Open bczifra opened 2 months ago
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/fleet (Team:Fleet)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Describe the bug: The Kibana Security app requires access to EPR (Elastic Package Registry) even in air-gapped environment not using Fleet/Agent, even with
xpack.fleet.isAirGapped
set totrue
.If EPR isn't available, the browser will have a growing number of long-running requests to EPR that never succeed.
A workaround is to host a local EPR.
Kibana/Elasticsearch Stack version: 8.8.1
Server OS version:
Browser and Browser OS versions:
Elastic Endpoint version:
Original install method (e.g. download page, yum, from source, etc.):
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Steps to reproduce:
https://kibana.domain/s//internal/detection_engine/fleet/integrations/installed?packages= Stalled 172.95 ms Initial Connection 4.0 min Status Finished
https://kibana.domain/s/$space/internal/detection_engine/rules/prepackaged/_status Stalled 9.42 ms Request Sent 0.92 ms Waiting for Server Response 1.0 min Content Download 0.74 ms Status 200 OK
When loading the Security App - Timelines page in $space https://kibana.domain/s/$space/api/fleet/setup Stalled 1.07 ms Request Sent 0.21 ms Waiting for Server Response 41.01 s Content Download 2.24 ms Status 200 OK
https://kibana.domain/s/$space/api/fleet/epm/packages/_bulk?prerelease=false Stalled 3.48 ms Request Send 0.43 ms Waiting for server response 1.1 min Content Download 6.82 ms Status 200 OK
When loading the Security App - Alerts page https://kibana.domain/s/$space/api/fleet/epm/packages/_bulk?prerelease=false Stalled 68.97 ms Request sent 0.14 ms Waiting for Server Response 57.16 s Content Download 0 Status 200 OK
Current behavior: Requires access to EPR
Expected behavior: Should not require access to EPR
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context (logs, chat logs, magical formulas, etc.):