elastic
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions b/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.i18nrc.json‎
Lines changed: 1 addition & 1 deletion b/‎.i18nrc.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/images/clone_panel.gif‎
798 KB b/‎docs/images/clone_panel.gif‎
798 KB
diff --git a/‎docs/management/advanced-options.asciidoc‎
Lines changed: 2 additions & 0 deletions b/‎docs/management/advanced-options.asciidoc‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/settings/ml-settings.asciidoc‎
Lines changed: 8 additions & 1 deletion b/‎docs/settings/ml-settings.asciidoc‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎docs/setup/production.asciidoc‎
Lines changed: 2 additions & 1 deletion b/‎docs/setup/production.asciidoc‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎docs/siem/images/cases-ui.png‎
305 KB b/‎docs/siem/images/cases-ui.png‎
305 KB
diff --git a/‎docs/siem/siem-ui.asciidoc‎
Lines changed: 17 additions & 1 deletion b/‎docs/siem/siem-ui.asciidoc‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎docs/user/dashboard.asciidoc‎
Lines changed: 18 additions & 0 deletions b/‎docs/user/dashboard.asciidoc‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎docs/user/ml/images/ml-data-visualizer-sample.jpg‎
-219 KB b/‎docs/user/ml/images/ml-data-visualizer-sample.jpg‎
-219 KB
@@ -13,6 +13,7 @@
 /src/legacy/core_plugins/kibana/public/dev_tools/ @elastic/kibana-app
 /src/legacy/core_plugins/vis_type_vislib/ @elastic/kibana-app
 /src/plugins/vis_type_xy/ @elastic/kibana-app
+/src/plugins/vis_type_table/ @elastic/kibana-app
 /src/plugins/kibana_legacy/ @elastic/kibana-app
 /src/plugins/vis_type_timelion/ @elastic/kibana-app
 /src/plugins/dashboard/ @elastic/kibana-app
 
@@ -48,7 +48,7 @@
     "visDefaultEditor": "src/plugins/vis_default_editor",
     "visTypeMarkdown": "src/plugins/vis_type_markdown",
     "visTypeMetric": "src/plugins/vis_type_metric",
-    "visTypeTable": "src/legacy/core_plugins/vis_type_table",
+    "visTypeTable": "src/plugins/vis_type_table",
     "visTypeTagCloud": "src/legacy/core_plugins/vis_type_tagcloud",
     "visTypeTimeseries": ["src/legacy/core_plugins/vis_type_timeseries", "src/plugins/vis_type_timeseries"],
     "visTypeVega": "src/legacy/core_plugins/vis_type_vega",
 
@@ -217,6 +217,8 @@ might increase the search time. This setting is off by default. Users must opt-i
 [horizontal]
 `siem:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the SIEM app.
 `siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events.
+`siem:ipReputationLinks`:: A JSON array containing links for verifying the reputation of an IP address. The links are displayed on
+{siem-guide}/siem-ui-overview.html#network-ui[IP detail] pages.
 `siem:enableNewsFeed`:: Enables the security news feed on the SIEM *Overview*
 page.
 `siem:newsFeedUrl`:: The URL from which the security news feed content is
 
@@ -8,7 +8,6 @@
 You do not need to configure any settings to use {kib} {ml-features}. They are
 enabled by default.
 
-[float]
 [[general-ml-settings-kb]]
 ==== General {ml} settings
 
@@ -19,3 +18,11 @@ If set to `false` in `kibana.yml`, the {ml} icon is hidden in this {kib}
 instance. If `xpack.ml.enabled` is set to `true` in `elasticsearch.yml`, however,
 you can still use the {ml} APIs. To disable {ml} entirely, see the
 {ref}/ml-settings.html[{es} {ml} settings].
+
+[[data-visualizer-settings]]
+==== {data-viz} settings
+
+`xpack.ml.file_data_visualizer.max_file_size`::
+Sets the file size limit when importing data in the {data-viz}. The default
+value is `100MB`. The highest supported value for this setting is `1GB`.
+
@@ -133,7 +133,8 @@ server.port
 Settings that must be the same:
 --------
 xpack.security.encryptionKey //decrypting session cookies
-xpack.reporting.encryptionKey //decrypting reports stored in Elasticsearch
+xpack.reporting.encryptionKey //decrypting reports
+xpack.encryptedSavedObjects.encryptionKey // decrypting saved objects
 --------
 
 Separate configuration files can be used from the command line by using the `-c` flag:
 
@@ -35,7 +35,7 @@ image::siem/images/network-ui.png[]
 
 [float]
 [[detections-ui]]
-=== Detections (Beta)
+=== Detections (beta)
 
 The Detections feature automatically searches for threats and creates 
 signals when they are detected. Signal detection rules define the conditions 
@@ -50,6 +50,22 @@ or the Detections API.
 [role="screenshot"]
 image::siem/images/detections-ui.png[]
 
+[float]
+[[cases-ui]]
+=== Cases (beta)
+
+Cases are used to open and track security issues directly in SIEM. 
+Cases list the original reporter and all users who contribute to a case
+(`participants`). Case comments support Markdown syntax, and allow linking to
+saved Timelines. Additionally, you can send cases to external systems from
+within SIEM (currently ServiceNow).
+
+For information about opening, updating, and closing cases, see
+{siem-guide}/cases-overview.html[Cases] in the SIEM Guide.
+
+[role="screenshot"]
+image::siem/images/cases-ui.png[]
+
 [float]
 [[timelines-ui]]
 === Timeline
 
@@ -98,6 +98,24 @@ to the new dimensions.
 * To delete a panel, open the panel menu and select *Delete from dashboard.* Deleting a panel from a
 dashboard does *not* delete the saved visualization or search.
 
+[float]
+[[cloning-a-panel]]
+=== Clone dashboard elements
+
+In *Edit* mode, you can clone any panel on a dashboard.
+
+To clone an existing panel, open the panel menu of the element you wish to clone, then select *Clone panel*.
+
+* Cloned panels appear beside the original, and will move other panels down to make room if necessary.
+
+* Clones support all of the original panel's functionality, including renaming, editing, and cloning.
+
+* All cloned visualizations will appear in the visualization list.
+
+[role="screenshot"]
+image:images/clone_panel.gif[clone panel]
+
+
 [float]
 [[viewing-detailed-information]]
 === Inspect and edit elements