow:hidden}",""]),e.exports=t},function(e,t,a){var n=a(256),i=a(1375);"string"==typeof(i=i.__esModule?i.default:i)&&(i=[[e.i,i,""]]);n(i,{insert:"head",singleton:!1}),e.exports=i.locals||{}},function(e,t,a){(t=a(257)(!1)).push([e.i,".kbnOverlayMountWrapper{display:flex;flex-direction:column;height:100%;overflow:hidden}",""]),e.exports=t},function(e,t,a){var n;e.exports=function e(t,a,i){function r(s,l){if(!a[s]){if(!t[s]){if(!l&&"function"==typeof n&&n)return n(s,!0);if(o)return o(s,!0);throw new Error("Cannot find module '"+s+"'")}var c=a[s]={exports:{}};t[s][0].call(c.exports,(function(e){return r(t[s][1][e]||e)}),c,c.exports,e,t,a,i)}return a[s].exports}for(var o="function"==typeof n&&n,s=0;s<i.length;s++)r(i[s]);return r}({1:[function(e,t,a){(function(n,i,r,o,s,l,c,u,d){"use strict";function p(e,t){return function(e,t){var a;if(void 0===(a="passthrough"!==t.algorithm?b.createHash(t.algorithm):new f).write&&(a.write=a.update,a.end=a.update),y(t,a).dispatch(e),a.update||a.end(""),a.digest)return a.digest("buffer"===t.encoding?void 0:t.encoding);var n=a.read();return"buffer"===t.encoding?n:n.toString(t.encoding)}(e,t=m(e,t))}function m(e,t){if((t=t||{}).algorithm=t.algorithm||"sha1",t.encoding=t.encoding||"hex",t.excludeValues=!!t.excludeValues,t.algorithm=t.algorithm.toLowerCase(),t.encoding=t.encoding.toLowerCase(),t.ignoreUnknown=!0===t.ignoreUnknown,t.respectType=!1!==t.respectType,t.respectFunctionNames=!1!==t.respectFunctionNames,t.respectFunctionProperties=!1!==t.respectFunctionProperties,t.unorderedArrays=!0===t.unorderedArrays,t.unorderedSets=!1!==t.unorderedSets,t.unorderedObjects=!1!==t.unorderedObjects,t.replacer=t.replacer||void 0,t.excludeKeys=t.excludeKeys||void 0,void 0===e)throw new Error("Object argument required.");for(var a=0;a<h.length;++a)h[a].toLowerCase()===t.algorithm.toLowerCase()&&(t.algorithm=h[a]);if(-1===h.indexOf(t.algorithm))throw new Error('Algorithm "'+t.algorithm+'"  not supported. supported values: '+h.join(", "));if(-1===E.indexOf(t.encoding)&&"passthrough"!==t.algorithm)throw new Error('Encoding "'+t.encoding+'"  not supported. supported values: '+E.join(", "));return t}function g(e){return"function"==typeof e&&null!=/^function\s+\w*\s*\(\s*\)\s*{\s+\[native code\]\s+}$/i.exec(Function.prototype.toString.call(e))}function y(e,t,a){a=a||[];var n=function(e){return t.update?t.update(e,"utf8"):t.write(e,"utf8")};return{dispatch:function(t){e.replacer&&(t=e.replacer(t));var a=typeof t;return null===t&&(a="null"),this["_"+a](t)},_object:function(t){var i=Object.prototype.toString.call(t),o=/\[object (.*)\]/i.exec(i);o=(o=o?o[1]:"unknown:["+i+"]").toLowerCase();var s;if((s=a.indexOf(t))>=0)return this.dispatch("[CIRCULAR:"+s+"]");if(a.push(t),void 0!==r&&r.isBuffer&&r.isBuffer(t))return n("buffer:"),n(t);if("object"===o||"function"===o){var l=Object.keys(t);e.unorderedObjects&&(l=l.sort()),!1===e.respectType||g(t)||l.splice(0,0,"prototype","__proto__","constructor"),e.excludeKeys&&(l=l.filter((function(t){return!e.excludeKeys(t)}))),n("object:"+l.length+":");var c=this;return l.forEach((function(a){c.dispatch(a),n(":"),e.excludeValues||c.dispatch(t[a]),n(",")}))}if(!this["_"+o]){if(e.ignoreUnknown)return n("["+o+"]");throw new Error('Unknown object type "'+o+'"')}this["_"+o](t)},_array:function(t,i){i=void 0!==i?i:!1!==e.unorderedArrays;var r=this;if(n("array:"+t.length+":"),!i||t.length<=1)return t.forEach((function(e){return r.dispatch(e)}));var o=[],s=t.map((function(t){var n=new f,i=a.slice();return y(e,n,i).dispatch(t),o=o.concat(i.slice(a.length)),n.read().toString()}));return a=a.concat(o),s.sort(),this._array(s,!1)},_date:function(e){return n("date:"+e.toJSON())},_symbol:function(e){return n("symbol:"+e.toString())},_error:function(e){return n("error:"+e.toString())},_boolean:function(e){return n("bool:"+e.toString())},_string:function(e){n("string:"+e.length+":"),n(e.toString())},_function:function(t){n("fn:"),g(t)?this.dispatch("[native]"):this.dispatch(t.toString()),!1!==e.respectFunctionNames&&this.dispatch("function-name:"+String(t.name)),e.respectFunctionProperties&&this._object(t)},_number:function(e){return n("number:"+e.toString())},_xml:function(e){return n("xml:"+e.toString())},_null:function(){return n("Null")},_undefined:function(){return n("Undefined")},_regexp:function(e){return n("regex:"+e.toString())},_uint8array:function(e){return n("uint8array:"),this.dispatch(Array.prototype.slice.call(e))},_uint8clampedarray:function(e){return n("uint8clampedarray:"),this.dispatch(Array.prototype.slice.call(e))},_int8array:function(e){return n("uint8array:"),this.dispatch(Array.prototype.slice.call(e))},_uint16array:function(e){return n("uint16array:"),this.dispatch(Array.prototype.slice.call(e))},_int16array:function(e){return n("uint16array:"),this.dispatch(Array.prototype.slice.call(e))},_uint32array:function(e){return n("uint32array:"),this.dispatch(Array.prototype.slice.call(e))},_int32array:function(e){return n("uint32array:"),this.dispatch(Array.prototype.slice.call(e))},_float32array:function(e){return n("float32array:"),this.dispatch(Array.prototype.slice.call(e))},_float64array:function(e){return n("float64array:"),this.dispatch(Array.prototype.slice.call(e))},_arraybuffer:function(e){return n("arraybuffer:"),this.dispatch(new Uint8Array(e))},_url:function(e){return n("url:"+e.toString())},_map:function(t){n("map:");var a=Array.from(t);return this._array(a,!1!==e.unorderedSets)},_set:function(t){n("set:");var a=Array.from(t);return this._array(a,!1!==e.unorderedSets)},_blob:function(){if(e.ignoreUnknown)return n("[blob]");throw Error('Hashing Blob objects is currently not supported\n(see https://github.com/puleos/object-hash/issues/26)\nUse "options.replacer" or "options.ignoreUnknown"\n')},_domwindow:function(){return n("domwindow")},_process:function(){return n("process")},_timer:function(){return n("timer")},_pipe:function(){return n("pipe")},_tcp:function(){return n("tcp")},_udp:function(){return n("udp")},_tty:function(){return n("tty")},_statwatcher:function(){return n("statwatcher")},_securecontext:function(){return n("securecontext")},_connection:function(){return n("connection")},_zlib:function(){return n("zlib")},_context:function(){return n("context")},_nodescript:function(){return n("nodescript")},_httpparser:function(){return n("httpparser")},_dataview:function(){return n("dataview")},_signal:function(){return n("signal")},_fsevent:function(){return n("fsevent")},_tlswrap:function(){return n("tlswrap")}}}function f(){return{buf:"",write:function(e){this.buf+=e},end:function(e){this.buf+=e},read:function(){return this.buf}}}var b=e("crypto");(a=t.exports=p).sha1=function(e){return p(e)},a.keys=function(e){return p(e,{excludeValues:!0,algorithm:"sha1",encoding:"hex"})},a.MD5=function(e){return p(e,{algorithm:"md5",encoding:"hex"})},a.keysMD5=function(e){return p(e,{algorithm:"md5",encoding:"hex",excludeValues:!0})};var h=b.getHashes?b.getHashes().slice():["sha1","md5"];h.push("passthrough");var E=["buffer","hex","binary","base64"];a.writeToStream=function(e,t,a){return void 0===a&&(a=t,t={}),y(t=m(e,t),a).dispatch(e)}}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/fake_e8180ef5.js","/")},{buffer:3,crypto:5,lYpoI2:10}],2:[function(e,t,a){(function(e,t,n,i,r,o,s,l,c){var u="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";!function(e){"use strict";function t(e){var t=e.charCodeAt(0);return t===n||t===l?62:t===i||t===c?63:t<r?-1:t<r+10?t-r+26+26:t<s+26?t-s:t<o+26?t-o+26:void 0}var a="undefined"!=typeof Uint8Array?Uint8Array:Array,n="+".charCodeAt(0),i="/".charCodeAt(0),r="0".charCodeAt(0),o="a".charCodeAt(0),s="A".charCodeAt(0),l="-".charCodeAt(0),c="_".charCodeAt(0);e.toByteArray=function(e){function n(e){c[d++]=e}var i,r,o,s,l,c;if(e.length%4>0)throw new Error("Invalid string. Length must be a multiple of 4");var u=e.length;l="="===e.charAt(u-2)?2:"="===e.charAt(u-1)?1:0,c=new a(3*e.length/4-l),o=l>0?e.length-4:e.length;var d=0;for(i=0,r=0;i<o;i+=4,r+=3)n((16711680&(s=t(e.charAt(i))<<18|t(e.charAt(i+1))<<12|t(e.charAt(i+2))<<6|t(e.charAt(i+3))))>>16),n((65280&s)>>8),n(255&s);return 2===l?n(255&(s=t(e.charAt(i))<<2|t(e.charAt(i+1))>>4)):1===l&&(n((s=t(e.charAt(i))<<10|t(e.charAt(i+1))<<4|t(e.charAt(i+2))>>2)>>8&255),n(255&s)),c},e.fromByteArray=function(e){function t(e){return u.charAt(e)}function a(e){return t(e>>18&63)+t(e>>12&63)+t(e>>6&63)+t(63&e)}var n,i,r,o=e.length%3,s="";for(n=0,r=e.length-o;n<r;n+=3)s+=a(i=(e[n]<<16)+(e[n+1]<<8)+e[n+2]);switch(o){case 1:s+=t((i=e[e.length-1])>>2),s+=t(i<<4&63),s+="==";break;case 2:s+=t((i=(e[e.length-2]<<8)+e[e.length-1])>>10),s+=t(i>>4&63),s+=t(i<<2&63),s+="="}return s}}(void 0===a?this.base64js={}:a)}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/node_modules/gulp-browserify/node_modules/base64-js/lib/b64.js","/node_modules/gulp-browserify/node_modules/base64-js/lib")},{buffer:3,lYpoI2:10}],3:[function(e,t,a){(function(t,n,i,r,o,s,l,c,u){function i(e,t,a){if(!(this instanceof i))return new i(e,t,a);var n,r,o,s=typeof e;if("base64"===t&&"string"===s)for(e=function(e){return e.trim?e.trim():e.replace(/^\s+|\s+$/g,"")}(e);e.length%4!=0;)e+="=";if("number"===s)n=M(e);else if("string"===s)n=i.byteLength(e,t);else{if("object"!==s)throw new Error("First argument needs to be a number, array or string.");n=M(e.length)}if(i._useTypedArrays?r=i._augment(new Uint8Array(n)):((r=this).length=n,r._isBuffer=!0),i._useTypedArrays&&"number"==typeof e.byteLength)r._set(e);else if(function(e){return F(e)||i.isBuffer(e)||e&&"object"==typeof e&&"number"==typeof e.length}(e))for(o=0;o<n;o++)i.isBuffer(e)?r[o]=e.readUInt8(o):r[o]=e[o];else if("string"===s)r.write(e,0,t);else if("number"===s&&!i._useTypedArrays&&!a)for(o=0;o<n;o++)r[o]=0;return r}function d(e,t,a,n){a=Number(a)||0;var r=e.length-a;n?(n=Number(n))>r&&(n=r):n=r;var o=t.length;B(o%2==0,"Invalid hex string"),n>o/2&&(n=o/2);for(var s=0;s<n;s++){var l=parseInt(t.substr(2*s,2),16);B(!isNaN(l),"Invalid hex string"),e[a+s]=l}return i._charsWritten=2*s,s}function p(e,t,a,n){return i._charsWritten=N(A(t),e,a,n)}function m(e,t,a,n){return i._charsWritten=N(function(e){for(var t=[],a=0;a<e.length;a++)t.push(255&e.charCodeAt(a));return t}(t),e,a,n)}function g(e,t,a,n){return i._charsWritten=N(_(t),e,a,n)}function y(e,t,a,n){return i._charsWritten=N(function(e){for(var t,a,n,i=[],r=0;r<e.length;r++)a=(t=e.charCodeAt(r))>>8,n=t%256,i.push(n),i.push(a);return i}(t),e,a,n)}function f(e,t,a){var n="";a=Math.min(e.length,a);for(var i=t;i<a;i++)n+=String.fromCharCode(e[i]);return n}function b(e,t,a,n){n||(B("boolean"==typeof a,"missing or invalid endian"),B(null!=t,"missing offset"),B(t+1<e.length,"Trying to read beyond buffer length"));var i,r=e.length;if(!(t>=r))return a?(i=e[t],t+1<r&&(i|=e[t+1]<<8)):(i=e[t]<<8,t+1<r&&(i|=e[t+1])),i}function h(e,t,a,n){n||(B("boolean"==typeof a,"missing or invalid endian"),B(null!=t,"missing offset"),B(t+3<e.length,"Trying to read beyond buffer length"));var i,r=e.length;if(!(t>=r))return a?(t+2<r&&(i=e[t+2]<<16),t+1<r&&(i|=e[t+1]<<8),i|=e[t],t+3<r&&(i+=e[t+3]<<24>>>0)):(t+1<r&&(i=e[t+1]<<16),t+2<r&&(i|=e[t+2]<<8),t+3<r&&(i|=e[t+3]),i+=e[t]<<24>>>0),i}function E(e,t,a,n){if(n||(B("boolean"==typeof a,"missing or invalid endian"),B(null!=t,"missing offset"),B(t+1<e.length,"Trying to read beyond buffer length")),!(t>=e.length)){var i=b(e,t,a,!0);return 32768&i?-1*(65535-i+1):i}}function v(e,t,a,n){if(n||(B("boolean"==typeof a,"missing or invalid endian"),B(null!=t,"missing offset"),B(t+3<e.length,"Trying to read beyond buffer length")),!(t>=e.length)){var i=h(e,t,a,!0);return 2147483648&i?-1*(4294967295-i+1):i}}function x(e,t,a,n){return n||(B("boolean"==typeof a,"missing or invalid endian"),B(t+3<e.length,"Trying to read beyond buffer length")),$.read(e,t,a,23,4)}function k(e,t,a,n){return n||(B("boolean"==typeof a,"missing or invalid endian"),B(t+7<e.length,"Trying to read beyond buffer length")),$.read(e,t,a,52,8)}function S(e,t,a,n,i){i||(B(null!=t,"missing value"),B("boolean"==typeof n,"missing or invalid endian"),B(null!=a,"missing offset"),B(a+1<e.length,"trying to write beyond buffer length"),q(t,65535));var r=e.length;if(!(a>=r))for(var o=0,s=Math.min(r-a,2);o<s;o++)e[a+o]=(t&255<<8*(n?o:1-o))>>>8*(n?o:1-o)}function w(e,t,a,n,i){i||(B(null!=t,"missing value"),B("boolean"==typeof n,"missing or invalid endian"),B(null!=a,"missing offset"),B(a+3<e.length,"trying to write beyond buffer length"),q(t,4294967295));var r=e.length;if(!(a>=r))for(var o=0,s=Math.min(r-a,4);o<s;o++)e[a+o]=t>>>8*(n?o:3-o)&255}function j(e,t,a,n,i){i||(B(null!=t,"missing value"),B("boolean"==typeof n,"missing or invalid endian"),B(null!=a,"missing offset"),B(a+1<e.length,"Trying to write beyond buffer length"),P(t,32767,-32768)),a>=e.length||S(e,t>=0?t:65535+t+1,a,n,i)}function O(e,t,a,n,i){i||(B(null!=t,"missing value"),B("boolean"==typeof n,"missing or invalid endian"),B(null!=a,"missing offset"),B(a+3<e.length,"Trying to write beyond buffer length"),P(t,2147483647,-2147483648)),a>=e.length||w(e,t>=0?t:4294967295+t+1,a,n,i)}function I(e,t,a,n,i){i||(B(null!=t,"missing value"),B("boolean"==typeof n,"missing or invalid endian"),B(null!=a,"missing offset"),B(a+3<e.length,"Trying to write beyond buffer length"),L(t,34028234663852886e22,-34028234663852886e22)),a>=e.length||$.write(e,t,a,n,23,4)}function T(e,t,a,n,i){i||(B(null!=t,"missing value"),B("boolean"==typeof n,"missing or invalid endian"),B(null!=a,"missing offset"),B(a+7<e.length,"Trying to write beyond buffer length"),L(t,17976931348623157e292,-17976931348623157e292)),a>=e.length||$.write(e,t,a,n,52,8)}function C(e,t,a){return"number"!=typeof e?a:(e=~~e)>=t?t:e>=0||(e+=t)>=0?e:0}function M(e){return(e=~~Math.ceil(+e))<0?0:e}function F(e){return(Array.isArray||function(e){return"[object Array]"===Object.prototype.toString.call(e)})(e)}function D(e){return e<16?"0"+e.toString(16):e.toString(16)}function A(e){for(var t=[],a=0;a<e.length;a++){var n=e.charCodeAt(a);if(n<=127)t.push(e.charCodeAt(a));else{var i=a;n>=55296&&n<=57343&&a++;for(var r=encodeURIComponent(e.slice(i,a+1)).substr(1).split("%"),o=0;o<r.length;o++)t.push(parseInt(r[o],16))}}return t}function _(e){return z.toByteArray(e)}function N(e,t,a,n){for(var i=0;i<n&&!(i+a>=t.length||i>=e.length);i++)t[i+a]=e[i];return i}function R(e){try{return decodeURIComponent(e)}catch(e){return String.fromCharCode(65533)}}function q(e,t){B("number"==typeof e,"cannot write a non-number as a number"),B(e>=0,"specified a negative value for writing an unsigned value"),B(e<=t,"value is larger than maximum value for type"),B(Math.floor(e)===e,"value has a fractional component")}function P(e,t,a){B("number"==typeof e,"cannot write a non-number as a number"),B(e<=t,"value larger than maximum allowed value"),B(e>=a,"value smaller than minimum allowed value"),B(Math.floor(e)===e,"value has a fractional component")}function L(e,t,a){B("number"==typeof e,"cannot write a non-number as a number"),B(e<=t,"value larger than maximum allowed value"),B(e>=a,"value smaller than minimum allowed value")}function B(e,t){if(!e)throw new Error(t||"Failed assertion")}var z=e("base64-js"),$=e("ieee754");a.Buffer=i,a.SlowBuffer=i,a.INSPECT_MAX_BYTES=50,i.poolSize=8192,i._useTypedArrays=function(){try{var e=new ArrayBuffer(0),t=new Uint8Array(e);return t.foo=function(){return 42},42===t.foo()&&"function"==typeof t.subarray}catch(e){return!1}}(),i.isEncoding=function(e){switch(String(e).toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"binary":case"base64":case"raw":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return!0;default:return!1}},i.isBuffer=function(e){return!(null==e||!e._isBuffer)},i.byteLength=function(e,t){var a;switch(e+="",t||"utf8"){case"hex":a=e.length/2;break;case"utf8":case"utf-8":a=A(e).length;break;case"ascii":case"binary":case"raw":a=e.length;break;case"base64":a=_(e).length;break;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":a=2*e.length;break;default:throw new Error("Unknown encoding")}return a},i.concat=function(e,t){if(B(F(e),"Usage: Buffer.concat(list, [totalLength])\nlist should be an Array."),0===e.length)return new i(0);if(1===e.length)return e[0];var a;if("number"!=typeof t)for(t=0,a=0;a<e.length;a++)t+=e[a].length;var n=new i(t),r=0;for(a=0;a<e.length;a++){var o=e[a];o.copy(n,r),r+=o.length}return n},i.prototype.write=function(e,t,a,n){if(isFinite(t))isFinite(a)||(n=a,a=void 0);else{var i=n;n=t,t=a,a=i}t=Number(t)||0;var r,o=this.length-t;switch(a?(a=Number(a))>o&&(a=o):a=o,n=String(n||"utf8").toLowerCase()){case"hex":r=d(this,e,t,a);break;case"utf8":case"utf-8":r=p(this,e,t,a);break;case"ascii":r=m(this,e,t,a);break;case"binary":r=function(e,t,a,n){return m(e,t,a,n)}(this,e,t,a);break;case"base64":r=g(this,e,t,a);break;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":r=y(this,e,t,a);break;default:throw new Error("Unknown encoding")}return r},i.prototype.toString=function(e,t,a){var n,i=this;if(e=String(e||"utf8").toLowerCase(),t=Number(t)||0,(a=void 0!==a?Number(a):a=i.length)===t)return"";switch(e){case"hex":n=function(e,t,a){var n=e.length;(!t||t<0)&&(t=0),(!a||a<0||a>n)&&(a=n);for(var i="",r=t;r<a;r++)i+=D(e[r]);return i}(i,t,a);break;case"utf8":case"utf-8":n=function(e,t,a){var n="",i="";a=Math.min(e.length,a);for(var r=t;r<a;r++)e[r]<=127?(n+=R(i)+String.fromCharCode(e[r]),i=""):i+="%"+e[r].toString(16);return n+R(i)}(i,t,a);break;case"ascii":n=f(i,t,a);break;case"binary":n=function(e,t,a){return f(e,t,a)}(i,t,a);break;case"base64":n=function(e,t,a){return 0===t&&a===e.length?z.fromByteArray(e):z.fromByteArray(e.slice(t,a))}(i,t,a);break;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":n=function(e,t,a){for(var n=e.slice(t,a),i="",r=0;r<n.length;r+=2)i+=String.fromCharCode(n[r]+256*n[r+1]);return i}(i,t,a);break;default:throw new Error("Unknown encoding")}return n},i.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}},i.prototype.copy=function(e,t,a,n){var r=this;if(a||(a=0),n||0===n||(n=this.length),t||(t=0),n!==a&&0!==e.length&&0!==r.length){B(n>=a,"sourceEnd < sourceStart"),B(t>=0&&t<e.length,"targetStart out of bounds"),B(a>=0&&a<r.length,"sourceStart out of bounds"),B(n>=0&&n<=r.length,"sourceEnd out of bounds"),n>this.length&&(n=this.length),e.length-t<n-a&&(n=e.length-t+a);var o=n-a;if(o<100||!i._useTypedArrays)for(var s=0;s<o;s++)e[s+t]=this[s+a];else e._set(this.subarray(a,a+o),t)}},i.prototype.slice=function(e,t){var a=this.length;if(e=C(e,a,0),t=C(t,a,a),i._useTypedArrays)return i._augment(this.subarray(e,t));for(var n=t-e,r=new i(n,void 0,!0),o=0;o<n;o++)r[o]=this[o+e];return r},i.prototype.get=function(e){return console.log(".get() is deprecated. Access using array indexes instead."),this.readUInt8(e)},i.prototype.set=function(e,t){return console.log(".set() is deprecated. Access using array indexes instead."),this.writeUInt8(e,t)},i.prototype.readUInt8=function(e,t){if(t||(B(null!=e,"missing offset"),B(e<this.length,"Trying to read beyond buffer length")),!(e>=this.length))return this[e]},i.prototype.readUInt16LE=function(e,t){return b(this,e,!0,t)},i.prototype.readUInt16BE=function(e,t){return b(this,e,!1,t)},i.prototype.readUInt32LE=function(e,t){return h(this,e,!0,t)},i.prototype.readUInt32BE=function(e,t){return h(this,e,!1,t)},i.prototype.readInt8=function(e,t){if(t||(B(null!=e,"missing offset"),B(e<this.length,"Trying to read beyond buffer length")),!(e>=this.length))return 128&this[e]?-1*(255-this[e]+1):this[e]},i.prototype.readInt16LE=function(e,t){return E(this,e,!0,t)},i.prototype.readInt16BE=function(e,t){return E(this,e,!1,t)},i.prototype.readInt32LE=function(e,t){return v(this,e,!0,t)},i.prototype.readInt32BE=function(e,t){return v(this,e,!1,t)},i.prototype.readFloatLE=function(e,t){return x(this,e,!0,t)},i.prototype.readFloatBE=function(e,t){return x(this,e,!1,t)},i.prototype.readDoubleLE=function(e,t){return k(this,e,!0,t)},i.prototype.readDoubleBE=function(e,t){return k(this,e,!1,t)},i.prototype.writeUInt8=function(e,t,a){a||(B(null!=e,"missing value"),B(null!=t,"missing offset"),B(t<this.length,"trying to write beyond buffer length"),q(e,255)),t>=this.length||(this[t]=e)},i.prototype.writeUInt16LE=function(e,t,a){S(this,e,t,!0,a)},i.prototype.writeUInt16BE=function(e,t,a){S(this,e,t,!1,a)},i.prototype.writeUInt32LE=function(e,t,a){w(this,e,t,!0,a)},i.prototype.writeUInt32BE=function(e,t,a){w(this,e,t,!1,a)},i.prototype.writeInt8=function(e,t,a){a||(B(null!=e,"missing value"),B(null!=t,"missing offset"),B(t<this.length,"Trying to write beyond buffer length"),P(e,127,-128)),t>=this.length||(e>=0?this.writeUInt8(e,t,a):this.writeUInt8(255+e+1,t,a))},i.prototype.writeInt16LE=function(e,t,a){j(this,e,t,!0,a)},i.prototype.writeInt16BE=function(e,t,a){j(this,e,t,!1,a)},i.prototype.writeInt32LE=function(e,t,a){O(this,e,t,!0,a)},i.prototype.writeInt32BE=function(e,t,a){O(this,e,t,!1,a)},i.prototype.writeFloatLE=function(e,t,a){I(this,e,t,!0,a)},i.prototype.writeFloatBE=function(e,t,a){I(this,e,t,!1,a)},i.prototype.writeDoubleLE=function(e,t,a){T(this,e,t,!0,a)},i.prototype.writeDoubleBE=function(e,t,a){T(this,e,t,!1,a)},i.prototype.fill=function(e,t,a){if(e||(e=0),t||(t=0),a||(a=this.length),"string"==typeof e&&(e=e.charCodeAt(0)),B("number"==typeof e&&!isNaN(e),"value is not a number"),B(a>=t,"end < start"),a!==t&&0!==this.length){B(t>=0&&t<this.length,"start out of bounds"),B(a>=0&&a<=this.length,"end out of bounds");for(var n=t;n<a;n++)this[n]=e}},i.prototype.inspect=function(){for(var e=[],t=this.length,n=0;n<t;n++)if(e[n]=D(this[n]),n===a.INSPECT_MAX_BYTES){e[n+1]="...";break}return"<Buffer "+e.join(" ")+">"},i.prototype.toArrayBuffer=function(){if("undefined"!=typeof Uint8Array){if(i._useTypedArrays)return new i(this).buffer;for(var e=new Uint8Array(this.length),t=0,a=e.length;t<a;t+=1)e[t]=this[t];return e.buffer}throw new Error("Buffer.toArrayBuffer not supported in this browser")};var V=i.prototype;i._augment=function(e){return e._isBuffer=!0,e._get=e.get,e._set=e.set,e.get=V.get,e.set=V.set,e.write=V.write,e.toString=V.toString,e.toLocaleString=V.toString,e.toJSON=V.toJSON,e.copy=V.copy,e.slice=V.slice,e.readUInt8=V.readUInt8,e.readUInt16LE=V.readUInt16LE,e.readUInt16BE=V.readUInt16BE,e.readUInt32LE=V.readUInt32LE,e.readUInt32BE=V.readUInt32BE,e.readInt8=V.readInt8,e.readInt16LE=V.readInt16LE,e.readInt16BE=V.readInt16BE,e.readInt32LE=V.readInt32LE,e.readInt32BE=V.readInt32BE,e.readFloatLE=V.readFloatLE,e.readFloatBE=V.readFloatBE,e.readDoubleLE=V.readDoubleLE,e.readDoubleBE=V.readDoubleBE,e.writeUInt8=V.writeUInt8,e.writeUInt16LE=V.writeUInt16LE,e.writeUInt16BE=V.writeUInt16BE,e.writeUInt32LE=V.writeUInt32LE,e.writeUInt32BE=V.writeUInt32BE,e.writeInt8=V.writeInt8,e.writeInt16LE=V.writeInt16LE,e.writeInt16BE=V.writeInt16BE,e.writeInt32LE=V.writeInt32LE,e.writeInt32BE=V.writeInt32BE,e.writeFloatLE=V.writeFloatLE,e.writeFloatBE=V.writeFloatBE,e.writeDoubleLE=V.writeDoubleLE,e.writeDoubleBE=V.writeDoubleBE,e.fill=V.fill,e.inspect=V.inspect,e.toArrayBuffer=V.toArrayBuffer,e}}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/node_modules/gulp-browserify/node_modules/buffer/index.js","/node_modules/gulp-browserify/node_modules/buffer")},{"base64-js":2,buffer:3,ieee754:11,lYpoI2:10}],4:[function(e,t,a){(function(a,n,i,r,o,s,l,c,u){i=e("buffer").Buffer;var d=4,p=new i(d);p.fill(0);var m=8;t.exports={hash:function(e,t,a,n){return i.isBuffer(e)||(e=new i(e)),function(e,t,a){for(var n=new i(t),r=a?n.writeInt32BE:n.writeInt32LE,o=0;o<e.length;o++)r.call(n,e[o],4*o,!0);return n}(t(function(e,t){if(e.length%d!=0){var a=e.length+(d-e.length%d);e=i.concat([e,p],a)}for(var n=[],r=t?e.readInt32BE:e.readInt32LE,o=0;o<e.length;o+=d)n.push(r.call(e,o));return n}(e,n),e.length*m),a,n)}}}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/node_modules/gulp-browserify/node_modules/crypto-browserify/helpers.js","/node_modules/gulp-browserify/node_modules/crypto-browserify")},{buffer:3,lYpoI2:10}],5:[function(e,t,a){(function(t,n,i,r,o,s,l,c,u){function d(e,t){var a=f[e=e||"sha1"],n=[];return a||p("algorithm:",e,"is not yet supported"),{update:function(e){return i.isBuffer(e)||(e=new i(e)),n.push(e),e.length,this},digest:function(e){var r=i.concat(n),o=t?function(e,t,a){i.isBuffer(t)||(t=new i(t)),i.isBuffer(a)||(a=new i(a)),t.length>b?t=e(t):t.length<b&&(t=i.concat([t,h],b));for(var n=new i(b),r=new i(b),o=0;o<b;o++)n[o]=54^t[o],r[o]=92^t[o];var s=e(i.concat([n,a]));return e(i.concat([r,s]))}(a,t,r):a(r);return n=null,e?o.toString(e):o}}}function p(){var e=[].slice.call(arguments).join(" ");throw new Error([e,"we accept pull requests","http://github.com/dominictarr/crypto-browserify"].join("\n"))}i=e("buffer").Buffer;var m=e("./sha"),g=e("./sha256"),y=e("./rng"),f={sha1:m,sha256:g,md5:e("./md5")},b=64,h=new i(b);h.fill(0),a.createHash=function(e){return d(e)},a.createHmac=function(e,t){return d(e,t)},a.randomBytes=function(e,t){if(!t||!t.call)return new i(y(e));try{t.call(this,void 0,new i(y(e)))}catch(e){t(e)}},function(e,t){for(var a in e)t(e[a],a)}(["createCredentials","createCipher","createCipheriv","createDecipher","createDecipheriv","createSign","createVerify","createDiffieHellman","pbkdf2"],(function(e){a[e]=function(){p("sorry,",e,"is not implemented yet")}}))}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/node_modules/gulp-browserify/node_modules/crypto-browserify/index.js","/node_modules/gulp-browserify/node_modules/crypto-browserify")},{"./md5":6,"./rng":7,"./sha":8,"./sha256":9,buffer:3,lYpoI2:10}],6:[function(e,t,a){(function(a,n,i,r,o,s,l,c,u){function d(e,t){e[t>>5]|=128<<t%32,e[14+(t+64>>>9<<4)]=t;for(var a=1732584193,n=-271733879,i=-1732584194,r=271733878,o=0;o<e.length;o+=16){var s=a,l=n,c=i,u=r;a=m(a,n,i,r,e[o+0],7,-680876936),r=m(r,a,n,i,e[o+1],12,-389564586),i=m(i,r,a,n,e[o+2],17,606105819),n=m(n,i,r,a,e[o+3],22,-1044525330),a=m(a,n,i,r,e[o+4],7,-176418897),r=m(r,a,n,i,e[o+5],12,1200080426),i=m(i,r,a,n,e[o+6],17,-1473231341),n=m(n,i,r,a,e[o+7],22,-45705983),a=m(a,n,i,r,e[o+8],7,1770035416),r=m(r,a,n,i,e[o+9],12,-1958414417),i=m(i,r,a,n,e[o+10],17,-42063),n=m(n,i,r,a,e[o+11],22,-1990404162),a=m(a,n,i,r,e[o+12],7,1804603682),r=m(r,a,n,i,e[o+13],12,-40341101),i=m(i,r,a,n,e[o+14],17,-1502002290),a=g(a,n=m(n,i,r,a,e[o+15],22,1236535329),i,r,e[o+1],5,-165796510),r=g(r,a,n,i,e[o+6],9,-1069501632),i=g(i,r,a,n,e[o+11],14,643717713),n=g(n,i,r,a,e[o+0],20,-373897302),a=g(a,n,i,r,e[o+5],5,-701558691),r=g(r,a,n,i,e[o+10],9,38016083),i=g(i,r,a,n,e[o+15],14,-660478335),n=g(n,i,r,a,e[o+4],20,-405537848),a=g(a,n,i,r,e[o+9],5,568446438),r=g(r,a,n,i,e[o+14],9,-1019803690),i=g(i,r,a,n,e[o+3],14,-187363961),n=g(n,i,r,a,e[o+8],20,1163531501),a=g(a,n,i,r,e[o+13],5,-1444681467),r=g(r,a,n,i,e[o+2],9,-51403784),i=g(i,r,a,n,e[o+7],14,1735328473),a=y(a,n=g(n,i,r,a,e[o+12],20,-1926607734),i,r,e[o+5],4,-378558),r=y(r,a,n,i,e[o+8],11,-2022574463),i=y(i,r,a,n,e[o+11],16,1839030562),n=y(n,i,r,a,e[o+14],23,-35309556),a=y(a,n,i,r,e[o+1],4,-1530992060),r=y(r,a,n,i,e[o+4],11,1272893353),i=y(i,r,a,n,e[o+7],16,-155497632),n=y(n,i,r,a,e[o+10],23,-1094730640),a=y(a,n,i,r,e[o+13],4,681279174),r=y(r,a,n,i,e[o+0],11,-358537222),i=y(i,r,a,n,e[o+3],16,-722521979),n=y(n,i,r,a,e[o+6],23,76029189),a=y(a,n,i,r,e[o+9],4,-640364487),r=y(r,a,n,i,e[o+12],11,-421815835),i=y(i,r,a,n,e[o+15],16,530742520),a=f(a,n=y(n,i,r,a,e[o+2],23,-995338651),i,r,e[o+0],6,-198630844),r=f(r,a,n,i,e[o+7],10,1126891415),i=f(i,r,a,n,e[o+14],15,-1416354905),n=f(n,i,r,a,e[o+5],21,-57434055),a=f(a,n,i,r,e[o+12],6,1700485571),r=f(r,a,n,i,e[o+3],10,-1894986606),i=f(i,r,a,n,e[o+10],15,-1051523),n=f(n,i,r,a,e[o+1],21,-2054922799),a=f(a,n,i,r,e[o+8],6,1873313359),r=f(r,a,n,i,e[o+15],10,-30611744),i=f(i,r,a,n,e[o+6],15,-1560198380),n=f(n,i,r,a,e[o+13],21,1309151649),a=f(a,n,i,r,e[o+4],6,-145523070),r=f(r,a,n,i,e[o+11],10,-1120210379),i=f(i,r,a,n,e[o+2],15,718787259),n=f(n,i,r,a,e[o+9],21,-343485551),a=b(a,s),n=b(n,l),i=b(i,c),r=b(r,u)}return Array(a,n,i,r)}function p(e,t,a,n,i,r){return b(function(e,t){return e<<t|e>>>32-t}(b(b(t,e),b(n,r)),i),a)}function m(e,t,a,n,i,r,o){return p(t&a|~t&n,e,t,i,r,o)}function g(e,t,a,n,i,r,o){return p(t&n|a&~n,e,t,i,r,o)}function y(e,t,a,n,i,r,o){return p(t^a^n,e,t,i,r,o)}function f(e,t,a,n,i,r,o){return p(a^(t|~n),e,t,i,r,o)}function b(e,t){var a=(65535&e)+(65535&t);return(e>>16)+(t>>16)+(a>>16)<<16|65535&a}var h=e("./helpers");t.exports=function(e){return h.hash(e,d,16)}}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/node_modules/gulp-browserify/node_modules/crypto-browserify/md5.js","/node_modules/gulp-browserify/node_modules/crypto-browserify")},{"./helpers":4,buffer:3,lYpoI2:10}],7:[function(e,t,a){(function(e,a,n,i,r,o,s,l,c){!function(){var e,a;e=function(e){for(var t,a=new Array(e),n=0;n<e;n++)0==(3&n)&&(t=4294967296*Math.random()),a[n]=t>>>((3&n)<<3)&255;return a},this.crypto&&crypto.getRandomValues&&(a=function(e){var t=new Uint8Array(e);return crypto.getRandomValues(t),t}),t.exports=a||e}()}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/node_modules/gulp-browserify/node_modules/crypto-browserify/rng.js","/node_modules/gulp-browserify/node_modules/crypto-browserify")},{buffer:3,lYpoI2:10}],8:[function(e,t,a){(function(a,n,i,r,o,s,l,c,u){function d(e,t){e[t>>5]|=128<<24-t%32,e[15+(t+64>>9<<4)]=t;for(var a=Array(80),n=1732584193,i=-271733879,r=-1732584194,o=271733878,s=-1009589776,l=0;l<e.length;l+=16){for(var c=n,u=i,d=r,f=o,b=s,h=0;h<80;h++){a[h]=h<16?e[l+h]:y(a[h-3]^a[h-8]^a[h-14]^a[h-16],1);var E=g(g(y(n,5),p(h,i,r,o)),g(g(s,a[h]),m(h)));s=o,o=r,r=y(i,30),i=n,n=E}n=g(n,c),i=g(i,u),r=g(r,d),o=g(o,f),s=g(s,b)}return Array(n,i,r,o,s)}function p(e,t,a,n){return e<20?t&a|~t&n:e<40?t^a^n:e<60?t&a|t&n|a&n:t^a^n}function m(e){return e<20?1518500249:e<40?1859775393:e<60?-1894007588:-899497514}function g(e,t){var a=(65535&e)+(65535&t);return(e>>16)+(t>>16)+(a>>16)<<16|65535&a}function y(e,t){return e<<t|e>>>32-t}var f=e("./helpers");t.exports=function(e){return f.hash(e,d,20,!0)}}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/node_modules/gulp-browserify/node_modules/crypto-browserify/sha.js","/node_modules/gulp-browserify/node_modules/crypto-browserify")},{"./helpers":4,buffer:3,lYpoI2:10}],9:[function(e,t,a){(function(a,n,i,r,o,s,l,c,u){var d=e("./helpers"),p=function(e,t){var a=(65535&e)+(65535&t);return(e>>16)+(t>>16)+(a>>16)<<16|65535&a},m=function(e,t){return e>>>t|e<<32-t},g=function(e,t){return e>>>t},y=function(e,t,a){return e&t^~e&a},f=function(e,t,a){return e&t^e&a^t&a},b=function(e){return m(e,2)^m(e,13)^m(e,22)},h=function(e){return m(e,6)^m(e,11)^m(e,25)},E=function(e){return m(e,7)^m(e,18)^g(e,3)},v=function(e){return m(e,17)^m(e,19)^g(e,10)},x=function(e,t){var a,n,i,r,o,s,l,c,u,d,m=new Array(1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298),g=new Array(1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225),x=new Array(64);e[t>>5]|=128<<24-t%32,e[15+(t+64>>9<<4)]=t;for(var k=0;k<e.length;k+=16){a=g[0],n=g[1],i=g[2],r=g[3],o=g[4],s=g[5],l=g[6],c=g[7];for(var S=0;S<64;S++)x[S]=S<16?e[S+k]:p(p(p(v(x[S-2]),x[S-7]),E(x[S-15])),x[S-16]),u=p(p(p(p(c,h(o)),y(o,s,l)),m[S]),x[S]),d=p(b(a),f(a,n,i)),c=l,l=s,s=o,o=p(r,u),r=i,i=n,n=a,a=p(u,d);g[0]=p(a,g[0]),g[1]=p(n,g[1]),g[2]=p(i,g[2]),g[3]=p(r,g[3]),g[4]=p(o,g[4]),g[5]=p(s,g[5]),g[6]=p(l,g[6]),g[7]=p(c,g[7])}return g};t.exports=function(e){return d.hash(e,x,32,!0)}}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/node_modules/gulp-browserify/node_modules/crypto-browserify/sha256.js","/node_modules/gulp-browserify/node_modules/crypto-browserify")},{"./helpers":4,buffer:3,lYpoI2:10}],10:[function(e,t,a){(function(e,a,n,i,r,o,s,l,c){function u(){}(e=t.exports={}).nextTick=function(){var e="undefined"!=typeof window&&window.setImmediate,t="undefined"!=typeof window&&window.postMessage&&window.addEventListener;if(e)return function(e){return window.setImmediate(e)};if(t){var a=[];return window.addEventListener("message",(function(e){var t=e.source;(t===window||null===t)&&"process-tick"===e.data&&(e.stopPropagation(),a.length>0)&&a.shift()()}),!0),function(e){a.push(e),window.postMessage("process-tick","*")}}return function(e){setTimeout(e,0)}}(),e.title="browser",e.browser=!0,e.env={},e.argv=[],e.on=u,e.addListener=u,e.once=u,e.off=u,e.removeListener=u,e.removeAllListeners=u,e.emit=u,e.binding=function(e){throw new Error("process.binding is not supported")},e.cwd=function(){return"/"},e.chdir=function(e){throw new Error("process.chdir is not supported")}}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/node_modules/gulp-browserify/node_modules/process/browser.js","/node_modules/gulp-browserify/node_modules/process")},{buffer:3,lYpoI2:10}],11:[function(e,t,a){(function(e,t,n,i,r,o,s,l,c){a.read=function(e,t,a,n,i){var r,o,s=8*i-n-1,l=(1<<s)-1,c=l>>1,u=-7,d=a?i-1:0,p=a?-1:1,m=e[t+d];for(d+=p,r=m&(1<<-u)-1,m>>=-u,u+=s;u>0;r=256*r+e[t+d],d+=p,u-=8);for(o=r&(1<<-u)-1,r>>=-u,u+=n;u>0;o=256*o+e[t+d],d+=p,u-=8);if(0===r)r=1-c;else{if(r===l)return o?NaN:1/0*(m?-1:1);o+=Math.pow(2,n),r-=c}return(m?-1:1)*o*Math.pow(2,r-n)},a.write=function(e,t,a,n,i,r){var o,s,l,c=8*r-i-1,u=(1<<c)-1,d=u>>1,p=23===i?Math.pow(2,-24)-Math.pow(2,-77):0,m=n?0:r-1,g=n?1:-1,y=t<0||0===t&&1/t<0?1:0;for(t=Math.abs(t),isNaN(t)||t===1/0?(s=isNaN(t)?1:0,o=u):(o=Math.floor(Math.log(t)/Math.LN2),t*(l=Math.pow(2,-o))<1&&(o--,l*=2),(t+=o+d>=1?p/l:p*Math.pow(2,1-d))*l>=2&&(o++,l/=2),o+d>=u?(s=0,o=u):o+d>=1?(s=(t*l-1)*Math.pow(2,i),o+=d):(s=t*Math.pow(2,d-1)*Math.pow(2,i),o=0));i>=8;e[a+m]=255&s,m+=g,s/=256,i-=8);for(o=o<<i|s,c+=i;c>0;e[a+m]=255&o,m+=g,o/=256,c-=8);e[a+m-g]|=128*y}}).call(this,e("lYpoI2"),"undefined"!=typeof self?self:"undefined"!=typeof window?window:{},e("buffer").Buffer,arguments[3],arguments[4],arguments[5],arguments[6],"/node_modules/ieee754/index.js","/node_modules/ieee754")},{buffer:3,lYpoI2:10}]},{},[1])(1)},,function(e,t,a){e.exports=a.p+"94cccf20036d014924e63d4d595e88e1.svg"},function(e,t,a){var n,i,r,o;
/*!
 * mustache.js - Logic-less {{mustache}} templates with JavaScript
 * http://github.com/janl/mustache.js
 */o=function(e){var t=Object.prototype.toString,a=Array.isArray||function(e){return"[object Array]"===t.call(e)};function n(e){return"function"==typeof e}function i(e){return e.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g,"\\$&")}function r(e,t){return null!=e&&"object"==typeof e&&t in e}var o=RegExp.prototype.test,s=/\S/;var l={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;","`":"&#x60;","=":"&#x3D;"},c=/\s*/,u=/\s+/,d=/\s*=/,p=/\s*\}/,m=/#|\^|\/|>|\{|&|=|!/;function g(e){this.string=e,this.tail=e,this.pos=0}function y(e,t){this.view=e,this.cache={".":this.view},this.parent=t}function f(){this.cache={}}g.prototype.eos=function(){return""===this.tail},g.prototype.scan=function(e){var t=this.tail.match(e);if(!t||0!==t.index)return"";var a=t[0];return this.tail=this.tail.substring(a.length),this.pos+=a.length,a},g.prototype.scanUntil=function(e){var t,a=this.tail.search(e);switch(a){case-1:t=this.tail,this.tail="";break;case 0:t="";break;default:t=this.tail.substring(0,a),this.tail=this.tail.substring(a)}return this.pos+=t.length,t},y.prototype.push=function(e){return new y(e,this)},y.prototype.lookup=function(e){var t,a=this.cache;if(a.hasOwnProperty(e))t=a[e];else{for(var i,o,s=this,l=!1;s;){if(e.indexOf(".")>0)for(t=s.view,i=e.split("."),o=0;null!=t&&o<i.length;)o===i.length-1&&(l=r(t,i[o])),t=t[i[o++]];else t=s.view[e],l=r(s.view,e);if(l)break;s=s.parent}a[e]=t}return n(t)&&(t=t.call(this.view)),t},f.prototype.clearCache=function(){this.cache={}},f.prototype.parse=function(t,n){var r=this.cache,l=r[t];return null==l&&(l=r[t]=function(t,n){if(!t)return[];var r,l,y,f,b=[],h=[],E=[],v=!1,x=!1;function k(){if(v&&!x)for(;E.length;)delete h[E.pop()];else E=[];v=!1,x=!1}function S(e){if("string"==typeof e&&(e=e.split(u,2)),!a(e)||2!==e.length)throw new Error("Invalid tags: "+e);r=new RegExp(i(e[0])+"\\s*"),l=new RegExp("\\s*"+i(e[1])),y=new RegExp("\\s*"+i("}"+e[1]))}S(n||e.tags);for(var w,j,O,I,T,C,M=new g(t);!M.eos();){if(w=M.pos,O=M.scanUntil(r))for(var F=0,D=O.length;F<D;++F)f=I=O.charAt(F),function(e,t){return o.call(e,t)}(s,f)?x=!0:E.push(h.length),h.push(["text",I,w,w+1]),w+=1,"\n"===I&&k();if(!M.scan(r))break;if(v=!0,j=M.scan(m)||"name",M.scan(c),"="===j?(O=M.scanUntil(d),M.scan(d),M.scanUntil(l)):"{"===j?(O=M.scanUntil(y),M.scan(p),M.scanUntil(l),j="&"):O=M.scanUntil(l),!M.scan(l))throw new Error("Unclosed tag at "+M.pos);if(T=[j,O,w,M.pos],h.push(T),"#"===j||"^"===j)b.push(T);else if("/"===j){if(!(C=b.pop()))throw new Error('Unopened section "'+O+'" at '+w);if(C[1]!==O)throw new Error('Unclosed section "'+C[1]+'" at '+w)}else"name"===j||"{"===j||"&"===j?x=!0:"="===j&&S(O)}if(C=b.pop())throw new Error('Unclosed section "'+C[1]+'" at '+M.pos);return function(e){for(var t,a=[],n=a,i=[],r=0,o=e.length;r<o;++r)switch((t=e[r])[0]){case"#":case"^":n.push(t),i.push(t),n=t[4]=[];break;case"/":i.pop()[5]=t[2],n=i.length>0?i[i.length-1][4]:a;break;default:n.push(t)}return a}(function(e){for(var t,a,n=[],i=0,r=e.length;i<r;++i)(t=e[i])&&("text"===t[0]&&a&&"text"===a[0]?(a[1]+=t[1],a[3]=t[3]):(n.push(t),a=t));return n}(h))}(t,n)),l},f.prototype.render=function(e,t,a){var n=this.parse(e),i=t instanceof y?t:new y(t);return this.renderTokens(n,i,a,e)},f.prototype.renderTokens=function(e,t,a,n){for(var i,r,o,s="",l=0,c=e.length;l<c;++l)o=void 0,"#"===(r=(i=e[l])[0])?o=this.renderSection(i,t,a,n):"^"===r?o=this.renderInverted(i,t,a,n):">"===r?o=this.renderPartial(i,t,a,n):"&"===r?o=this.unescapedValue(i,t):"name"===r?o=this.escapedValue(i,t):"text"===r&&(o=this.rawValue(i)),void 0!==o&&(s+=o);return s},f.prototype.renderSection=function(e,t,i,r){var o=this,s="",l=t.lookup(e[1]);if(l){if(a(l))for(var c=0,u=l.length;c<u;++c)s+=this.renderTokens(e[4],t.push(l[c]),i,r);else if("object"==typeof l||"string"==typeof l||"number"==typeof l)s+=this.renderTokens(e[4],t.push(l),i,r);else if(n(l)){if("string"!=typeof r)throw new Error("Cannot use higher-order sections without the original template");null!=(l=l.call(t.view,r.slice(e[3],e[5]),(function(e){return o.render(e,t,i)})))&&(s+=l)}else s+=this.renderTokens(e[4],t,i,r);return s}},f.prototype.renderInverted=function(e,t,n,i){var r=t.lookup(e[1]);if(!r||a(r)&&0===r.length)return this.renderTokens(e[4],t,n,i)},f.prototype.renderPartial=function(e,t,a){if(a){var i=n(a)?a(e[1]):a[e[1]];return null!=i?this.renderTokens(this.parse(i),t,a,i):void 0}},f.prototype.unescapedValue=function(e,t){var a=t.lookup(e[1]);if(null!=a)return a},f.prototype.escapedValue=function(t,a){var n=a.lookup(t[1]);if(null!=n)return e.escape(n)},f.prototype.rawValue=function(e){return e[1]},e.name="mustache.js",e.version="2.3.2",e.tags=["{{","}}"];var b=new f;return e.clearCache=function(){return b.clearCache()},e.parse=function(e,t){return b.parse(e,t)},e.render=function(e,t,n){if("string"!=typeof e)throw new TypeError('Invalid template! Template should be a "string" but "'+(a(i=e)?"array":typeof i)+'" was given as the first argument for mustache#render(template, view, partials)');var i;return b.render(e,t,n)},e.to_html=function(t,a,i,r){var o=e.render(t,a,i);if(!n(r))return o;r(o)},e.escape=function(e){return String(e).replace(/[&<>"'`=\/]/g,(function(e){return l[e]}))},e.Scanner=g,e.Context=y,e.Writer=f,e},t&&"string"!=typeof t.nodeName?o(t):(i=[t],void 0===(r="function"==typeof(n=o)?n.apply(t,i):n)||(e.exports=r))}])]);