github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Specific Cypress executions for Detection Engine team (#172298)

Browse source 
Co-authored-by: Charlie Pichette <charles.pichette@elastic.co>
This commit is contained in:
Gloria Hornero 2023-12-04 21:33:08 +01:00 committed by GitHub
parent 7d3cbd215d
commit 217a6632b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
66 changed files with 757 additions and 1422 deletions
Download patch file Download diff file Expand all files Collapse all files

28
.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml
View file

@ -63,7 +63,7 @@ steps:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
parallelism: 2
retry:
automatic:
- exit_status: '*'
@ -115,6 +115,32 @@ steps:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 4
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_serverless_detection_engine.sh
label: 'Serverless Detection Engine - Security Solution Cypress Tests'
if: "build.env('SKIP_CYPRESS') != '1' && build.env('SKIP_CYPRESS') != 'true'"
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_serverless_detection_engine_exceptions.sh
label: 'Serverless Detection Engine - Exceptions - Security Solution Cypress Tests'
if: "build.env('SKIP_CYPRESS') != '1' && build.env('SKIP_CYPRESS') != 'true'"
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:

17
.buildkite/pipelines/flaky_tests/groups.json
View file

@ -41,6 +41,23 @@
"key": "cypress/security_serverless_rule_management_prebuilt_rules",
"name": "[Serverless] Security Solution Rule Management - Prebuilt Rules - Cypress"
},
{
"key": "cypress/security_solution_detection_engine",
"name": "Security Solution Detection Engine - Cypress"
},
{
"key": "cypress/security_serverless_detection_engine",
"name": "[Serverless] Security Solution Detection Engine - Cypress"
},
{
"key": "cypress/security_solution_detection_engine_exceptions",
"name": "Security Solution Detection Engine - Exceptions - Cypress"
},
{
"key": "cypress/security_serverless_detection_engine_exceptions",
"name": "[Serverless] Security Solution Detection Engine - Exceptions - Cypress"
},
{
"key": "cypress/defend_workflows",
"name": "Security Solution Defend Workflows - Cypress"

54
.buildkite/pipelines/on_merge.yml
View file

@ -85,7 +85,7 @@ steps:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
parallelism: 2
retry:
automatic:
- exit_status: '*'
@ -133,7 +133,7 @@ steps:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
parallelism: 4
retry:
automatic:
- exit_status: '*'
@ -163,13 +163,61 @@ steps:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_serverless_detection_engine.sh
label: 'Serverless Detection Engine - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_serverless_detection_engine_exceptions.sh
label: 'Serverless Detection Engine - Exceptions - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_solution_detection_engine.sh
label: 'Detection Engine - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 8
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_solution_detection_engine_exceptions.sh
label: 'Detection Engine - Exceptions - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_solution.sh
label: 'Security Solution Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 16
parallelism: 8
retry:
automatic:
- exit_status: '*'

52
.buildkite/pipelines/pull_request/base.yml
View file

@ -63,7 +63,7 @@ steps:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
parallelism: 2
retry:
automatic:
- exit_status: '*'
@ -111,6 +111,30 @@ steps:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 4
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_serverless_detection_engine.sh
label: 'Serverless Detection Engine - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_serverless_detection_engine_exceptions.sh
label: 'Serverless Detection Engine - Exceptions - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
@ -123,7 +147,7 @@ steps:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 16
parallelism: 8
retry:
automatic:
- exit_status: '*'
@ -164,6 +188,30 @@ steps:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_solution_detection_engine.sh
label: 'Detection Engine - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 8
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_solution_detection_engine_exceptions.sh
label: 'Detection Engine - Exceptions - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/steps/functional/security_solution_investigations.sh
label: 'Investigations - Security Solution Cypress Tests'

24
.buildkite/pipelines/security_solution/security_solution_cypress.yml
View file

@ -54,6 +54,30 @@ steps:
# TODO : Revise the timeout when the pipeline will be officially integrated with the quality gate.
timeout_in_minutes: 300
parallelism: 6
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:detection_engine
label: 'Serverless MKI QA Detection Engine - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
# TODO : Revise the timeout when the pipeline will be officially integrated with the quality gate.
timeout_in_minutes: 300
parallelism: 8
retry:
automatic:
- exit_status: '*'
limit: 1
- command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:detection_engine:exceptions
label: 'Serverless MKI QA Detection Engine - Exceptions - Security Solution Cypress Tests'
agents:
queue: n2-4-spot
# TODO : Revise the timeout when the pipeline will be officially integrated with the quality gate.
timeout_in_minutes: 300
parallelism: 6
retry:
automatic:
- exit_status: '*'

16
.buildkite/scripts/steps/functional/security_serverless_detection_engine.sh Normal file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -euo pipefail
source .buildkite/scripts/steps/functional/common.sh
source .buildkite/scripts/steps/functional/common_cypress.sh
export JOB=kibana-security-solution-chrome
export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION}
echo "--- Detection Engine Cypress Tests on Serverless"
cd x-pack/test/security_solution_cypress
set +e
yarn cypress:detection_engine:run:serverless; status=$?; yarn junit:merge || :; exit $status

16
.buildkite/scripts/steps/functional/security_serverless_detection_engine_exceptions.sh Normal file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -euo pipefail
source .buildkite/scripts/steps/functional/common.sh
source .buildkite/scripts/steps/functional/common_cypress.sh
export JOB=kibana-security-solution-chrome
export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION}
echo "--- Detection Engine - Exceptions - Cypress Tests on Serverless"
cd x-pack/test/security_solution_cypress
set +e
yarn cypress:detection_engine:exceptions:run:serverless; status=$?; yarn junit:merge || :; exit $status

16
.buildkite/scripts/steps/functional/security_solution_detection_engine.sh Normal file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -euo pipefail
source .buildkite/scripts/steps/functional/common.sh
source .buildkite/scripts/steps/functional/common_cypress.sh
export JOB=kibana-security-solution-chrome
export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION}
echo "--- Detection Engine - Security Solution Cypress Tests"
cd x-pack/test/security_solution_cypress
set +e
yarn cypress:detection_engine:run:ess; status=$?; yarn junit:merge || :; exit $status

16
.buildkite/scripts/steps/functional/security_solution_detection_engine_exceptions.sh Normal file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -euo pipefail
source .buildkite/scripts/steps/functional/common.sh
source .buildkite/scripts/steps/functional/common_cypress.sh
export JOB=kibana-security-solution-chrome
export KIBANA_INSTALL_DIR=${KIBANA_BUILD_LOCATION}
echo "--- Detection Engine - Exceptions - Security Solution Cypress Tests"
cd x-pack/test/security_solution_cypress
set +e
yarn cypress:detection_engine:exceptions:run:ess; status=$?; yarn junit:merge || :; exit $status

9
.github/CODEOWNERS vendored
View file

@ -1386,14 +1386,7 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout @elastic/
/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals @elastic/security-detection-engine
/x-pack/plugins/security_solution/server/lib/sourcerer @elastic/security-detection-engine
/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/sourcerer @elastic/security-detection-engine
/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts @elastic/security-detection-engine
/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_actions @elastic/security-detection-engine
/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation @elastic/security-detection-engine
/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_edit @elastic/security-detection-engine
/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists @elastic/security-detection-engine
/x-pack/test/security_solution_cypress/cypress/e2e/exceptions @elastic/security-detection-engine
/x-pack/test/security_solution_cypress/cypress/e2e/overview @elastic/security-detection-engine
/x-pack/test/security_solution_cypress/cypress/e2e/detection_engine @elastic/security-detection-engine
/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions @elastic/security-detection-engine
/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation @elastic/security-detection-engine
/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions @elastic/security-detection-engine

17
x-pack/test/security_solution_cypress/cypress/README.md
View file

@ -62,15 +62,20 @@ Run the tests with the following yarn scripts from `x-pack/test/security_solutio
| cypress | Runs the default Cypress command |
| cypress:open:ess | Opens the Cypress UI with all tests in the `e2e` directory. This also runs a local kibana and ES instance. The kibana instance will reload when you make code changes. This is the recommended way to debug and develop tests. |
| cypress:open:serverless | Opens the Cypress UI with all tests in the `e2e` directory. This also runs a mocked serverless environment. The kibana instance will reload when you make code changes. This is the recommended way to debug and develop tests. |
| cypress:run:ess | Runs all tests tagged as ESS placed in the `e2e` directory excluding `investigations`,`explore` and `detection_response/rule_management` directories in headless mode |
| cypress:run:ess | Runs all tests tagged as ESS placed in the `e2e` directory excluding `investigations`,`explore` and `detection_response` directories in headless mode |
| cypress:run:cases:ess | Runs all tests under `explore/cases` in the `e2e` directory related to the Cases area team in headless mode |
| cypress:ess | Runs all ESS tests with the specified configuration in headless mode and produces a report using `cypress-multi-reporters` |
| cypress:rule_management:run:ess | Runs all tests tagged as ESS in the `e2e/detection_response/rule_management` excluding `e2e/detection_response/rule_management/prebuilt_rules` directory in headless mode |
| cypress:rule_management:prebuilt_rules:run:ess | Runs all tests tagged as ESS in the `e2e/detection_response/rule_management/prebuilt_rules` directory in headless mode |
| cypress:run:respops:ess | Runs all tests related to the Response Ops area team, specifically tests in `detection_alerts`, `detection_rules`, and `exceptions` directories in headless mode |
| cypress:run:serverless | Runs all tests tagged as SERVERLESS in the `e2e` directory excluding `investigations`, `explore` and `rule_management` directories in headless mode |
| cypress:run:serverless | Runs all tests tagged as SERVERLESS in the `e2e` directory excluding `investigations`, `explore` and `detections_response` directories in headless mode |
| cypress:rule_management:run:serverless | Runs all tests tagged as SERVERLESS in the `e2e/detection_response/rule_management` excluding `e2e/detection_response/rule_management/prebuilt_rules` directory in headless mode |
| cypress:rule_management:prebuilt_rules:run:serverless | Runs all tests tagged as ESS in the `e2e/detection_response/rule_management/prebuilt_rules` directory in headless mode |
| cypress:detection_engine:run:ess | Runs all tests tagged as ESS in the `e2e/detection_response/detection_engine` excluding `e2e/detection_response/detection_engine/exceptions` directory in headless mode |
| cypress:detection_engine:exceptions:run:ess | Runs all tests tagged as ESS in the `e2e/detection_response/detection_engine/exceptions` directory in headless mode |
| cypress:detection_engine:run:serverless | Runs all tests tagged as SERVERLESS in the `e2e/detection_response/detection_engine` excluding `e2e/detection_response/detection_engine` directory in headless mode |
| cypress:detection_engine:exceptions:run:serverless | Runs all tests tagged as ESS in the `e2e/detection_response/detection_engine/exceptions` directory in headless mode |
| cypress:investigations:run:ess | Runs all tests tagged as SERVERLESS in the `e2e/investigations` directory in headless mode |
| cypress:explore:run:ess | Runs all tests tagged as ESS in the `e2e/explore` directory in headless mode |
| cypress:investigations:run:serverless | Runs all tests tagged as SERVERLESS in the `e2e/investigations` directory in headless mode |
@ -81,6 +86,10 @@ Run the tests with the following yarn scripts from `x-pack/test/security_solutio
| cypress:run:qa:serverless:investigations | Runs all tests tagged as SERVERLESS in the `e2e/investigations` directory in headless mode using the QA environment and reak MKI projects. |
| cypress:run:qa:serverless:rule_management | Runs all tests tagged as SERVERLESS in the `e2e/detection_response/rule_management` directory, excluding `e2e/detection_response/rule_management/prebuilt_rules` in headless mode using the QA environment and reak MKI projects. |
| cypress:run:qa:serverless:rule_management:prebuilt_rules | Runs all tests tagged as SERVERLESS in the `e2e/detection_response/rule_management/prebuilt_rules` directory in headless mode using the QA environment and reak MKI projects. |
| cypress:run:qa:serverless:detection_engine | Runs all tests tagged as SERVERLESS in the `e2e/detection_response/detection_engine` directory, excluding `e2e/detection_response/detection_engine/exceptions` in headless mode using the QA environment and reak MKI projects. |
| cypress:run:qa:serverless:detection_engine:exceptions | Runs all tests tagged as SERVERLESS in the `e2e/detection_response/detection_engine/exceptions` directory in headless mode using the QA environment and reak MKI projects. |
| junit:merge | Merges individual test reports into a single report and moves the report to the `junit` directory |
Please note that all the headless mode commands do not open the Cypress UI and are typically used in CI/CD environments. The scripts that open the Cypress UI are useful for development and debugging.
@ -111,6 +120,7 @@ If you belong to one of the teams listed in the table, please add new e2e specs
| `e2e/explore` | Threat Hunting Explore |
| `e2e/investigations` | Threat Hunting Investigations |
| `e2e/detection_response/rule_management` | Detection Rule Management |
| `e2e/detection_response/detection_engine` | Detection Engine |
### fixtures/
@ -259,6 +269,9 @@ Run the tests with the following yarn scripts from `x-pack/test/security_solutio
| cypress:run:qa:serverless:investigations | Runs all tests tagged as SERVERLESS in the `e2e/investigations` directory in headless mode using the QA environment and reak MKI projects. |
| cypress:run:qa:serverless:rule_management | Runs all tests tagged as SERVERLESS in the `e2e/detection_response/rule_management` directory, excluding `e2e/detection_response/rule_management/prebuilt_rules` in headless mode using the QA environment and reak MKI projects. |
| cypress:run:qa:serverless:rule_management:prebuilt_rules | Runs all tests tagged as SERVERLESS in the `e2e/detection_response/rule_management/prebuilt_rules` directory in headless mode using the QA environment and reak MKI projects. |
| cypress:run:qa:serverless:detection_engine | Runs all tests tagged as SERVERLESS in the `e2e/detection_response/detection_engine` directory, excluding `e2e/detection_response/detection_engine/exceptions` in headless mode using the QA environment and reak MKI projects. |
| cypress:run:qa:serverless:detection_engine:prebuilt_rules | Runs all tests tagged as SERVERLESS in the `e2e/detection_response/detection_engine/exceptions` directory in headless mode using the QA environment and reak MKI projects. |
Please note that all the headless mode commands do not open the Cypress UI and are typically used in CI/CD environments. The scripts that open the Cypress UI are useful for development and debugging.

267
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status.cy.ts
View file

@ -1,267 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { getNewRule } from '../../../objects/rule';
import {
ALERTS_COUNT,
CLOSE_SELECTED_ALERTS_BTN,
MARK_ALERT_ACKNOWLEDGED_BTN,
SELECTED_ALERTS,
TAKE_ACTION_POPOVER_BTN,
TIMELINE_CONTEXT_MENU_BTN,
} from '../../../screens/alerts';
import {
selectNumberOfAlerts,
waitForAlerts,
markAcknowledgedFirstAlert,
markAlertsAcknowledged,
goToAcknowledgedAlerts,
closeFirstAlert,
closeAlerts,
goToClosedAlerts,
goToOpenedAlerts,
openAlerts,
openFirstAlert,
} from '../../../tasks/alerts';
import { createRule } from '../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { ALERTS_URL } from '../../../urls/navigation';
// FLAKY: https://github.com/elastic/kibana/issues/169091
describe.skip('Changing alert status', { tags: ['@ess', '@serverless'] }, () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' });
});
after(() => {
cy.task('esArchiverUnload', 'auditbeat_multiple');
});
context('Opening alerts', { tags: ['@ess', '@serverless'] }, () => {
beforeEach(() => {
login();
deleteAlertsAndRules();
createRule(getNewRule());
visit(ALERTS_URL);
waitForAlertsToPopulate();
selectNumberOfAlerts(3);
cy.get(SELECTED_ALERTS).should('have.text', `Selected 3 alerts`);
closeAlerts();
waitForAlerts();
});
it('can mark a closed alert as open', () => {
waitForAlertsToPopulate();
cy.get(ALERTS_COUNT)
.invoke('text')
.then((numberOfOpenedAlertsText) => {
const numberOfOpenedAlerts = parseInt(numberOfOpenedAlertsText, 10);
goToClosedAlerts();
waitForAlerts();
cy.get(ALERTS_COUNT)
.invoke('text')
.then((alertNumberString) => {
const numberOfAlerts = alertNumberString.split(' ')[0];
const numberOfAlertsToBeOpened = 1;
openFirstAlert();
waitForAlerts();
const expectedNumberOfAlerts = +numberOfAlerts - numberOfAlertsToBeOpened;
cy.get(ALERTS_COUNT).contains(expectedNumberOfAlerts);
goToOpenedAlerts();
waitForAlerts();
cy.get(ALERTS_COUNT).contains(`${numberOfOpenedAlerts + numberOfAlertsToBeOpened}`);
});
});
});
it('can bulk open alerts', () => {
waitForAlertsToPopulate();
cy.get(ALERTS_COUNT)
.invoke('text')
.then((numberOfOpenedAlertsText) => {
const numberOfOpenedAlerts = parseInt(numberOfOpenedAlertsText, 10);
goToClosedAlerts();
waitForAlerts();
cy.get(ALERTS_COUNT)
.invoke('text')
.then((alertNumberString) => {
const numberOfAlerts = alertNumberString.split(' ')[0];
const numberOfAlertsToBeOpened = 2;
const numberOfAlertsToBeSelected = 2;
selectNumberOfAlerts(numberOfAlertsToBeSelected);
cy.get(SELECTED_ALERTS).should(
'have.text',
`Selected ${numberOfAlertsToBeSelected} alerts`
);
openAlerts();
waitForAlerts();
const expectedNumberOfAlerts = +numberOfAlerts - numberOfAlertsToBeOpened;
cy.get(ALERTS_COUNT).contains(expectedNumberOfAlerts);
goToOpenedAlerts();
waitForAlerts();
cy.get(ALERTS_COUNT).contains(`${numberOfOpenedAlerts + numberOfAlertsToBeOpened}`);
});
});
});
});
context('Marking alerts as acknowledged', { tags: ['@ess', '@serverless'] }, () => {
beforeEach(() => {
login();
deleteAlertsAndRules();
createRule(getNewRule());
visit(ALERTS_URL);
waitForAlertsToPopulate();
});
it('can mark alert as acknowledged', () => {
cy.get(ALERTS_COUNT)
.invoke('text')
.then((alertNumberString) => {
const numberOfAlerts = alertNumberString.split(' ')[0];
const numberOfAlertsToBeMarkedAcknowledged = 1;
markAcknowledgedFirstAlert();
waitForAlerts();
const expectedNumberOfAlerts = +numberOfAlerts - numberOfAlertsToBeMarkedAcknowledged;
cy.get(ALERTS_COUNT).contains(expectedNumberOfAlerts);
goToAcknowledgedAlerts();
waitForAlerts();
cy.get(ALERTS_COUNT).contains(`${numberOfAlertsToBeMarkedAcknowledged}`);
});
});
it('can bulk mark alerts as acknowledged', () => {
cy.get(ALERTS_COUNT)
.invoke('text')
.then((alertNumberString) => {
const numberOfAlerts = alertNumberString.split(' ')[0];
const numberOfAlertsToBeMarkedAcknowledged = 2;
const numberOfAlertsToBeSelected = 2;
selectNumberOfAlerts(numberOfAlertsToBeSelected);
markAlertsAcknowledged();
waitForAlerts();
const expectedNumberOfAlerts = +numberOfAlerts - numberOfAlertsToBeMarkedAcknowledged;
cy.get(ALERTS_COUNT).contains(expectedNumberOfAlerts);
goToAcknowledgedAlerts();
waitForAlerts();
cy.get(ALERTS_COUNT).contains(numberOfAlertsToBeMarkedAcknowledged);
});
});
});
context('Closing alerts', { tags: ['@ess', '@serverless'] }, () => {
beforeEach(() => {
login();
deleteAlertsAndRules();
createRule(getNewRule({ rule_id: '1', max_signals: 100 }));
visit(ALERTS_URL);
waitForAlertsToPopulate();
});
it('can close an alert', () => {
const numberOfAlertsToBeClosed = 1;
cy.get(ALERTS_COUNT)
.invoke('text')
.then((alertNumberString) => {
const numberOfAlerts = alertNumberString.split(' ')[0];
cy.get(ALERTS_COUNT).should('have.text', `${numberOfAlerts} alerts`);
selectNumberOfAlerts(numberOfAlertsToBeClosed);
cy.get(SELECTED_ALERTS).should('have.text', `Selected ${numberOfAlertsToBeClosed} alert`);
closeFirstAlert();
waitForAlerts();
const expectedNumberOfAlertsAfterClosing = +numberOfAlerts - numberOfAlertsToBeClosed;
cy.get(ALERTS_COUNT).contains(expectedNumberOfAlertsAfterClosing);
goToClosedAlerts();
waitForAlerts();
cy.get(ALERTS_COUNT).contains(numberOfAlertsToBeClosed);
});
});
it('can bulk close alerts', () => {
const numberOfAlertsToBeClosed = 2;
cy.get(ALERTS_COUNT)
.invoke('text')
.then((alertNumberString) => {
const numberOfAlerts = alertNumberString.split(' ')[0];
cy.get(ALERTS_COUNT).should('have.text', `${numberOfAlerts} alerts`);
selectNumberOfAlerts(numberOfAlertsToBeClosed);
cy.get(SELECTED_ALERTS).should(
'have.text',
`Selected ${numberOfAlertsToBeClosed} alerts`
);
closeAlerts();
waitForAlerts();
const expectedNumberOfAlertsAfterClosing = +numberOfAlerts - numberOfAlertsToBeClosed;
cy.get(ALERTS_COUNT).contains(expectedNumberOfAlertsAfterClosing);
goToClosedAlerts();
waitForAlerts();
cy.get(ALERTS_COUNT).contains(numberOfAlertsToBeClosed);
});
});
});
// This test is unable to be run in serverless as `reader` is not available and viewer is currently reserved
// https://github.com/elastic/kibana/pull/169723#issuecomment-1793191007
// https://github.com/elastic/kibana/issues/170583
context('User is readonly', { tags: ['@ess', '@brokenInServerless'] }, () => {
beforeEach(() => {
login();
visit(ALERTS_URL);
deleteAlertsAndRules();
createRule(getNewRule());
login(ROLES.reader);
visit(ALERTS_URL);
waitForAlertsToPopulate();
});
it('should not allow users to change a single alert status', () => {
// This is due to the reader role which makes everything in security 'read only'
cy.get(TIMELINE_CONTEXT_MENU_BTN).should('not.exist');
});
it('should not allow users to bulk change the alert status', () => {
selectNumberOfAlerts(2);
cy.get(TAKE_ACTION_POPOVER_BTN).first().click();
cy.get(TAKE_ACTION_POPOVER_BTN).should('be.visible');
cy.get(CLOSE_SELECTED_ALERTS_BTN).should('not.exist');
cy.get(MARK_ALERT_ACKNOWLEDGED_BTN).should('not.exist');
});
});
});

105
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_tags.cy.ts
View file

@ -1,105 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getNewRule } from '../../../objects/rule';
import {
clickAlertTag,
openAlertTaggingBulkActionMenu,
selectNumberOfAlerts,
updateAlertTags,
} from '../../../tasks/alerts';
import { createRule } from '../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { login } from '../../../tasks/login';
import { visitWithTimeRange } from '../../../tasks/navigation';
import { ALERTS_URL } from '../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule';
import {
ALERTS_TABLE_ROW_LOADER,
MIXED_ALERT_TAG,
SELECTED_ALERT_TAG,
UNSELECTED_ALERT_TAG,
} from '../../../screens/alerts';
describe('Alert tagging', { tags: ['@ess', '@serverless'] }, () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'endpoint' });
cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' });
});
after(() => {
cy.task('esArchiverUnload', 'endpoint');
cy.task('esArchiverUnload', 'auditbeat_multiple');
});
beforeEach(() => {
login();
deleteAlertsAndRules();
createRule(getNewRule({ rule_id: 'new custom rule' }));
visitWithTimeRange(ALERTS_URL);
waitForAlertsToPopulate();
});
it('Add and remove a tag using the alert bulk action menu', () => {
// Add a tag to one alert
selectNumberOfAlerts(1);
openAlertTaggingBulkActionMenu();
clickAlertTag('Duplicate');
updateAlertTags();
cy.get(ALERTS_TABLE_ROW_LOADER).should('not.exist');
selectNumberOfAlerts(1);
openAlertTaggingBulkActionMenu();
cy.get(SELECTED_ALERT_TAG).contains('Duplicate');
// Remove tag from that alert
clickAlertTag('Duplicate');
updateAlertTags();
cy.get(ALERTS_TABLE_ROW_LOADER).should('not.exist');
selectNumberOfAlerts(1);
openAlertTaggingBulkActionMenu();
cy.get(UNSELECTED_ALERT_TAG).first().contains('Duplicate');
});
it('Add a tag using the alert bulk action menu with mixed state', () => {
// Add tag to one alert first
selectNumberOfAlerts(1);
openAlertTaggingBulkActionMenu();
clickAlertTag('Duplicate');
updateAlertTags();
cy.get(ALERTS_TABLE_ROW_LOADER).should('not.exist');
// Then add tags to both alerts
selectNumberOfAlerts(5);
openAlertTaggingBulkActionMenu();
cy.get(MIXED_ALERT_TAG).contains('Duplicate');
clickAlertTag('Duplicate');
updateAlertTags();
cy.get(ALERTS_TABLE_ROW_LOADER).should('not.exist');
selectNumberOfAlerts(5);
openAlertTaggingBulkActionMenu();
cy.get(SELECTED_ALERT_TAG).contains('Duplicate');
});
it('Remove a tag using the alert bulk action menu with mixed state', () => {
// Add tag to one alert first
selectNumberOfAlerts(1);
openAlertTaggingBulkActionMenu();
clickAlertTag('Duplicate');
updateAlertTags();
cy.get(ALERTS_TABLE_ROW_LOADER).should('not.exist');
waitForAlertsToPopulate();
// Then remove tags from both alerts
selectNumberOfAlerts(2);
openAlertTaggingBulkActionMenu();
cy.get(MIXED_ALERT_TAG).contains('Duplicate');
clickAlertTag('Duplicate');
clickAlertTag('Duplicate'); // Clicking twice will return to unselected state
updateAlertTags();
cy.get(ALERTS_TABLE_ROW_LOADER).should('not.exist');
selectNumberOfAlerts(2);
openAlertTaggingBulkActionMenu();
cy.get(UNSELECTED_ALERT_TAG).first().contains('Duplicate');
});
});

200
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alerts_detection_callouts_index_outdated.cy.ts
View file

@ -1,200 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { ALERTS_URL } from '../../../urls/navigation';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
import { ruleDetailsUrl } from '../../../urls/rule_details';
import { getNewRule } from '../../../objects/rule';
import { PAGE_TITLE } from '../../../screens/common/page';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { createRule, deleteCustomRule } from '../../../tasks/api_calls/rules';
import {
getCallOut,
NEED_ADMIN_FOR_UPDATE_CALLOUT,
waitForCallOutToBeShown,
} from '../../../tasks/common/callouts';
const loadPageAsPlatformEngineerUser = (url: string) => {
login(ROLES.soc_manager);
visit(url);
waitForPageTitleToBeShown();
};
const waitForPageTitleToBeShown = () => {
cy.get(PAGE_TITLE).should('be.visible');
};
describe(
'Detections > Need Admin Callouts indicating an admin is needed to migrate the alert data set',
{ tags: ['@ess', '@skipInServerless'] },
() => {
before(() => {
// First, we have to open the app on behalf of a privileged user in order to initialize it.
// Otherwise the app will be disabled and show a "welcome"-like page.
login();
visit(ALERTS_URL);
waitForPageTitleToBeShown();
});
context(
'The users index_mapping_outdated is "true" and their admin callouts should show up',
() => {
beforeEach(() => {
// Index mapping outdated is forced to return true as being outdated so that we get the
// need admin callouts being shown.
cy.intercept('GET', '/api/detection_engine/index', (req) => {
req.reply((res) => {
res.send(200, {
index_mapping_outdated: true,
name: '.alerts-security.alerts-default',
});
});
});
});
context('On Detections home page', () => {
beforeEach(() => {
loadPageAsPlatformEngineerUser(ALERTS_URL);
});
it('We show the need admin primary callout', () => {
waitForCallOutToBeShown(NEED_ADMIN_FOR_UPDATE_CALLOUT, 'primary');
});
});
context('On Rules Management page', () => {
beforeEach(() => {
loadPageAsPlatformEngineerUser(RULES_MANAGEMENT_URL);
});
it('We show 1 primary callout of need admin', () => {
waitForCallOutToBeShown(NEED_ADMIN_FOR_UPDATE_CALLOUT, 'primary');
});
});
context('On Rule Details page', () => {
beforeEach(() => {
createRule(getNewRule({ rule_id: 'rule_testing' })).then((rule) =>
loadPageAsPlatformEngineerUser(ruleDetailsUrl(rule.body.id))
);
});
afterEach(() => {
deleteCustomRule();
});
it('We show 1 primary callout', () => {
waitForCallOutToBeShown(NEED_ADMIN_FOR_UPDATE_CALLOUT, 'primary');
});
});
}
);
context(
'The users index_mapping_outdated is "false" and their admin callouts should not show up ',
() => {
beforeEach(() => {
// Index mapping outdated is forced to return true as being outdated so that we get the
// need admin callouts being shown.
cy.intercept('GET', '/api/detection_engine/index', {
index_mapping_outdated: false,
name: '.alerts-security.alerts-default',
});
});
context('On Detections home page', () => {
beforeEach(() => {
loadPageAsPlatformEngineerUser(ALERTS_URL);
});
it('We show the need admin primary callout', () => {
getCallOut(NEED_ADMIN_FOR_UPDATE_CALLOUT).should('not.exist');
});
});
context('On Rules Management page', () => {
beforeEach(() => {
loadPageAsPlatformEngineerUser(RULES_MANAGEMENT_URL);
});
it('We show 1 primary callout of need admin', () => {
getCallOut(NEED_ADMIN_FOR_UPDATE_CALLOUT).should('not.exist');
});
});
context('On Rule Details page', () => {
beforeEach(() => {
createRule(getNewRule({ rule_id: 'rule_testing' })).then((rule) =>
loadPageAsPlatformEngineerUser(ruleDetailsUrl(rule.body.id))
);
});
afterEach(() => {
deleteCustomRule();
});
it('We show 1 primary callout', () => {
getCallOut(NEED_ADMIN_FOR_UPDATE_CALLOUT).should('not.exist');
});
});
}
);
context(
'The users index_mapping_outdated is "null" and their admin callouts should not show up ',
() => {
beforeEach(() => {
// Index mapping outdated is forced to return true as being outdated so that we get the
// need admin callouts being shown.
cy.intercept('GET', '/api/detection_engine/index', {
index_mapping_outdated: null,
name: '.alerts-security.alerts-default',
});
});
context('On Detections home page', () => {
beforeEach(() => {
loadPageAsPlatformEngineerUser(ALERTS_URL);
});
it('We show the need admin primary callout', () => {
getCallOut(NEED_ADMIN_FOR_UPDATE_CALLOUT).should('not.exist');
});
});
context('On Rules Management page', () => {
beforeEach(() => {
loadPageAsPlatformEngineerUser(RULES_MANAGEMENT_URL);
});
it('We show 1 primary callout of need admin', () => {
getCallOut(NEED_ADMIN_FOR_UPDATE_CALLOUT).should('not.exist');
});
});
context('On Rule Details page', () => {
beforeEach(() => {
createRule(getNewRule({ rule_id: 'rule_testing' })).then((rule) =>
loadPageAsPlatformEngineerUser(ruleDetailsUrl(rule.body.id))
);
});
afterEach(() => {
deleteCustomRule();
});
it('We show 1 primary callout', () => {
getCallOut(NEED_ADMIN_FOR_UPDATE_CALLOUT).should('not.exist');
});
});
}
);
}
);

148
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/missing_privileges_callout.cy.ts
View file

@ -1,148 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { ALERTS_URL } from '../../../urls/navigation';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
import { getNewRule } from '../../../objects/rule';
import { PAGE_TITLE } from '../../../screens/common/page';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { createRule, deleteCustomRule } from '../../../tasks/api_calls/rules';
import {
getCallOut,
waitForCallOutToBeShown,
dismissCallOut,
MISSING_PRIVILEGES_CALLOUT,
} from '../../../tasks/common/callouts';
import { ruleDetailsUrl } from '../../../urls/rule_details';
const loadPageAsReadOnlyUser = (url: string) => {
login(ROLES.t1_analyst);
visit(url);
waitForPageTitleToBeShown();
};
const loadPageAsPlatformEngineer = (url: string) => {
login(ROLES.platform_engineer);
visit(url);
waitForPageTitleToBeShown();
};
const reloadPage = () => {
cy.reload();
waitForPageTitleToBeShown();
};
const waitForPageTitleToBeShown = () => {
cy.get(PAGE_TITLE).should('be.visible');
};
describe(
'Detections > Callouts',
{ tags: ['@ess', '@serverless', '@brokenInServerlessQA'] },
() => {
before(() => {
// First, we have to open the app on behalf of a privileged user in order to initialize it.
// Otherwise the app will be disabled and show a "welcome"-like page.
login();
visit(ALERTS_URL);
waitForPageTitleToBeShown();
});
context('indicating read-only access to resources', () => {
context('On Detections home page', () => {
beforeEach(() => {
loadPageAsReadOnlyUser(ALERTS_URL);
});
it('We show one primary callout', () => {
waitForCallOutToBeShown(MISSING_PRIVILEGES_CALLOUT, 'primary');
});
context('When a user clicks Dismiss on the callout', () => {
it('We hide it and persist the dismissal', () => {
waitForCallOutToBeShown(MISSING_PRIVILEGES_CALLOUT, 'primary');
dismissCallOut(MISSING_PRIVILEGES_CALLOUT);
reloadPage();
getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
});
});
});
// FYI: Rules Management check moved to ../detection_rules/all_rules_read_only.spec.ts
context('On Rule Details page', () => {
beforeEach(() => {
createRule(getNewRule()).then((rule) =>
loadPageAsReadOnlyUser(ruleDetailsUrl(rule.body.id))
);
});
afterEach(() => {
deleteCustomRule();
});
it('We show one primary callout', () => {
waitForCallOutToBeShown(MISSING_PRIVILEGES_CALLOUT, 'primary');
});
context('When a user clicks Dismiss on the callouts', () => {
it('We hide them and persist the dismissal', () => {
waitForCallOutToBeShown(MISSING_PRIVILEGES_CALLOUT, 'primary');
dismissCallOut(MISSING_PRIVILEGES_CALLOUT);
reloadPage();
getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
});
});
});
});
context('indicating read-write access to resources', () => {
context('On Detections home page', () => {
beforeEach(() => {
loadPageAsPlatformEngineer(ALERTS_URL);
});
it('We show no callout', () => {
getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
});
});
context('On Rules Management page', () => {
beforeEach(() => {
login(ROLES.platform_engineer);
loadPageAsPlatformEngineer(RULES_MANAGEMENT_URL);
});
it('We show no callout', () => {
getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
});
});
context('On Rule Details page', () => {
beforeEach(() => {
createRule(getNewRule()).then((rule) =>
loadPageAsPlatformEngineer(ruleDetailsUrl(rule.body.id))
);
});
afterEach(() => {
deleteCustomRule();
});
it('We show no callouts', () => {
getCallOut(MISSING_PRIVILEGES_CALLOUT).should('not.exist');
});
});
});
}
);

199
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/threat_match_enrichments.cy.ts
View file

@ -1,199 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { disableExpandableFlyout } from '../../../tasks/api_calls/kibana_advanced_settings';
import { getNewThreatIndicatorRule, indicatorRuleMatchingDoc } from '../../../objects/rule';
import { login } from '../../../tasks/login';
import {
JSON_TEXT,
TABLE_CELL,
TABLE_ROWS,
THREAT_DETAILS_VIEW,
ENRICHMENT_COUNT_NOTIFICATION,
INDICATOR_MATCH_ENRICHMENT_SECTION,
INVESTIGATION_TIME_ENRICHMENT_SECTION,
THREAT_DETAILS_ACCORDION,
} from '../../../screens/alerts_details';
import { TIMELINE_FIELD } from '../../../screens/rule_details';
import { expandFirstAlert, setEnrichmentDates, viewThreatIntelTab } from '../../../tasks/alerts';
import { createRule } from '../../../tasks/api_calls/rules';
import { openJsonView, openThreatIndicatorDetails } from '../../../tasks/alerts_details';
import { addsFieldsToTimeline, visitRuleDetailsPage } from '../../../tasks/rule_details';
// TODO: https://github.com/elastic/kibana/issues/161539
describe(
'Threat Match Enrichment',
{ tags: ['@ess', '@serverless', '@brokenInServerless'] },
() => {
before(() => {
// illegal_argument_exception: unknown setting [index.lifecycle.rollover_alias]
cy.task('esArchiverLoad', { archiveName: 'threat_indicator' });
cy.task('esArchiverLoad', { archiveName: 'suspicious_source_event' });
login();
disableExpandableFlyout();
});
after(() => {
cy.task('esArchiverUnload', 'threat_indicator');
cy.task('esArchiverUnload', 'suspicious_source_event');
});
beforeEach(() => {
login();
createRule({ ...getNewThreatIndicatorRule(), rule_id: 'rule_testing', enabled: true }).then(
(rule) => visitRuleDetailsPage(rule.body.id)
);
});
// TODO: https://github.com/elastic/kibana/issues/161539
// Skipped: https://github.com/elastic/kibana/issues/162818
it.skip('Displays enrichment matched.* fields on the timeline', () => {
const expectedFields = {
'threat.enrichments.matched.atomic': indicatorRuleMatchingDoc.atomic,
'threat.enrichments.matched.type': indicatorRuleMatchingDoc.matchedType,
'threat.enrichments.matched.field':
getNewThreatIndicatorRule().threat_mapping[0].entries[0].field,
'threat.enrichments.matched.id': indicatorRuleMatchingDoc.matchedId,
'threat.enrichments.matched.index': indicatorRuleMatchingDoc.matchedIndex,
};
const fields = Object.keys(expectedFields) as Array<keyof typeof expectedFields>;
addsFieldsToTimeline('threat.enrichments.matched', fields);
fields.forEach((field) => {
cy.get(TIMELINE_FIELD(field)).should('have.text', expectedFields[field]);
});
});
it('Displays persisted enrichments on the JSON view', () => {
const expectedEnrichment = [
{
'indicator.file.hash.md5': ['9b6c3518a91d23ed77504b5416bfb5b3'],
'matched.index': ['logs-ti_abusech.malware'],
'indicator.file.type': ['elf'],
'indicator.file.hash.tlsh': [
'6D7312E017B517CC1371A8353BED205E9128223972AE35302E97528DF957703BAB2DBE',
],
'feed.name': ['AbuseCH malware'],
'indicator.file.hash.ssdeep': [
'1536:87vbq1lGAXSEYQjbChaAU2yU23M51DjZgSQAvcYkFtZTjzBht5:8D+CAXFYQChaAUk5ljnQssL',
],
'indicator.file.hash.sha256': [
'a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3',
],
'indicator.first_seen': ['2021-03-10T08:02:14.000Z'],
'matched.field': ['myhash.mysha256'],
'indicator.type': ['file'],
'matched.type': ['indicator_match_rule'],
'matched.id': ['84cf452c1e0375c3d4412cb550bd1783358468a3b3b777da4829d72c7d6fb74f'],
'matched.atomic': ['a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3'],
'indicator.file.size': [80280],
},
];
expandFirstAlert();
openJsonView();
cy.get(JSON_TEXT).then((x) => {
const parsed = JSON.parse(x.text());
expect(parsed.fields['threat.enrichments']).to.deep.equal(expectedEnrichment);
});
});
it('Displays threat indicator details on the threat intel tab', () => {
const expectedThreatIndicatorData = [
{ field: 'feed.name', value: 'AbuseCH malware' },
{ field: 'indicator.file.hash.md5', value: '9b6c3518a91d23ed77504b5416bfb5b3' },
{
field: 'indicator.file.hash.sha256',
value: 'a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3',
},
{
field: 'indicator.file.hash.ssdeep',
value: '1536:87vbq1lGAXSEYQjbChaAU2yU23M51DjZgSQAvcYkFtZTjzBht5:8D+CAXFYQChaAUk5ljnQssL',
},
{
field: 'indicator.file.hash.tlsh',
value: '6D7312E017B517CC1371A8353BED205E9128223972AE35302E97528DF957703BAB2DBE',
},
{ field: 'indicator.file.size', value: '80280' },
{ field: 'indicator.file.type', value: 'elf' },
{ field: 'indicator.first_seen', value: '2021-03-10T08:02:14.000Z' },
{ field: 'indicator.type', value: 'file' },
{
field: 'matched.atomic',
value: 'a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3',
},
{ field: 'matched.field', value: 'myhash.mysha256' },
{
field: 'matched.id',
value: '84cf452c1e0375c3d4412cb550bd1783358468a3b3b777da4829d72c7d6fb74f',
},
{ field: 'matched.index', value: 'logs-ti_abusech.malware' },
{ field: 'matched.type', value: 'indicator_match_rule' },
];
expandFirstAlert();
openThreatIndicatorDetails();
cy.get(ENRICHMENT_COUNT_NOTIFICATION).should('have.text', '1');
cy.get(THREAT_DETAILS_VIEW).within(() => {
cy.get(TABLE_ROWS).should('have.length', expectedThreatIndicatorData.length);
expectedThreatIndicatorData.forEach((row, index) => {
cy.get(TABLE_ROWS)
.eq(index)
.within(() => {
cy.get(TABLE_CELL).eq(0).should('have.text', row.field);
cy.get(TABLE_CELL).eq(1).should('have.text', row.value);
});
});
});
});
describe('with additional indicators', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'threat_indicator2' });
});
after(() => {
cy.task('esArchiverUnload', 'threat_indicator2');
});
it('Displays matched fields from both indicator match rules and investigation time enrichments on Threat Intel tab', () => {
const indicatorMatchRuleEnrichment = {
field: 'myhash.mysha256',
value: 'a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3',
feedName: 'AbuseCH malware',
};
const investigationTimeEnrichment = {
field: 'source.ip',
value: '192.168.1.1',
feedName: 'feed_name',
};
expandFirstAlert();
viewThreatIntelTab();
setEnrichmentDates('08/05/2018 10:00 AM');
cy.get(`${INDICATOR_MATCH_ENRICHMENT_SECTION} ${THREAT_DETAILS_ACCORDION}`)
.should('exist')
.should(
'have.text',
`${indicatorMatchRuleEnrichment.field} ${indicatorMatchRuleEnrichment.value} from ${indicatorMatchRuleEnrichment.feedName}`
);
cy.get(`${INVESTIGATION_TIME_ENRICHMENT_SECTION} ${THREAT_DETAILS_ACCORDION}`)
.should('exist')
.should(
'have.text',
`${investigationTimeEnrichment.field} ${investigationTimeEnrichment.value} from ${investigationTimeEnrichment.feedName}`
);
});
});
}
);

18
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/assignments/assignments.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments.cy.ts
View file

@ -6,7 +6,7 @@
*/
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { getNewRule } from '../../../../objects/rule';
import { getNewRule } from '../../../../../objects/rule';
import {
closeAlertFlyout,
closeAlerts,
@ -14,12 +14,12 @@ import {
selectFirstPageAlerts,
selectNumberOfAlerts,
selectPageFilterValue,
} from '../../../../tasks/alerts';
import { createRule } from '../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { login } from '../../../../tasks/login';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
} from '../../../../../tasks/alerts';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
import { login } from '../../../../../tasks/login';
import { ALERTS_URL } from '../../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule';
import {
alertDetailsFlyoutShowsAssignees,
alertDetailsFlyoutShowsAssigneesBadge,
@ -39,8 +39,8 @@ import {
updateAssigneesViaTakeActionButtonInFlyout,
removeAllAssigneesViaTakeActionButtonInFlyout,
loadPageAs,
} from '../../../../tasks/alert_assignments';
import { ALERTS_COUNT } from '../../../../screens/alerts';
} from '../../../../../tasks/alert_assignments';
import { ALERTS_COUNT } from '../../../../../screens/alerts';
describe('Alert user assignment - ESS & Serverless', { tags: ['@ess', '@serverless'] }, () => {
before(() => {

14
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/assignments/assignments_ess.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments_ess.cy.ts
View file

@ -6,17 +6,17 @@
*/
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { getNewRule } from '../../../../objects/rule';
import { expandFirstAlert } from '../../../../tasks/alerts';
import { createRule } from '../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { getNewRule } from '../../../../../objects/rule';
import { expandFirstAlert } from '../../../../../tasks/alerts';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
import { ALERTS_URL } from '../../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule';
import {
alertsTableMoreActionsAreNotAvailable,
cannotAddAssigneesViaDetailsFlyout,
loadPageAs,
} from '../../../../tasks/alert_assignments';
} from '../../../../../tasks/alert_assignments';
describe('Alert user assignment - ESS', { tags: ['@ess'] }, () => {
before(() => {

16
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/assignments/assignments_ess_basic.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments_ess_basic.cy.ts
View file

@ -5,18 +5,18 @@
* 2.0.
*/
import { login } from '../../../../tasks/login';
import { getNewRule } from '../../../../objects/rule';
import { expandFirstAlert } from '../../../../tasks/alerts';
import { createRule } from '../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { login } from '../../../../../tasks/login';
import { getNewRule } from '../../../../../objects/rule';
import { expandFirstAlert } from '../../../../../tasks/alerts';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
import { ALERTS_URL } from '../../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule';
import {
asigneesMenuItemsAreNotAvailable,
cannotAddAssigneesViaDetailsFlyout,
loadPageAs,
} from '../../../../tasks/alert_assignments';
} from '../../../../../tasks/alert_assignments';
describe('Alert user assignment - Basic License', { tags: ['@ess'] }, () => {
before(() => {

16
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/assignments/assignments_serverless_complete.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments_serverless_complete.cy.ts
View file

@ -6,19 +6,19 @@
*/
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { getNewRule } from '../../../../objects/rule';
import { refreshAlertPageFilter, selectFirstPageAlerts } from '../../../../tasks/alerts';
import { createRule } from '../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { login } from '../../../../tasks/login';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { getNewRule } from '../../../../../objects/rule';
import { refreshAlertPageFilter, selectFirstPageAlerts } from '../../../../../tasks/alerts';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
import { login } from '../../../../../tasks/login';
import { ALERTS_URL } from '../../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule';
import {
alertsTableShowsAssigneesForAlert,
updateAssigneesForAlert,
bulkRemoveAllAssignees,
loadPageAs,
} from '../../../../tasks/alert_assignments';
} from '../../../../../tasks/alert_assignments';
describe(
'Alert user assignment - Serverless Complete',

16
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/assignments/assignments_serverless_essentials.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/assignments/assignments_serverless_essentials.cy.ts
View file

@ -6,19 +6,19 @@
*/
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { getNewRule } from '../../../../objects/rule';
import { refreshAlertPageFilter, selectFirstPageAlerts } from '../../../../tasks/alerts';
import { createRule } from '../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { login } from '../../../../tasks/login';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { getNewRule } from '../../../../../objects/rule';
import { refreshAlertPageFilter, selectFirstPageAlerts } from '../../../../../tasks/alerts';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
import { login } from '../../../../../tasks/login';
import { ALERTS_URL } from '../../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule';
import {
alertsTableShowsAssigneesForAlert,
updateAssigneesForAlert,
bulkRemoveAllAssignees,
loadPageAs,
} from '../../../../tasks/alert_assignments';
} from '../../../../../tasks/alert_assignments';
describe(
'Alert user assignment - Serverless Essentials',

20
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/alerts_table_flow/endpoint_exceptions.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/endpoint_exceptions.cy.ts
View file

@ -5,18 +5,18 @@
* 2.0.
*/
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
import {
expandFirstAlert,
goToClosedAlertsOnRuleDetailsPage,
openAddEndpointExceptionFromAlertActionButton,
openAddEndpointExceptionFromFirstAlert,
waitForAlerts,
} from '../../../tasks/alerts';
import { login } from '../../../tasks/login';
import { getEndpointRule } from '../../../objects/rule';
import { createRule } from '../../../tasks/api_calls/rules';
import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule';
} from '../../../../../tasks/alerts';
import { login } from '../../../../../tasks/login';
import { getEndpointRule } from '../../../../../objects/rule';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule';
import {
addExceptionEntryFieldValueAndSelectSuggestion,
addExceptionEntryFieldValueValue,
@ -25,19 +25,19 @@ import {
selectCloseSingleAlerts,
submitNewExceptionItem,
validateExceptionConditionField,
} from '../../../tasks/exceptions';
import { ALERTS_COUNT } from '../../../screens/alerts';
} from '../../../../../tasks/exceptions';
import { ALERTS_COUNT } from '../../../../../screens/alerts';
import {
ADD_AND_BTN,
EXCEPTION_CARD_ITEM_CONDITIONS,
EXCEPTION_CARD_ITEM_NAME,
EXCEPTION_ITEM_VIEWER_CONTAINER,
} from '../../../screens/exceptions';
} from '../../../../../screens/exceptions';
import {
goToEndpointExceptionsTab,
visitRuleDetailsPage,
waitForTheRuleToBeExecuted,
} from '../../../tasks/rule_details';
} from '../../../../../tasks/rule_details';
// TODO: https://github.com/elastic/kibana/issues/161539
// See https://github.com/elastic/kibana/issues/163967

20
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/alerts_table_flow/rule_exceptions/auto_populate_with_alert_data.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/auto_populate_with_alert_data.cy.ts
View file

@ -4,14 +4,14 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { LOADING_INDICATOR } from '../../../../screens/security_header';
import { getEndpointRule } from '../../../../objects/rule';
import { createRule } from '../../../../tasks/api_calls/rules';
import { LOADING_INDICATOR } from '../../../../../../screens/security_header';
import { getEndpointRule } from '../../../../../../objects/rule';
import { createRule } from '../../../../../../tasks/api_calls/rules';
import {
addExceptionFromFirstAlert,
expandFirstAlert,
openAddRuleExceptionFromAlertActionButton,
} from '../../../../tasks/alerts';
} from '../../../../../../tasks/alerts';
import {
addExceptionEntryFieldValue,
addExceptionEntryFieldValueValue,
@ -22,19 +22,19 @@ import {
editExceptionFlyoutItemName,
validateHighlightedFieldsPopulatedAsExceptionConditions,
validateEmptyExceptionConditionField,
} from '../../../../tasks/exceptions';
import { login } from '../../../../tasks/login';
import { goToExceptionsTab, visitRuleDetailsPage } from '../../../../tasks/rule_details';
} from '../../../../../../tasks/exceptions';
import { login } from '../../../../../../tasks/login';
import { goToExceptionsTab, visitRuleDetailsPage } from '../../../../../../tasks/rule_details';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { deleteAlertsAndRules } from '../../../../../../tasks/api_calls/common';
import {
ADD_AND_BTN,
ENTRY_DELETE_BTN,
EXCEPTION_CARD_ITEM_CONDITIONS,
EXCEPTION_CARD_ITEM_NAME,
EXCEPTION_ITEM_VIEWER_CONTAINER,
} from '../../../../screens/exceptions';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
} from '../../../../../../screens/exceptions';
import { waitForAlertsToPopulate } from '../../../../../../tasks/create_new_rule';
// TODO: https://github.com/elastic/kibana/issues/161539
// See https://github.com/elastic/kibana/issues/163967

20
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts
View file

@ -4,19 +4,19 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { waitForAlertsToPopulate } from '../../../../../../tasks/create_new_rule';
import {
addExceptionFromFirstAlert,
goToClosedAlertsOnRuleDetailsPage,
waitForAlerts,
} from '../../../../tasks/alerts';
import { deleteAlertsAndRules, postDataView } from '../../../../tasks/api_calls/common';
import { login } from '../../../../tasks/login';
import { visitRuleDetailsPage } from '../../../../tasks/rule_details';
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../objects/rule';
import { LOADING_INDICATOR } from '../../../../screens/security_header';
import { ALERTS_COUNT } from '../../../../screens/alerts';
} from '../../../../../../tasks/alerts';
import { deleteAlertsAndRules, postDataView } from '../../../../../../tasks/api_calls/common';
import { login } from '../../../../../../tasks/login';
import { visitRuleDetailsPage } from '../../../../../../tasks/rule_details';
import { createRule } from '../../../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../../../objects/rule';
import { LOADING_INDICATOR } from '../../../../../../screens/security_header';
import { ALERTS_COUNT } from '../../../../../../screens/alerts';
import {
addExceptionEntryFieldValue,
addExceptionEntryOperatorValue,
@ -24,7 +24,7 @@ import {
addExceptionFlyoutItemName,
selectBulkCloseAlerts,
submitNewExceptionItem,
} from '../../../../tasks/exceptions';
} from '../../../../../../tasks/exceptions';
// TODO: https://github.com/elastic/kibana/issues/161539
// See https://github.com/elastic/kibana/issues/163967

22
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/entry/flyout_validation.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/flyout_validation.cy.ts
View file

@ -5,18 +5,18 @@
* 2.0.
*/
import { getNewRule } from '../../../objects/rule';
import { getNewRule } from '../../../../../objects/rule';
import { RULE_STATUS } from '../../../screens/create_new_rule';
import { RULE_STATUS } from '../../../../../screens/create_new_rule';
import { createRule } from '../../../tasks/api_calls/rules';
import { login } from '../../../tasks/login';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { login } from '../../../../../tasks/login';
import {
openExceptionFlyoutFromEmptyViewerPrompt,
goToExceptionsTab,
openEditException,
visitRuleDetailsPage,
} from '../../../tasks/rule_details';
} from '../../../../../tasks/rule_details';
import {
addExceptionEntryFieldMatchAnyValue,
addExceptionEntryFieldValue,
@ -29,7 +29,7 @@ import {
selectCurrentEntryField,
showFieldConflictsWarningTooltipWithMessage,
showMappingConflictsWarningMessage,
} from '../../../tasks/exceptions';
} from '../../../../../tasks/exceptions';
import {
ADD_AND_BTN,
ADD_OR_BTN,
@ -45,17 +45,17 @@ import {
VALUES_INPUT,
EXCEPTION_FLYOUT_TITLE,
FIELD_INPUT_PARENT,
} from '../../../screens/exceptions';
} from '../../../../../screens/exceptions';
import { reload } from '../../../tasks/common';
import { reload } from '../../../../../tasks/common';
import {
createExceptionList,
createExceptionListItem,
updateExceptionListItem,
deleteExceptionList,
} from '../../../tasks/api_calls/exceptions';
import { getExceptionList } from '../../../objects/exception';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
} from '../../../../../tasks/api_calls/exceptions';
import { getExceptionList } from '../../../../../objects/exception';
import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
// TODO: https://github.com/elastic/kibana/issues/161539
// Test Skipped until we fix the Flyout rerendering issue

20
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/entry/match_any.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/match_any.cy.ts
View file

@ -5,30 +5,30 @@
* 2.0.
*/
import { getNewRule } from '../../../objects/rule';
import { getNewRule } from '../../../../../objects/rule';
import { RULE_STATUS } from '../../../screens/create_new_rule';
import { RULE_STATUS } from '../../../../../screens/create_new_rule';
import { createRule } from '../../../tasks/api_calls/rules';
import { login } from '../../../tasks/login';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { login } from '../../../../../tasks/login';
import {
openExceptionFlyoutFromEmptyViewerPrompt,
visitRuleDetailsPage,
clickEnableRuleSwitch,
waitForTheRuleToBeExecuted,
goToAlertsTab,
} from '../../../tasks/rule_details';
} from '../../../../../tasks/rule_details';
import {
addExceptionEntryFieldMatchAnyValue,
addExceptionEntryFieldValue,
addExceptionEntryOperatorValue,
addExceptionFlyoutItemName,
submitNewExceptionItem,
} from '../../../tasks/exceptions';
import { CONFIRM_BTN } from '../../../screens/exceptions';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { ALERTS_COUNT } from '../../../screens/alerts';
import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule';
} from '../../../../../tasks/exceptions';
import { CONFIRM_BTN } from '../../../../../screens/exceptions';
import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
import { ALERTS_COUNT } from '../../../../../screens/alerts';
import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule';
describe('Exceptions match_any', { tags: ['@ess', '@serverless'] }, () => {
before(() => {

14
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/entry/multiple_conditions.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/multiple_conditions.cy.ts
View file

@ -5,27 +5,27 @@
* 2.0.
*/
import { getNewRule } from '../../../objects/rule';
import { getNewRule } from '../../../../../objects/rule';
import { createRule } from '../../../tasks/api_calls/rules';
import { login } from '../../../tasks/login';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { login } from '../../../../../tasks/login';
import {
openExceptionFlyoutFromEmptyViewerPrompt,
visitRuleDetailsPage,
} from '../../../tasks/rule_details';
} from '../../../../../tasks/rule_details';
import {
addExceptionFlyoutItemName,
addTwoAndedConditions,
addTwoORedConditions,
submitNewExceptionItem,
} from '../../../tasks/exceptions';
} from '../../../../../tasks/exceptions';
import {
EXCEPTION_CARD_ITEM_NAME,
EXCEPTION_CARD_ITEM_CONDITIONS,
EXCEPTION_ITEM_VIEWER_CONTAINER,
} from '../../../screens/exceptions';
} from '../../../../../screens/exceptions';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
describe(
'Add multiple conditions and validate the generated exceptions',

18
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/entry/use_value_list.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/use_value_list.cy.ts
View file

@ -11,15 +11,15 @@ import {
addExceptionEntryOperatorValue,
addExceptionFlyoutItemName,
submitNewExceptionItem,
} from '../../../tasks/exceptions';
} from '../../../../../tasks/exceptions';
import {
openExceptionFlyoutFromEmptyViewerPrompt,
visitRuleDetailsPage,
} from '../../../tasks/rule_details';
import { getNewRule } from '../../../objects/rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
} from '../../../../../tasks/rule_details';
import { getNewRule } from '../../../../../objects/rule';
import { login } from '../../../../../tasks/login';
import { visit } from '../../../../../tasks/navigation';
import { RULES_MANAGEMENT_URL } from '../../../../../urls/rules_management';
import {
createListsIndex,
waitForListsIndex,
@ -29,8 +29,8 @@ import {
importValueList,
KNOWN_VALUE_LIST_FILES,
deleteValueLists,
} from '../../../tasks/lists';
import { createRule } from '../../../tasks/api_calls/rules';
} from '../../../../../tasks/lists';
import { createRule } from '../../../../../tasks/api_calls/rules';
import {
CLOSE_ALERTS_CHECKBOX,
EXCEPTIONS_TABLE_MODAL,
@ -38,7 +38,7 @@ import {
EXCEPTION_CARD_ITEM_NAME,
EXCEPTION_ITEM_VIEWER_CONTAINER,
NO_EXCEPTIONS_EXIST_PROMPT,
} from '../../../screens/exceptions';
} from '../../../../../screens/exceptions';
const goToRulesAndOpenValueListModal = () => {
visit(RULES_MANAGEMENT_URL);

16
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/add_edit_endpoint_exception.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_endpoint_exception.cy.ts
View file

@ -5,17 +5,17 @@
* 2.0.
*/
import { getNewRule } from '../../../objects/rule';
import { getNewRule } from '../../../../../objects/rule';
import { createRule } from '../../../tasks/api_calls/rules';
import { login } from '../../../tasks/login';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { login } from '../../../../../tasks/login';
import {
openEditException,
openExceptionFlyoutFromEmptyViewerPrompt,
searchForExceptionItem,
visitRuleDetailsPage,
waitForPageToBeLoaded as waitForRuleDetailsPageToBeLoaded,
} from '../../../tasks/rule_details';
} from '../../../../../tasks/rule_details';
import {
addExceptionConditions,
addExceptionFlyoutItemName,
@ -24,13 +24,13 @@ import {
selectOs,
submitEditedExceptionItem,
submitNewExceptionItem,
} from '../../../tasks/exceptions';
} from '../../../../../tasks/exceptions';
import {
deleteAlertsAndRules,
deleteEndpointExceptionList,
deleteExceptionLists,
} from '../../../tasks/api_calls/common';
} from '../../../../../tasks/api_calls/common';
import {
NO_EXCEPTIONS_EXIST_PROMPT,
EXCEPTION_ITEM_VIEWER_CONTAINER,
@ -44,11 +44,11 @@ import {
EXCEPTION_CARD_ITEM_NAME,
EXCEPTION_CARD_ITEM_CONDITIONS,
FIELD_INPUT_PARENT,
} from '../../../screens/exceptions';
} from '../../../../../screens/exceptions';
import {
createEndpointExceptionList,
createEndpointExceptionListItem,
} from '../../../tasks/api_calls/exceptions';
} from '../../../../../tasks/api_calls/exceptions';
describe('Add endpoint exception from rule details', { tags: ['@ess', '@serverless'] }, () => {
const ITEM_NAME = 'Sample Exception List Item';

24
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/add_edit_exception.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception.cy.ts
View file

@ -5,16 +5,16 @@
* 2.0.
*/
import { getException, getExceptionList } from '../../../objects/exception';
import { getNewRule } from '../../../objects/rule';
import { getException, getExceptionList } from '../../../../../objects/exception';
import { getNewRule } from '../../../../../objects/rule';
import { ALERTS_COUNT, EMPTY_ALERT_TABLE } from '../../../screens/alerts';
import { createRule } from '../../../tasks/api_calls/rules';
import { ALERTS_COUNT, EMPTY_ALERT_TABLE } from '../../../../../screens/alerts';
import { createRule } from '../../../../../tasks/api_calls/rules';
import {
goToClosedAlertsOnRuleDetailsPage,
goToOpenedAlertsOnRuleDetailsPage,
} from '../../../tasks/alerts';
import { login } from '../../../tasks/login';
} from '../../../../../tasks/alerts';
import { login } from '../../../../../tasks/login';
import {
addExceptionFlyoutFromViewerHeader,
goToAlertsTab,
@ -25,7 +25,7 @@ import {
searchForExceptionItem,
visitRuleDetailsPage,
waitForTheRuleToBeExecuted,
} from '../../../tasks/rule_details';
} from '../../../../../tasks/rule_details';
import {
addExceptionConditions,
addExceptionFlyoutItemName,
@ -36,8 +36,8 @@ import {
selectSharedListToAddExceptionTo,
submitEditedExceptionItem,
submitNewExceptionItem,
} from '../../../tasks/exceptions';
import { deleteAlertsAndRules, deleteExceptionLists } from '../../../tasks/api_calls/common';
} from '../../../../../tasks/exceptions';
import { deleteAlertsAndRules, deleteExceptionLists } from '../../../../../tasks/api_calls/common';
import {
NO_EXCEPTIONS_EXIST_PROMPT,
EXCEPTION_ITEM_VIEWER_CONTAINER,
@ -50,13 +50,13 @@ import {
EXCEPTION_CARD_ITEM_NAME,
EXCEPTION_CARD_ITEM_CONDITIONS,
FIELD_INPUT_PARENT,
} from '../../../screens/exceptions';
} from '../../../../../screens/exceptions';
import {
createExceptionList,
createExceptionListItem,
deleteExceptionList,
} from '../../../tasks/api_calls/exceptions';
import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule';
} from '../../../../../tasks/api_calls/exceptions';
import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule';
// TODO: https://github.com/elastic/kibana/issues/161539
describe(

20
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts
View file

@ -5,19 +5,19 @@
* 2.0.
*/
import { getNewRule } from '../../../objects/rule';
import { ALERTS_COUNT, EMPTY_ALERT_TABLE } from '../../../screens/alerts';
import { createRule } from '../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../../objects/rule';
import { ALERTS_COUNT, EMPTY_ALERT_TABLE } from '../../../../../screens/alerts';
import { createRule } from '../../../../../tasks/api_calls/rules';
import {
goToClosedAlertsOnRuleDetailsPage,
goToOpenedAlertsOnRuleDetailsPage,
} from '../../../tasks/alerts';
} from '../../../../../tasks/alerts';
import {
editException,
editExceptionFlyoutItemName,
submitEditedExceptionItem,
} from '../../../tasks/exceptions';
import { login } from '../../../tasks/login';
} from '../../../../../tasks/exceptions';
import { login } from '../../../../../tasks/login';
import {
addFirstExceptionFromRuleDetails,
clickEnableRuleSwitch,
@ -28,9 +28,9 @@ import {
removeException,
visitRuleDetailsPage,
waitForTheRuleToBeExecuted,
} from '../../../tasks/rule_details';
} from '../../../../../tasks/rule_details';
import { postDataView, deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { postDataView, deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
import {
NO_EXCEPTIONS_EXIST_PROMPT,
EXCEPTION_ITEM_VIEWER_CONTAINER,
@ -39,8 +39,8 @@ import {
EXCEPTION_ITEM_CONTAINER,
VALUES_INPUT,
FIELD_INPUT_PARENT,
} from '../../../screens/exceptions';
import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule';
} from '../../../../../screens/exceptions';
import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule';
describe(
'Add exception using data views from rule details',

22
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/rule_details_flow/read_only_view.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/read_only_view.cy.ts
View file

@ -6,26 +6,26 @@
*/
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { getExceptionList } from '../../../objects/exception';
import { getNewRule } from '../../../objects/rule';
import { createRule } from '../../../tasks/api_calls/rules';
import { login } from '../../../tasks/login';
import { visitRulesManagementTable } from '../../../tasks/rules_management';
import { goToExceptionsTab, goToAlertsTab } from '../../../tasks/rule_details';
import { goToRuleDetailsOf } from '../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { getExceptionList } from '../../../../../objects/exception';
import { getNewRule } from '../../../../../objects/rule';
import { createRule } from '../../../../../tasks/api_calls/rules';
import { login } from '../../../../../tasks/login';
import { visitRulesManagementTable } from '../../../../../tasks/rules_management';
import { goToExceptionsTab, goToAlertsTab } from '../../../../../tasks/rule_details';
import { goToRuleDetailsOf } from '../../../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common';
import {
NO_EXCEPTIONS_EXIST_PROMPT,
EXCEPTION_ITEM_VIEWER_CONTAINER,
ADD_EXCEPTIONS_BTN_FROM_VIEWER_HEADER,
ADD_EXCEPTIONS_BTN_FROM_EMPTY_PROMPT_BTN,
} from '../../../screens/exceptions';
import { EXCEPTION_ITEM_ACTIONS_BUTTON } from '../../../screens/rule_details';
} from '../../../../../screens/exceptions';
import { EXCEPTION_ITEM_ACTIONS_BUTTON } from '../../../../../screens/rule_details';
import {
createExceptionList,
createExceptionListItem,
deleteExceptionList,
} from '../../../tasks/api_calls/exceptions';
} from '../../../../../tasks/api_calls/exceptions';
describe('Exceptions viewer read only', { tags: ['@ess'] }, () => {
const exceptionList = getExceptionList();

18
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/shared_exception_lists_management/list_detail_page/list_details.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/list_detail_page/list_details.cy.ts
View file

@ -5,13 +5,13 @@
* 2.0.
*/
import { getExceptionList } from '../../../../objects/exception';
import { getNewRule } from '../../../../objects/rule';
import { getExceptionList } from '../../../../../../objects/exception';
import { getNewRule } from '../../../../../../objects/rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { createRule } from '../../../../tasks/api_calls/rules';
import { EXCEPTIONS_URL, exceptionsListDetailsUrl } from '../../../../urls/navigation';
import { login } from '../../../../../../tasks/login';
import { visit } from '../../../../../../tasks/navigation';
import { createRule } from '../../../../../../tasks/api_calls/rules';
import { EXCEPTIONS_URL, exceptionsListDetailsUrl } from '../../../../../../urls/navigation';
import {
createSharedExceptionList,
editExceptionLisDetails,
@ -19,13 +19,13 @@ import {
saveLinkedRules,
validateSharedListLinkedRules,
waitForExceptionListDetailToBeLoaded,
} from '../../../../tasks/exceptions_table';
import { createExceptionList } from '../../../../tasks/api_calls/exceptions';
} from '../../../../../../tasks/exceptions_table';
import { createExceptionList } from '../../../../../../tasks/api_calls/exceptions';
import {
EXCEPTIONS_LIST_MANAGEMENT_NAME,
EXCEPTIONS_LIST_MANAGEMENT_DESCRIPTION,
EXCEPTION_LIST_DETAILS_LINK_RULES_BTN,
} from '../../../../screens/exceptions';
} from '../../../../../../screens/exceptions';
const LIST_NAME = 'My exception list';
const UPDATED_LIST_NAME = 'Updated exception list';

20
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/shared_exception_lists_management/manage_exceptions.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/manage_exceptions.cy.ts
View file

@ -7,10 +7,10 @@
import type { RuleResponse } from '@kbn/security-solution-plugin/common/api/detection_engine';
import { MAX_COMMENT_LENGTH } from '@kbn/security-solution-plugin/common/constants';
import { getNewRule } from '../../../objects/rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { createRule } from '../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../../objects/rule';
import { login } from '../../../../../tasks/login';
import { visit } from '../../../../../tasks/navigation';
import { createRule } from '../../../../../tasks/api_calls/rules';
import {
addExceptionFlyoutItemName,
editException,
@ -23,8 +23,8 @@ import {
deleteFirstExceptionItemInListDetailPage,
addExceptionHugeComment,
editExceptionComment,
} from '../../../tasks/exceptions';
import { EXCEPTIONS_URL } from '../../../urls/navigation';
} from '../../../../../tasks/exceptions';
import { EXCEPTIONS_URL } from '../../../../../urls/navigation';
import {
CONFIRM_BTN,
@ -33,18 +33,18 @@ import {
EXCEPTIONS_LIST_MANAGEMENT_NAME,
EXECPTION_ITEM_CARD_HEADER_TITLE,
EMPTY_EXCEPTIONS_VIEWER,
} from '../../../screens/exceptions';
} from '../../../../../screens/exceptions';
import {
addExceptionListFromSharedExceptionListHeaderMenu,
createSharedExceptionList,
findSharedExceptionListItemsByName,
} from '../../../tasks/exceptions_table';
import { visitRuleDetailsPage } from '../../../tasks/rule_details';
} from '../../../../../tasks/exceptions_table';
import { visitRuleDetailsPage } from '../../../../../tasks/rule_details';
import {
deleteAlertsAndRules,
deleteEndpointExceptionList,
deleteExceptionLists,
} from '../../../tasks/api_calls/common';
} from '../../../../../tasks/api_calls/common';
describe('Manage exceptions', { tags: ['@ess', '@serverless'] }, () => {
beforeEach(() => {

23
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/shared_exception_lists_management/shared_exception_list_page/duplicate_lists.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/shared_exception_list_page/duplicate_lists.cy.ts
View file

@ -5,24 +5,27 @@
* 2.0.
*/
import { deleteAlertsAndRules, deleteExceptionLists } from '../../../../tasks/api_calls/common';
import { createRule } from '../../../../tasks/api_calls/rules';
import { getExceptionList } from '../../../../objects/exception';
import { assertNumberOfExceptionItemsExists } from '../../../../tasks/exceptions';
import {
deleteAlertsAndRules,
deleteExceptionLists,
} from '../../../../../../tasks/api_calls/common';
import { createRule } from '../../../../../../tasks/api_calls/rules';
import { getExceptionList } from '../../../../../../objects/exception';
import { assertNumberOfExceptionItemsExists } from '../../../../../../tasks/exceptions';
import {
assertExceptionListsExists,
duplicateSharedExceptionListFromListsManagementPageByListId,
findSharedExceptionListItemsByName,
waitForExceptionsTableToBeLoaded,
} from '../../../../tasks/exceptions_table';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { EXCEPTIONS_URL } from '../../../../urls/navigation';
} from '../../../../../../tasks/exceptions_table';
import { login } from '../../../../../../tasks/login';
import { visit } from '../../../../../../tasks/navigation';
import { EXCEPTIONS_URL } from '../../../../../../urls/navigation';
import {
createExceptionList,
createExceptionListItem,
} from '../../../../tasks/api_calls/exceptions';
import { getNewRule } from '../../../../objects/rule';
} from '../../../../../../tasks/api_calls/exceptions';
import { getNewRule } from '../../../../../../objects/rule';
const expiredDate = new Date(Date.now() - 1000000).toISOString();
const futureDate = new Date(Date.now() + 1000000).toISOString();

18
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/shared_exception_lists_management/shared_exception_list_page/filter_table.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/shared_exception_list_page/filter_table.cy.ts
View file

@ -5,22 +5,22 @@
* 2.0.
*/
import { getExceptionList } from '../../../../objects/exception';
import { getNewRule } from '../../../../objects/rule';
import { getExceptionList } from '../../../../../../objects/exception';
import { getNewRule } from '../../../../../../objects/rule';
import {
EXCEPTIONS_TABLE_SHOWING_LISTS,
EXCEPTIONS_TABLE_LIST_NAME,
} from '../../../../screens/exceptions';
import { createExceptionList } from '../../../../tasks/api_calls/exceptions';
import { createRule } from '../../../../tasks/api_calls/rules';
} from '../../../../../../screens/exceptions';
import { createExceptionList } from '../../../../../../tasks/api_calls/exceptions';
import { createRule } from '../../../../../../tasks/api_calls/rules';
import {
waitForExceptionsTableToBeLoaded,
searchForExceptionList,
clearSearchSelection,
} from '../../../../tasks/exceptions_table';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { EXCEPTIONS_URL } from '../../../../urls/navigation';
} from '../../../../../../tasks/exceptions_table';
import { login } from '../../../../../../tasks/login';
import { visit } from '../../../../../../tasks/navigation';
import { EXCEPTIONS_URL } from '../../../../../../urls/navigation';
const EXCEPTION_LIST_NAME = 'My test list';
const EXCEPTION_LIST_NAME_TWO = 'A test list 2';

10
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/shared_exception_lists_management/shared_exception_list_page/import_lists.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/shared_exception_list_page/import_lists.cy.ts
View file

@ -8,7 +8,7 @@
import {
IMPORT_SHARED_EXCEPTION_LISTS_CLOSE_BTN,
EXCEPTIONS_TABLE_SHOWING_LISTS,
} from '../../../../screens/exceptions';
} from '../../../../../../screens/exceptions';
import {
waitForExceptionsTableToBeLoaded,
importExceptionLists,
@ -16,10 +16,10 @@ import {
importExceptionListWithSelectingCreateNewOption,
validateImportExceptionListWentSuccessfully,
validateImportExceptionListFailedBecauseExistingListFound,
} from '../../../../tasks/exceptions_table';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { EXCEPTIONS_URL } from '../../../../urls/navigation';
} from '../../../../../../tasks/exceptions_table';
import { login } from '../../../../../../tasks/login';
import { visit } from '../../../../../../tasks/navigation';
import { EXCEPTIONS_URL } from '../../../../../../urls/navigation';
describe('Import Lists', { tags: ['@ess', '@serverless', '@skipInServerless'] }, () => {
const LIST_TO_IMPORT_FILENAME = 'cypress/fixtures/7_16_exception_list.ndjson';

23
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/shared_exception_lists_management/shared_exception_list_page/manage_lists.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/shared_exception_list_page/manage_lists.cy.ts
View file

@ -6,14 +6,17 @@
*/
import { ExceptionListSchema } from '@kbn/securitysolution-io-ts-list-types';
import { expectedExportedExceptionList, getExceptionList } from '../../../../objects/exception';
import { getNewRule } from '../../../../objects/rule';
import {
expectedExportedExceptionList,
getExceptionList,
} from '../../../../../../objects/exception';
import { getNewRule } from '../../../../../../objects/rule';
import { createRule } from '../../../../tasks/api_calls/rules';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { createRule } from '../../../../../../tasks/api_calls/rules';
import { login } from '../../../../../../tasks/login';
import { visit } from '../../../../../../tasks/navigation';
import { EXCEPTIONS_URL } from '../../../../urls/navigation';
import { EXCEPTIONS_URL } from '../../../../../../urls/navigation';
import {
assertNumberLinkedRules,
createSharedExceptionList,
@ -22,14 +25,14 @@ import {
exportExceptionList,
linkRulesToExceptionList,
waitForExceptionsTableToBeLoaded,
} from '../../../../tasks/exceptions_table';
} from '../../../../../../tasks/exceptions_table';
import {
EXCEPTIONS_LIST_MANAGEMENT_NAME,
EXCEPTIONS_TABLE_SHOWING_LISTS,
} from '../../../../screens/exceptions';
import { createExceptionList } from '../../../../tasks/api_calls/exceptions';
} from '../../../../../../screens/exceptions';
import { createExceptionList } from '../../../../../../tasks/api_calls/exceptions';
import { TOASTER } from '../../../../screens/alerts_detection_rules';
import { TOASTER } from '../../../../../../screens/alerts_detection_rules';
const EXCEPTION_LIST_NAME = 'My test list';
const EXCEPTION_LIST_TO_DUPLICATE_NAME = 'A test list 2';

17
x-pack/test/security_solution_cypress/cypress/e2e/exceptions/shared_exception_lists_management/shared_exception_list_page/read_only.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/shared_exception_list_page/read_only.cy.ts
View file

@ -7,21 +7,24 @@
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { getExceptionList } from '../../../../objects/exception';
import { getExceptionList } from '../../../../../../objects/exception';
import {
EXCEPTIONS_OVERFLOW_ACTIONS_BTN,
EXCEPTIONS_TABLE_SHOWING_LISTS,
} from '../../../../screens/exceptions';
import { createExceptionList, deleteExceptionList } from '../../../../tasks/api_calls/exceptions';
} from '../../../../../../screens/exceptions';
import {
createExceptionList,
deleteExceptionList,
} from '../../../../../../tasks/api_calls/exceptions';
import {
dismissCallOut,
getCallOut,
waitForCallOutToBeShown,
MISSING_PRIVILEGES_CALLOUT,
} from '../../../../tasks/common/callouts';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { EXCEPTIONS_URL } from '../../../../urls/navigation';
} from '../../../../../../tasks/common/callouts';
import { login } from '../../../../../../tasks/login';
import { visit } from '../../../../../../tasks/navigation';
import { EXCEPTIONS_URL } from '../../../../../../urls/navigation';
// TODO: https://github.com/elastic/kibana/issues/161539 Do we need to run it in Serverless?
describe('Shared exception lists - read only', { tags: ['@ess', '@skipInServerless'] }, () => {

23
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_actions/rule_actions.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_actions/rule_actions.cy.ts
View file

@ -5,27 +5,30 @@
* 2.0.
*/
import { getIndexConnector } from '../../../objects/connector';
import { getSimpleCustomQueryRule } from '../../../objects/rule';
import { getIndexConnector } from '../../../../objects/connector';
import { getSimpleCustomQueryRule } from '../../../../objects/rule';
import { goToRuleDetailsOf } from '../../../tasks/alerts_detection_rules';
import { deleteIndex, waitForNewDocumentToBeIndexed } from '../../../tasks/api_calls/elasticsearch';
import { goToRuleDetailsOf } from '../../../../tasks/alerts_detection_rules';
import {
deleteIndex,
waitForNewDocumentToBeIndexed,
} from '../../../../tasks/api_calls/elasticsearch';
import {
deleteAlertsAndRules,
deleteConnectors,
deleteDataView,
} from '../../../tasks/api_calls/common';
} from '../../../../tasks/api_calls/common';
import {
createAndEnableRule,
fillAboutRuleAndContinue,
fillDefineCustomRuleAndContinue,
fillRuleAction,
fillScheduleRuleAndContinue,
} from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../tasks/rules_management';
import { CREATE_RULE_URL } from '../../../urls/navigation';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
// TODO: https://github.com/elastic/kibana/issues/161539
describe(

18
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_actions/rule_actions_pli_complete.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_actions/rule_actions_pli_complete.cy.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import { getNewRule } from '../../../objects/rule';
import { getNewRule } from '../../../../objects/rule';
import {
INDEX_SELECTOR,
@ -13,18 +13,18 @@ import {
WEBHOOK_ACTION_BTN,
EMAIL_ACTION_BTN,
ACTION_BTN,
} from '../../../screens/common/rule_actions';
} from '../../../../screens/common/rule_actions';
import { createRule } from '../../../tasks/api_calls/rules';
import { createRule } from '../../../../tasks/api_calls/rules';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { goToActionsStepTab } from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { goToActionsStepTab } from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { editFirstRule } from '../../../tasks/alerts_detection_rules';
import { editFirstRule } from '../../../../tasks/alerts_detection_rules';
import { visit } from '../../../tasks/navigation';
import { visit } from '../../../../tasks/navigation';
const rule = getNewRule();

18
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_actions/rule_actions_pli_essentials.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_actions/rule_actions_pli_essentials.cy.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import { getNewRule } from '../../../objects/rule';
import { getNewRule } from '../../../../objects/rule';
import {
INDEX_SELECTOR,
@ -13,18 +13,18 @@ import {
WEBHOOK_ACTION_BTN,
EMAIL_ACTION_BTN,
ACTION_BTN,
} from '../../../screens/common/rule_actions';
} from '../../../../screens/common/rule_actions';
import { createRule } from '../../../tasks/api_calls/rules';
import { createRule } from '../../../../tasks/api_calls/rules';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { goToActionsStepTab } from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { goToActionsStepTab } from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { editFirstRule } from '../../../tasks/alerts_detection_rules';
import { editFirstRule } from '../../../../tasks/alerts_detection_rules';
import { visit } from '../../../tasks/navigation';
import { visit } from '../../../../tasks/navigation';
const rule = getNewRule();

20
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/common_flows.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/common_flows.cy.ts
View file

@ -5,8 +5,8 @@
* 2.0.
*/
import { ruleFields } from '../../../data/detection_engine';
import { getTimeline } from '../../../objects/timeline';
import { ruleFields } from '../../../../data/detection_engine';
import { getTimeline } from '../../../../objects/timeline';
import {
ABOUT_CONTINUE_BTN,
@ -16,10 +16,10 @@ import {
DEFINE_EDIT_BUTTON,
RULE_NAME_INPUT,
SCHEDULE_CONTINUE_BUTTON,
} from '../../../screens/create_new_rule';
import { RULE_NAME_HEADER } from '../../../screens/rule_details';
import { createTimeline } from '../../../tasks/api_calls/timelines';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
} from '../../../../screens/create_new_rule';
import { RULE_NAME_HEADER } from '../../../../screens/rule_details';
import { createTimeline } from '../../../../tasks/api_calls/timelines';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import {
createAndEnableRule,
expandAdvancedSettings,
@ -37,10 +37,10 @@ import {
fillThreatSubtechnique,
fillThreatTechnique,
importSavedQuery,
} from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { CREATE_RULE_URL } from '../../../urls/navigation';
import { visit } from '../../../tasks/navigation';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
import { visit } from '../../../../tasks/navigation';
// This test is meant to test touching all the common various components in rule creation
// to ensure we don't miss any changes that maybe affect one of these more obscure UI components

14
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/custom_query_rule.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/custom_query_rule.cy.ts
View file

@ -5,19 +5,19 @@
* 2.0.
*/
import { getNewRule } from '../../../objects/rule';
import { RULE_NAME_HEADER } from '../../../screens/rule_details';
import { getNewRule } from '../../../../objects/rule';
import { RULE_NAME_HEADER } from '../../../../screens/rule_details';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import {
fillScheduleRuleAndContinue,
fillAboutRuleMinimumAndContinue,
fillDefineCustomRuleAndContinue,
createRuleWithoutEnabling,
} from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { CREATE_RULE_URL } from '../../../urls/navigation';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
describe('Create custom query rule', { tags: ['@ess', '@serverless'] }, () => {
const rule = getNewRule();

28
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/custom_query_rule_data_view.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/custom_query_rule_data_view.cy.ts
View file

@ -5,9 +5,9 @@
* 2.0.
*/
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../helpers/rules';
import { getDataViewRule } from '../../../objects/rule';
import { ALERTS_COUNT, ALERT_GRID_CELL } from '../../../screens/alerts';
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../../helpers/rules';
import { getDataViewRule } from '../../../../objects/rule';
import { ALERTS_COUNT, ALERT_GRID_CELL } from '../../../../screens/alerts';
import {
CUSTOM_RULES_BTN,
@ -15,12 +15,12 @@ import {
RULE_NAME,
RULE_SWITCH,
SEVERITY,
} from '../../../screens/alerts_detection_rules';
} from '../../../../screens/alerts_detection_rules';
import {
ABOUT_CONTINUE_BTN,
RULE_DESCRIPTION_INPUT,
RULE_NAME_INPUT,
} from '../../../screens/create_new_rule';
} from '../../../../screens/create_new_rule';
import {
ADDITIONAL_LOOK_BACK_DETAILS,
@ -46,17 +46,17 @@ import {
TIMELINE_TEMPLATE_DETAILS,
DATA_VIEW_DETAILS,
EDIT_RULE_SETTINGS_LINK,
} from '../../../screens/rule_details';
} from '../../../../screens/rule_details';
import {
getRulesManagementTableRows,
goToRuleDetailsOf,
} from '../../../tasks/alerts_detection_rules';
} from '../../../../tasks/alerts_detection_rules';
import {
deleteAlertsAndRules,
deleteDataView,
postDataView,
} from '../../../tasks/api_calls/common';
} from '../../../../tasks/api_calls/common';
import {
createAndEnableRule,
createRuleWithoutEnabling,
@ -64,14 +64,14 @@ import {
fillDefineCustomRuleAndContinue,
fillScheduleRuleAndContinue,
waitForAlertsToPopulate,
} from '../../../tasks/create_new_rule';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../tasks/rules_management';
import { getDetails, waitForTheRuleToBeExecuted } from '../../../tasks/rule_details';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management';
import { getDetails, waitForTheRuleToBeExecuted } from '../../../../tasks/rule_details';
import { CREATE_RULE_URL } from '../../../urls/navigation';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
describe('Custom query rules', { tags: ['@ess', '@serverless'] }, () => {
describe('Custom detection rules creation with data views', () => {

32
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/custom_saved_query_rule.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/custom_saved_query_rule.cy.ts
View file

@ -5,14 +5,14 @@
* 2.0.
*/
import { getNewRule, getSavedQueryRule } from '../../../objects/rule';
import { getNewRule, getSavedQueryRule } from '../../../../objects/rule';
import {
DEFINE_CONTINUE_BUTTON,
LOAD_QUERY_DYNAMICALLY_CHECKBOX,
QUERY_BAR,
} from '../../../screens/create_new_rule';
import { TOASTER } from '../../../screens/alerts_detection_rules';
} from '../../../../screens/create_new_rule';
import { TOASTER } from '../../../../screens/alerts_detection_rules';
import {
RULE_NAME_HEADER,
SAVED_QUERY_NAME_DETAILS,
@ -20,11 +20,11 @@ import {
SAVED_QUERY_FILTERS_DETAILS,
DEFINE_RULE_PANEL_PROGRESS,
CUSTOM_QUERY_DETAILS,
} from '../../../screens/rule_details';
} from '../../../../screens/rule_details';
import { editFirstRule, goToRuleDetailsOf } from '../../../tasks/alerts_detection_rules';
import { createSavedQuery, deleteSavedQueries } from '../../../tasks/api_calls/saved_queries';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { editFirstRule, goToRuleDetailsOf } from '../../../../tasks/alerts_detection_rules';
import { createSavedQuery, deleteSavedQueries } from '../../../../tasks/api_calls/saved_queries';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import {
createAndEnableRule,
fillAboutRuleAndContinue,
@ -33,19 +33,19 @@ import {
getCustomQueryInput,
checkLoadQueryDynamically,
uncheckLoadQueryDynamically,
} from '../../../tasks/create_new_rule';
import { saveEditedRule, visitEditRulePage } from '../../../tasks/edit_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
} from '../../../../tasks/create_new_rule';
import { saveEditedRule, visitEditRulePage } from '../../../../tasks/edit_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import {
assertDetailsNotExist,
getDetails,
visitRuleDetailsPage,
} from '../../../tasks/rule_details';
import { createRule } from '../../../tasks/api_calls/rules';
import { CREATE_RULE_URL } from '../../../urls/navigation';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
import { openRuleManagementPageViaBreadcrumbs } from '../../../tasks/rules_management';
} from '../../../../tasks/rule_details';
import { createRule } from '../../../../tasks/api_calls/rules';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management';
import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management';
const savedQueryName = 'custom saved query';
const savedQueryQuery = 'process.name: test';

22
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/esql_rule_ess.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule_ess.cy.ts
View file

@ -5,20 +5,20 @@
* 2.0.
*/
import { getEsqlRule } from '../../../objects/rule';
import { getEsqlRule } from '../../../../objects/rule';
import { RULES_MANAGEMENT_TABLE, RULE_NAME } from '../../../screens/alerts_detection_rules';
import { RULES_MANAGEMENT_TABLE, RULE_NAME } from '../../../../screens/alerts_detection_rules';
import {
RULE_NAME_HEADER,
RULE_TYPE_DETAILS,
RULE_NAME_OVERRIDE_DETAILS,
} from '../../../screens/rule_details';
} from '../../../../screens/rule_details';
import { ESQL_TYPE, ESQL_QUERY_BAR } from '../../../screens/create_new_rule';
import { ESQL_TYPE, ESQL_QUERY_BAR } from '../../../../screens/create_new_rule';
import { getDetails, goBackToRulesTable } from '../../../tasks/rule_details';
import { expectNumberOfRules } from '../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { getDetails, goBackToRulesTable } from '../../../../tasks/rule_details';
import { expectNumberOfRules } from '../../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import {
fillAboutRuleAndContinue,
fillDefineEsqlRuleAndContinue,
@ -28,11 +28,11 @@ import {
fillEsqlQueryBar,
fillAboutSpecificEsqlRuleAndContinue,
createRuleWithoutEnabling,
} from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { CREATE_RULE_URL } from '../../../urls/navigation';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
describe('Detection ES|QL rules, creation', { tags: ['@ess'] }, () => {
const rule = getEsqlRule();

12
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/esql_rule_serverless.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule_serverless.cy.ts
View file

@ -5,15 +5,15 @@
* 2.0.
*/
import { getEsqlRule } from '../../../objects/rule';
import { getEsqlRule } from '../../../../objects/rule';
import { ESQL_TYPE, NEW_TERMS_TYPE, THRESHOLD_TYPE } from '../../../screens/create_new_rule';
import { ESQL_TYPE, NEW_TERMS_TYPE, THRESHOLD_TYPE } from '../../../../screens/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { CREATE_RULE_URL } from '../../../urls/navigation';
import { createRule } from '../../../tasks/api_calls/rules';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
import { createRule } from '../../../../tasks/api_calls/rules';
describe('Detection ES|QL rules, creation', { tags: ['@serverless'] }, () => {
beforeEach(() => {

26
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/event_correlation_rule.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/event_correlation_rule.cy.ts
View file

@ -5,10 +5,10 @@
* 2.0.
*/
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../helpers/rules';
import { getEqlRule, getEqlSequenceRule, getIndexPatterns } from '../../../objects/rule';
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../../helpers/rules';
import { getEqlRule, getEqlSequenceRule, getIndexPatterns } from '../../../../objects/rule';
import { ALERTS_COUNT, ALERT_DATA_GRID } from '../../../screens/alerts';
import { ALERTS_COUNT, ALERT_DATA_GRID } from '../../../../screens/alerts';
import {
CUSTOM_RULES_BTN,
RISK_SCORE,
@ -16,7 +16,7 @@ import {
RULE_NAME,
RULE_SWITCH,
SEVERITY,
} from '../../../screens/alerts_detection_rules';
} from '../../../../screens/alerts_detection_rules';
import {
ABOUT_DETAILS,
ABOUT_INVESTIGATION_NOTES,
@ -39,11 +39,11 @@ import {
SEVERITY_DETAILS,
TAGS_DETAILS,
TIMELINE_TEMPLATE_DETAILS,
} from '../../../screens/rule_details';
} from '../../../../screens/rule_details';
import { getDetails, waitForTheRuleToBeExecuted } from '../../../tasks/rule_details';
import { expectNumberOfRules, goToRuleDetailsOf } from '../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { getDetails, waitForTheRuleToBeExecuted } from '../../../../tasks/rule_details';
import { expectNumberOfRules, goToRuleDetailsOf } from '../../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import {
createAndEnableRule,
fillAboutRuleAndContinue,
@ -51,11 +51,11 @@ import {
fillScheduleRuleAndContinue,
selectEqlRuleType,
waitForAlertsToPopulate,
} from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../tasks/rules_management';
import { CREATE_RULE_URL } from '../../../urls/navigation';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
describe('EQL rules', { tags: ['@ess', '@serverless'] }, () => {
beforeEach(() => {

42
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/indicator_match_rule.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts
View file

@ -5,20 +5,20 @@
* 2.0.
*/
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../helpers/rules';
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../../helpers/rules';
import {
getIndexPatterns,
getNewThreatIndicatorRule,
getThreatIndexPatterns,
indicatorRuleMatchingDoc,
} from '../../../objects/rule';
} from '../../../../objects/rule';
import {
ALERT_RULE_NAME,
ALERT_RISK_SCORE,
ALERT_SEVERITY,
ALERTS_COUNT,
} from '../../../screens/alerts';
} from '../../../../screens/alerts';
import {
CUSTOM_RULES_BTN,
RISK_SCORE,
@ -26,7 +26,7 @@ import {
RULE_NAME,
RULE_SWITCH,
SEVERITY,
} from '../../../screens/alerts_detection_rules';
} from '../../../../screens/alerts_detection_rules';
import {
ABOUT_DETAILS,
ABOUT_INVESTIGATION_NOTES,
@ -53,9 +53,9 @@ import {
SEVERITY_DETAILS,
TAGS_DETAILS,
TIMELINE_TEMPLATE_DETAILS,
} from '../../../screens/rule_details';
import { INDICATOR_MATCH_ROW_RENDER, PROVIDER_BADGE } from '../../../screens/timeline';
import { investigateFirstAlertInTimeline } from '../../../tasks/alerts';
} from '../../../../screens/rule_details';
import { INDICATOR_MATCH_ROW_RENDER, PROVIDER_BADGE } from '../../../../screens/timeline';
import { investigateFirstAlertInTimeline } from '../../../../tasks/alerts';
import {
duplicateFirstRule,
duplicateRuleFromMenu,
@ -64,10 +64,10 @@ import {
selectAllRules,
goToRuleDetailsOf,
disableAutoRefresh,
} from '../../../tasks/alerts_detection_rules';
import { duplicateSelectedRulesWithExceptions } from '../../../tasks/rules_bulk_actions';
import { createRule } from '../../../tasks/api_calls/rules';
import { loadPrepackagedTimelineTemplates } from '../../../tasks/api_calls/timelines';
} from '../../../../tasks/alerts_detection_rules';
import { duplicateSelectedRulesWithExceptions } from '../../../../tasks/rules_bulk_actions';
import { createRule } from '../../../../tasks/api_calls/rules';
import { loadPrepackagedTimelineTemplates } from '../../../../tasks/api_calls/timelines';
import {
createAndEnableRule,
fillAboutRuleAndContinue,
@ -92,26 +92,26 @@ import {
getIndicatorOrButton,
selectIndicatorMatchType,
waitForAlertsToPopulate,
} from '../../../tasks/create_new_rule';
} from '../../../../tasks/create_new_rule';
import {
SCHEDULE_INTERVAL_AMOUNT_INPUT,
SCHEDULE_INTERVAL_UNITS_INPUT,
SCHEDULE_LOOKBACK_AMOUNT_INPUT,
SCHEDULE_LOOKBACK_UNITS_INPUT,
} from '../../../screens/create_new_rule';
import { goBackToRuleDetails } from '../../../tasks/edit_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
} from '../../../../screens/create_new_rule';
import { goBackToRuleDetails } from '../../../../tasks/edit_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import {
goBackToRulesTable,
getDetails,
waitForTheRuleToBeExecuted,
visitRuleDetailsPage,
} from '../../../tasks/rule_details';
import { CREATE_RULE_URL } from '../../../urls/navigation';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
import { openRuleManagementPageViaBreadcrumbs } from '../../../tasks/rules_management';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
} from '../../../../tasks/rule_details';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management';
import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
const DEFAULT_THREAT_MATCH_QUERY = '@timestamp >= "now-30d/d"';

22
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/machine_learning_rule.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule.cy.ts
View file

@ -6,8 +6,8 @@
*/
import { isArray } from 'lodash';
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../helpers/rules';
import { getMachineLearningRule } from '../../../objects/rule';
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../../helpers/rules';
import { getMachineLearningRule } from '../../../../objects/rule';
import {
CUSTOM_RULES_BTN,
@ -16,7 +16,7 @@ import {
RULE_NAME,
RULE_SWITCH,
SEVERITY,
} from '../../../screens/alerts_detection_rules';
} from '../../../../screens/alerts_detection_rules';
import {
ABOUT_DETAILS,
ABOUT_RULE_DESCRIPTION,
@ -37,21 +37,21 @@ import {
SEVERITY_DETAILS,
TAGS_DETAILS,
TIMELINE_TEMPLATE_DETAILS,
} from '../../../screens/rule_details';
} from '../../../../screens/rule_details';
import { getDetails } from '../../../tasks/rule_details';
import { expectNumberOfRules, goToRuleDetailsOf } from '../../../tasks/alerts_detection_rules';
import { getDetails } from '../../../../tasks/rule_details';
import { expectNumberOfRules, goToRuleDetailsOf } from '../../../../tasks/alerts_detection_rules';
import {
createAndEnableRule,
fillAboutRuleAndContinue,
fillDefineMachineLearningRuleAndContinue,
fillScheduleRuleAndContinue,
selectMachineLearningRuleType,
} from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../tasks/rules_management';
import { CREATE_RULE_URL } from '../../../urls/navigation';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
describe(
'Machine Learning rules',

26
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/new_terms_rule.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/new_terms_rule.cy.ts
View file

@ -5,10 +5,10 @@
* 2.0.
*/
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../helpers/rules';
import { getIndexPatterns, getNewTermsRule } from '../../../objects/rule';
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../../helpers/rules';
import { getIndexPatterns, getNewTermsRule } from '../../../../objects/rule';
import { ALERT_DATA_GRID } from '../../../screens/alerts';
import { ALERT_DATA_GRID } from '../../../../screens/alerts';
import {
CUSTOM_RULES_BTN,
RISK_SCORE,
@ -16,7 +16,7 @@ import {
RULE_NAME,
RULE_SWITCH,
SEVERITY,
} from '../../../screens/alerts_detection_rules';
} from '../../../../screens/alerts_detection_rules';
import {
ABOUT_DETAILS,
ABOUT_INVESTIGATION_NOTES,
@ -41,11 +41,11 @@ import {
TIMELINE_TEMPLATE_DETAILS,
NEW_TERMS_HISTORY_WINDOW_DETAILS,
NEW_TERMS_FIELDS_DETAILS,
} from '../../../screens/rule_details';
} from '../../../../screens/rule_details';
import { getDetails, waitForTheRuleToBeExecuted } from '../../../tasks/rule_details';
import { expectNumberOfRules, goToRuleDetailsOf } from '../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { getDetails, waitForTheRuleToBeExecuted } from '../../../../tasks/rule_details';
import { expectNumberOfRules, goToRuleDetailsOf } from '../../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import {
createAndEnableRule,
fillAboutRuleAndContinue,
@ -53,11 +53,11 @@ import {
fillScheduleRuleAndContinue,
selectNewTermsRuleType,
waitForAlertsToPopulate,
} from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { CREATE_RULE_URL } from '../../../urls/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../tasks/rules_management';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management';
describe('New Terms rules', { tags: ['@ess', '@serverless'] }, () => {
describe('Detection rules, New Terms', () => {

30
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/override.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/override.cy.ts
View file

@ -5,10 +5,14 @@
* 2.0.
*/
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../helpers/rules';
import { getIndexPatterns, getNewOverrideRule, getSeveritiesOverride } from '../../../objects/rule';
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../../helpers/rules';
import {
getIndexPatterns,
getNewOverrideRule,
getSeveritiesOverride,
} from '../../../../objects/rule';
import { ALERT_GRID_CELL, ALERTS_COUNT } from '../../../screens/alerts';
import { ALERT_GRID_CELL, ALERTS_COUNT } from '../../../../screens/alerts';
import {
CUSTOM_RULES_BTN,
@ -17,7 +21,7 @@ import {
RULE_NAME,
RULE_SWITCH,
SEVERITY,
} from '../../../screens/alerts_detection_rules';
} from '../../../../screens/alerts_detection_rules';
import {
ABOUT_INVESTIGATION_NOTES,
ABOUT_DETAILS,
@ -45,22 +49,22 @@ import {
TAGS_DETAILS,
TIMELINE_TEMPLATE_DETAILS,
TIMESTAMP_OVERRIDE_DETAILS,
} from '../../../screens/rule_details';
} from '../../../../screens/rule_details';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { expectNumberOfRules, goToRuleDetailsOf } from '../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { expectNumberOfRules, goToRuleDetailsOf } from '../../../../tasks/alerts_detection_rules';
import {
createAndEnableRule,
fillAboutRuleWithOverrideAndContinue,
fillDefineCustomRuleAndContinue,
fillScheduleRuleAndContinue,
waitForAlertsToPopulate,
} from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { getDetails, waitForTheRuleToBeExecuted } from '../../../tasks/rule_details';
import { CREATE_RULE_URL } from '../../../urls/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../tasks/rules_management';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { getDetails, waitForTheRuleToBeExecuted } from '../../../../tasks/rule_details';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management';
describe('Rules override', { tags: ['@ess', '@serverless'] }, () => {
const rule = getNewOverrideRule();

34
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/threshold_rule.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule.cy.ts
View file

@ -5,10 +5,10 @@
* 2.0.
*/
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../helpers/rules';
import { getIndexPatterns, getNewThresholdRule } from '../../../objects/rule';
import { formatMitreAttackDescription, getHumanizedDuration } from '../../../../helpers/rules';
import { getIndexPatterns, getNewThresholdRule } from '../../../../objects/rule';
import { ALERTS_COUNT, ALERT_GRID_CELL } from '../../../screens/alerts';
import { ALERTS_COUNT, ALERT_GRID_CELL } from '../../../../screens/alerts';
import {
CUSTOM_RULES_BTN,
@ -17,7 +17,7 @@ import {
RULE_NAME,
RULE_SWITCH,
SEVERITY,
} from '../../../screens/alerts_detection_rules';
} from '../../../../screens/alerts_detection_rules';
import {
ABOUT_DETAILS,
ABOUT_INVESTIGATION_NOTES,
@ -42,15 +42,10 @@ import {
THRESHOLD_DETAILS,
TIMELINE_TEMPLATE_DETAILS,
SUPPRESS_FOR_DETAILS,
} from '../../../screens/rule_details';
} from '../../../../screens/rule_details';
import { expectNumberOfRules, goToRuleDetailsOf } from '../../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import {
getDetails,
waitForTheRuleToBeExecuted,
assertDetailsNotExist,
} from '../../../tasks/rule_details';
import { expectNumberOfRules, goToRuleDetailsOf } from '../../../tasks/alerts_detection_rules';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import {
createAndEnableRule,
createRuleWithoutEnabling,
@ -62,11 +57,16 @@ import {
fillScheduleRuleAndContinue,
selectThresholdRuleType,
waitForAlertsToPopulate,
} from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { openRuleManagementPageViaBreadcrumbs } from '../../../tasks/rules_management';
import { CREATE_RULE_URL } from '../../../urls/navigation';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import {
getDetails,
assertDetailsNotExist,
waitForTheRuleToBeExecuted,
} from '../../../../tasks/rule_details';
import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
describe(
'Threshold rules',

16
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/threshold_rule_ess_basic.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule_ess_basic.cy.ts
View file

@ -8,15 +8,15 @@
import {
ALERT_SUPPRESSION_DURATION_INPUT,
THRESHOLD_ENABLE_SUPPRESSION_CHECKBOX,
} from '../../../screens/create_new_rule';
} from '../../../../screens/create_new_rule';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { startBasicLicense } from '../../../tasks/api_calls/licensing';
import { selectThresholdRuleType } from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { CREATE_RULE_URL } from '../../../urls/navigation';
import { TOOLTIP } from '../../../screens/common';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { startBasicLicense } from '../../../../tasks/api_calls/licensing';
import { selectThresholdRuleType } from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
import { TOOLTIP } from '../../../../screens/common';
describe('Threshold rules, ESS basic license', { tags: ['@ess'] }, () => {
beforeEach(() => {

13
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation/threshold_rule_serverless_essentials.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule_serverless_essentials.cy.ts
View file

@ -5,13 +5,12 @@
* 2.0.
*/
import { THRESHOLD_ENABLE_SUPPRESSION_CHECKBOX } from '../../../screens/create_new_rule';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { selectThresholdRuleType } from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { CREATE_RULE_URL } from '../../../urls/navigation';
import { THRESHOLD_ENABLE_SUPPRESSION_CHECKBOX } from '../../../../screens/create_new_rule';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { selectThresholdRuleType } from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { CREATE_RULE_URL } from '../../../../urls/navigation';
describe(
'Threshold rules, Serverless essentials license',

22
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_edit/custom_query_rule.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/custom_query_rule.cy.ts
View file

@ -5,12 +5,12 @@
* 2.0.
*/
import { getExistingRule, getEditedRule } from '../../../objects/rule';
import { getExistingRule, getEditedRule } from '../../../../objects/rule';
import {
ACTIONS_NOTIFY_WHEN_BUTTON,
ACTIONS_SUMMARY_BUTTON,
} from '../../../screens/common/rule_actions';
} from '../../../../screens/common/rule_actions';
import {
CUSTOM_QUERY_INPUT,
DEFINE_INDEX_INPUT,
@ -22,7 +22,7 @@ import {
SEVERITY_DROPDOWN,
TAGS_CLEAR_BUTTON,
TAGS_FIELD,
} from '../../../screens/create_new_rule';
} from '../../../../screens/create_new_rule';
import {
ABOUT_DETAILS,
ABOUT_INVESTIGATION_NOTES,
@ -39,20 +39,20 @@ import {
SEVERITY_DETAILS,
TAGS_DETAILS,
TIMELINE_TEMPLATE_DETAILS,
} from '../../../screens/rule_details';
} from '../../../../screens/rule_details';
import { createRule } from '../../../tasks/api_calls/rules';
import { deleteAlertsAndRules, deleteConnectors } from '../../../tasks/api_calls/common';
import { addEmailConnectorAndRuleAction } from '../../../tasks/common/rule_actions';
import { createRule } from '../../../../tasks/api_calls/rules';
import { deleteAlertsAndRules, deleteConnectors } from '../../../../tasks/api_calls/common';
import { addEmailConnectorAndRuleAction } from '../../../../tasks/common/rule_actions';
import {
fillAboutRule,
goToAboutStepTab,
goToActionsStepTab,
goToScheduleStepTab,
} from '../../../tasks/create_new_rule';
import { saveEditedRule, visitEditRulePage } from '../../../tasks/edit_rule';
import { login } from '../../../tasks/login';
import { getDetails } from '../../../tasks/rule_details';
} from '../../../../tasks/create_new_rule';
import { saveEditedRule, visitEditRulePage } from '../../../../tasks/edit_rule';
import { login } from '../../../../tasks/login';
import { getDetails } from '../../../../tasks/rule_details';
describe('Custom query rules', { tags: ['@ess', '@serverless', '@brokenInServerlessQA'] }, () => {
const rule = getEditedRule();

24
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_edit/esql_rule.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts
View file

@ -5,30 +5,30 @@
* 2.0.
*/
import { getEsqlRule } from '../../../objects/rule';
import { getEsqlRule } from '../../../../objects/rule';
import { ESQL_QUERY_DETAILS, RULE_NAME_OVERRIDE_DETAILS } from '../../../screens/rule_details';
import { ESQL_QUERY_DETAILS, RULE_NAME_OVERRIDE_DETAILS } from '../../../../screens/rule_details';
import { ESQL_QUERY_BAR, ESQL_QUERY_BAR_EXPAND_BTN } from '../../../screens/create_new_rule';
import { ESQL_QUERY_BAR, ESQL_QUERY_BAR_EXPAND_BTN } from '../../../../screens/create_new_rule';
import { createRule } from '../../../tasks/api_calls/rules';
import { createRule } from '../../../../tasks/api_calls/rules';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
import { getDetails } from '../../../tasks/rule_details';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management';
import { getDetails } from '../../../../tasks/rule_details';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import {
clearEsqlQueryBar,
fillEsqlQueryBar,
fillOverrideEsqlRuleName,
goToAboutStepTab,
expandAdvancedSettings,
} from '../../../tasks/create_new_rule';
import { login } from '../../../tasks/login';
} from '../../../../tasks/create_new_rule';
import { login } from '../../../../tasks/login';
import { editFirstRule } from '../../../tasks/alerts_detection_rules';
import { editFirstRule } from '../../../../tasks/alerts_detection_rules';
import { saveEditedRule } from '../../../tasks/edit_rule';
import { visit } from '../../../tasks/navigation';
import { saveEditedRule } from '../../../../tasks/edit_rule';
import { visit } from '../../../../tasks/navigation';
const rule = getEsqlRule();

24
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_edit/threshold_rule.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts
View file

@ -5,14 +5,14 @@
* 2.0.
*/
import { getNewThresholdRule } from '../../../objects/rule';
import { getNewThresholdRule } from '../../../../objects/rule';
import {
SUPPRESS_FOR_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_MISSING_FIELD,
} from '../../../screens/rule_details';
} from '../../../../screens/rule_details';
import {
ALERT_SUPPRESSION_DURATION_INPUT,
@ -20,20 +20,20 @@ import {
ALERT_SUPPRESSION_DURATION_PER_RULE_EXECUTION,
ALERT_SUPPRESSION_DURATION_PER_TIME_INTERVAL,
ALERT_SUPPRESSION_FIELDS,
} from '../../../screens/create_new_rule';
} from '../../../../screens/create_new_rule';
import { createRule } from '../../../tasks/api_calls/rules';
import { createRule } from '../../../../tasks/api_calls/rules';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
import { getDetails, assertDetailsNotExist } from '../../../tasks/rule_details';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import { login } from '../../../tasks/login';
import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management';
import { getDetails, assertDetailsNotExist } from '../../../../tasks/rule_details';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import { login } from '../../../../tasks/login';
import { editFirstRule } from '../../../tasks/alerts_detection_rules';
import { editFirstRule } from '../../../../tasks/alerts_detection_rules';
import { saveEditedRule, goBackToRuleDetails } from '../../../tasks/edit_rule';
import { enablesAndPopulatesThresholdSuppression } from '../../../tasks/create_new_rule';
import { visit } from '../../../tasks/navigation';
import { saveEditedRule, goBackToRuleDetails } from '../../../../tasks/edit_rule';
import { enablesAndPopulatesThresholdSuppression } from '../../../../tasks/create_new_rule';
import { visit } from '../../../../tasks/navigation';
const rule = getNewThresholdRule();

28
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/sourcerer/create_runtime_field.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/sourcerer/create_runtime_field.cy.ts
View file

@ -5,23 +5,23 @@
* 2.0.
*/
import { login } from '../../../tasks/login';
import { visitWithTimeRange } from '../../../tasks/navigation';
import { openTimelineUsingToggle } from '../../../tasks/security_main';
import { openTimelineFieldsBrowser, populateTimeline } from '../../../tasks/timeline';
import { login } from '../../../../tasks/login';
import { visitWithTimeRange } from '../../../../tasks/navigation';
import { openTimelineUsingToggle } from '../../../../tasks/security_main';
import { openTimelineFieldsBrowser, populateTimeline } from '../../../../tasks/timeline';
import { hostsUrl, ALERTS_URL } from '../../../urls/navigation';
import { hostsUrl, ALERTS_URL } from '../../../../urls/navigation';
import { createRule } from '../../../tasks/api_calls/rules';
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../objects/rule';
import { refreshPage } from '../../../tasks/security_header';
import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule';
import { createField } from '../../../tasks/create_runtime_field';
import { openAlertsFieldBrowser } from '../../../tasks/alerts';
import { GET_DATA_GRID_HEADER } from '../../../screens/common/data_grid';
import { GET_TIMELINE_HEADER } from '../../../screens/timeline';
import { deleteRuntimeField } from '../../../tasks/api_calls/sourcerer';
import { getNewRule } from '../../../../objects/rule';
import { refreshPage } from '../../../../tasks/security_header';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { createField } from '../../../../tasks/create_runtime_field';
import { openAlertsFieldBrowser } from '../../../../tasks/alerts';
import { GET_DATA_GRID_HEADER } from '../../../../screens/common/data_grid';
import { GET_TIMELINE_HEADER } from '../../../../screens/timeline';
import { deleteRuntimeField } from '../../../../tasks/api_calls/sourcerer';
const alertRunTimeField = 'field.name.alert.page';
const timelineRuntimeField = 'field.name.timeline';

12
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/sourcerer/sourcerer.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/sourcerer/sourcerer.cy.ts
View file

@ -7,10 +7,10 @@
import { DEFAULT_INDEX_PATTERN } from '@kbn/security-solution-plugin/common/constants';
import { login } from '../../../tasks/login';
import { visitWithTimeRange } from '../../../tasks/navigation';
import { login } from '../../../../tasks/login';
import { visitWithTimeRange } from '../../../../tasks/navigation';
import { hostsUrl } from '../../../urls/navigation';
import { hostsUrl } from '../../../../urls/navigation';
import {
addIndexToDefault,
deselectSourcererOptions,
@ -25,9 +25,9 @@ import {
openSourcerer,
resetSourcerer,
saveSourcerer,
} from '../../../tasks/sourcerer';
import { postDataView } from '../../../tasks/api_calls/common';
import { SOURCERER } from '../../../screens/sourcerer';
} from '../../../../tasks/sourcerer';
import { postDataView } from '../../../../tasks/api_calls/common';
import { SOURCERER } from '../../../../screens/sourcerer';
const siemDataViewTitle = 'Security Default Data View';
const dataViews = ['auditbeat-*,fakebeat-*', 'auditbeat-*,*beat*,siem-read*,.kibana*,fakebeat-*'];

10
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/sourcerer/sourcerer_permissions.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/sourcerer/sourcerer_permissions.cy.ts
View file

@ -7,11 +7,11 @@
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { hostsUrl } from '../../../urls/navigation';
import { postDataView } from '../../../tasks/api_calls/common';
import { TOASTER } from '../../../screens/configure_cases';
import { visit } from '../../../tasks/navigation';
import { login } from '../../../tasks/login';
import { hostsUrl } from '../../../../urls/navigation';
import { postDataView } from '../../../../tasks/api_calls/common';
import { TOASTER } from '../../../../screens/configure_cases';
import { visit } from '../../../../tasks/navigation';
import { login } from '../../../../tasks/login';
const dataViews = ['auditbeat-*,fakebeat-*', 'auditbeat-*,*beat*,siem-read*,.kibana*,fakebeat-*'];

18
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/sourcerer/sourcerer_timeline.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/sourcerer/sourcerer_timeline.cy.ts
View file

@ -10,10 +10,10 @@ import {
DEFAULT_INDEX_PATTERN,
} from '@kbn/security-solution-plugin/common/constants';
import { login } from '../../../tasks/login';
import { visitWithTimeRange } from '../../../tasks/navigation';
import { login } from '../../../../tasks/login';
import { visitWithTimeRange } from '../../../../tasks/navigation';
import { TIMELINES_URL } from '../../../urls/navigation';
import { TIMELINES_URL } from '../../../../urls/navigation';
import {
clickAlertCheckbox,
deselectSourcererOptions,
@ -29,12 +29,12 @@ import {
refreshUntilAlertsIndexExists,
resetSourcerer,
saveSourcerer,
} from '../../../tasks/sourcerer';
import { openTimelineUsingToggle } from '../../../tasks/security_main';
import { SOURCERER } from '../../../screens/sourcerer';
import { createTimeline } from '../../../tasks/api_calls/timelines';
import { getTimeline, getTimelineModifiedSourcerer } from '../../../objects/timeline';
import { closeTimeline, openTimelineById } from '../../../tasks/timeline';
} from '../../../../tasks/sourcerer';
import { openTimelineUsingToggle } from '../../../../tasks/security_main';
import { SOURCERER } from '../../../../screens/sourcerer';
import { createTimeline } from '../../../../tasks/api_calls/timelines';
import { getTimeline, getTimelineModifiedSourcerer } from '../../../../objects/timeline';
import { closeTimeline, openTimelineById } from '../../../../tasks/timeline';
const siemDataViewTitle = 'Security Default Data View';
const dataViews = ['auditbeat-*,fakebeat-*', 'auditbeat-*,*beat*,siem-read*,.kibana*,fakebeat-*'];

8
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists/permissions.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/permissions.cy.ts
View file

@ -7,10 +7,10 @@
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
import { VALUE_LISTS_MODAL_ACTIVATOR } from '../../../screens/lists';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management';
import { VALUE_LISTS_MODAL_ACTIVATOR } from '../../../../screens/lists';
describe('value list permissions', { tags: ['@ess', '@skipInServerless'] }, () => {
describe('user with restricted access role', () => {

12
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists/value_lists.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/value_lists.cy.ts
View file

@ -5,9 +5,9 @@
* 2.0.
*/
import { login } from '../../../tasks/login';
import { visit } from '../../../tasks/navigation';
import { RULES_MANAGEMENT_URL } from '../../../urls/rules_management';
import { login } from '../../../../tasks/login';
import { visit } from '../../../../tasks/navigation';
import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management';
import {
createListsIndex,
waitForValueListsModalToBeLoaded,
@ -22,9 +22,9 @@ import {
waitForListsIndex,
deleteValueLists,
KNOWN_VALUE_LIST_FILES,
} from '../../../tasks/lists';
import { VALUE_LISTS_TABLE, VALUE_LISTS_ROW } from '../../../screens/lists';
import { refreshIndex } from '../../../tasks/api_calls/elasticsearch';
} from '../../../../tasks/lists';
import { VALUE_LISTS_TABLE, VALUE_LISTS_ROW } from '../../../../screens/lists';
import { refreshIndex } from '../../../../tasks/api_calls/elasticsearch';
describe('value lists management modal', { tags: ['@ess', '@serverless'] }, () => {
beforeEach(() => {

16
x-pack/test/security_solution_cypress/package.json
View file

@ -7,12 +7,14 @@
"scripts": {
"cypress": "NODE_OPTIONS=--openssl-legacy-provider ../../../node_modules/.bin/cypress",
"cypress:open:ess": "TZ=UTC NODE_OPTIONS=--openssl-legacy-provider node ../../plugins/security_solution/scripts/start_cypress_parallel open --spec './cypress/e2e/**/*.cy.ts' --config-file ../../test/security_solution_cypress/cypress/cypress.config.ts --ftr-config-file ../../test/security_solution_cypress/cli_config",
"cypress:run:ess": "yarn cypress:ess --spec './cypress/e2e/!(investigations|explore|detection_response/rule_management)/**/*.cy.ts'",
"cypress:run:ess": "yarn cypress:ess --spec './cypress/e2e/!(investigations|explore|detection_response)/**/*.cy.ts'",
"cypress:run:cases:ess": "yarn cypress:ess --spec './cypress/e2e/explore/cases/*.cy.ts'",
"cypress:ess": "TZ=UTC NODE_OPTIONS=--openssl-legacy-provider node ../../plugins/security_solution/scripts/start_cypress_parallel run --config-file ../../test/security_solution_cypress/cypress/cypress_ci.config.ts --ftr-config-file ../../test/security_solution_cypress/cli_config",
"cypress:rule_management:run:ess":"yarn cypress:ess --spec './cypress/e2e/detection_response/rule_management/!(prebuilt_rules)/**/*.cy.ts'",
"cypress:rule_management:prebuilt_rules:run:ess": "yarn cypress:ess --spec './cypress/e2e/detection_response/rule_management/prebuilt_rules/**/*.cy.ts'",
"cypress:run:respops:ess": "yarn cypress:ess --spec './cypress/e2e/(detection_response|exceptions)/**/*.cy.ts'",
"cypress:detection_engine:run:ess":"yarn cypress:ess --spec './cypress/e2e/detection_response/detection_engine/!(exceptions)/**/*.cy.ts'",
"cypress:detection_engine:exceptions:run:ess": "yarn cypress:ess --spec './cypress/e2e/detection_response/detection_engine/exceptions/**/*.cy.ts'",
"cypress:run:respops:ess": "yarn cypress:ess --spec './cypress/e2e/(detection_response)/**/*.cy.ts'",
"cypress:investigations:run:ess": "yarn cypress:ess --spec './cypress/e2e/investigations/**/*.cy.ts'",
"cypress:explore:run:ess": "yarn cypress:ess --spec './cypress/e2e/explore/**/*.cy.ts'",
"cypress:changed-specs-only:ess": "yarn cypress:ess --changed-specs-only --env burn=5",
@ -23,20 +25,24 @@
"cypress:cloud:serverless": "TZ=UTC NODE_OPTIONS=--openssl-legacy-provider NODE_TLS_REJECT_UNAUTHORIZED=0 ../../../node_modules/.bin/cypress",
"cypress:open:cloud:serverless": "yarn cypress:cloud:serverless open --config-file ./cypress/cypress_serverless.config.ts --env CLOUD_SERVERLESS=true",
"cypress:open:serverless": "yarn cypress:serverless open --config-file ../../test/security_solution_cypress/cypress/cypress_serverless.config.ts --spec './cypress/e2e/**/*.cy.ts'",
"cypress:run:serverless": "yarn cypress:serverless --spec './cypress/e2e/!(investigations|explore|detection_response/rule_management)/**/*.cy.ts'",
"cypress:run:serverless": "yarn cypress:serverless --spec './cypress/e2e/!(investigations|explore|detection_response)/**/*.cy.ts'",
"cypress:run:cloud:serverless": "yarn cypress:cloud:serverless run --config-file ./cypress/cypress_ci_serverless.config.ts --env CLOUD_SERVERLESS=true",
"cypress:rule_management:run:serverless": "yarn cypress:serverless --spec './cypress/e2e/detection_response/rule_management/!(prebuilt_rules)/**/*.cy.ts'",
"cypress:rule_management:prebuilt_rules:run:serverless": "yarn cypress:serverless --spec './cypress/e2e/detection_response/rule_management/prebuilt_rules/**/*.cy.ts'",
"cypress:detection_engine:run:serverless": "yarn cypress:serverless --spec './cypress/e2e/detection_response/detection_engine/!(exceptions)/**/*.cy.ts'",
"cypress:detection_engine:exceptions:run:serverless": "yarn cypress:serverless --spec './cypress/e2e/detection_response/detection_engine/exceptions/**/*.cy.ts'",
"cypress:investigations:run:serverless": "yarn cypress:serverless --spec './cypress/e2e/investigations/**/*.cy.ts'",
"cypress:explore:run:serverless": "yarn cypress:serverless --spec './cypress/e2e/explore/**/*.cy.ts'",
"cypress:changed-specs-only:serverless": "yarn cypress:serverless --changed-specs-only --env burn=5",
"cypress:burn:serverless": "yarn cypress:serverless --env burn=2",
"cypress:qa:serverless": "TZ=UTC NODE_OPTIONS=--openssl-legacy-provider node ../../plugins/security_solution/scripts/start_cypress_parallel_serverless --config-file ../../test/security_solution_cypress/cypress/cypress_ci_serverless_qa.config.ts",
"cypress:open:qa:serverless": "yarn cypress:qa:serverless open",
"cypress:run:qa:serverless": "yarn cypress:qa:serverless --spec './cypress/e2e/!(investigations|explore|detection_response/rule_management)/**/*.cy.ts'",
"cypress:run:qa:serverless": "yarn cypress:qa:serverless --spec './cypress/e2e/!(investigations|explore|detection_response)/**/*.cy.ts'",
"cypress:run:qa:serverless:investigations": "yarn cypress:qa:serverless --spec './cypress/e2e/investigations/**/*.cy.ts'",
"cypress:run:qa:serverless:explore": "yarn cypress:qa:serverless --spec './cypress/e2e/explore/**/*.cy.ts'",
"cypress:run:qa:serverless:rule_management": "yarn cypress:qa:serverless --spec './cypress/e2e/detection_response/rule_management/!(prebuilt_rules)/**/*.cy.ts'",
"cypress:run:qa:serverless:rule_management:prebuilt_rules": "yarn cypress:qa:serverless --spec './cypress/e2e/detection_response/rule_management/prebuilt_rules/**/*.cy.ts'"
"cypress:run:qa:serverless:rule_management:prebuilt_rules": "yarn cypress:qa:serverless --spec './cypress/e2e/detection_response/rule_management/prebuilt_rules/**/*.cy.ts'",
"cypress:run:qa:serverless:detection_engine": "yarn cypress:qa:serverless --spec './cypress/e2e/detection_response/rule_management/!(exceptions)/**/*.cy.ts'",
"cypress:run:qa:serverless:detection_engine:exceptions": "yarn cypress:qa:serverless --spec './cypress/e2e/detection_response/rule_management/exceptions/**/*.cy.ts'"
}
}