mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
Drop Detection Engine FTR test POC (#104852)
This commit is contained in:
Domenico Andreoli
GitHub
parent
bb1759e065
commit
3638c5ffb2
1 changed files with 0 additions and 155 deletions
|
|
@ -5,16 +5,7 @@
|
|||
* 2.0.
|
||||
*/
|
||||
|
||||
import fs from 'fs';
|
||||
import { resolve } from 'path';
|
||||
import expect from '@kbn/expect';
|
||||
import { Client as EsClient } from '@elastic/elasticsearch';
|
||||
import { KbnClient } from '@kbn/test';
|
||||
import { EsArchiver } from '@kbn/es-archiver';
|
||||
import { CA_CERT_PATH, REPO_ROOT } from '@kbn/dev-utils';
|
||||
|
||||
const INTEGRATION_TEST_ROOT = process.env.WORKSPACE || resolve(REPO_ROOT, '../integration-test');
|
||||
const ARCHIVE = resolve(INTEGRATION_TEST_ROOT, 'test/es_archives/metricbeat');
|
||||
|
||||
export default ({ getService, getPageObjects }) => {
|
||||
describe('Cross cluster search test in discover', async () => {
|
||||
|
|
@ -212,151 +203,5 @@ export default ({ getService, getPageObjects }) => {
|
|||
expect(hitCount).to.be.lessThan(originalHitCount);
|
||||
});
|
||||
});
|
||||
|
||||
describe('Detection engine', async function () {
|
||||
const supertest = getService('supertest');
|
||||
const esSupertest = getService('esSupertest');
|
||||
const config = getService('config');
|
||||
|
||||
const esClient = new EsClient({
|
||||
ssl: {
|
||||
ca: fs.readFileSync(CA_CERT_PATH, 'utf-8'),
|
||||
},
|
||||
nodes: [process.env.TEST_ES_URLDATA],
|
||||
requestTimeout: config.get('timeouts.esRequestTimeout'),
|
||||
});
|
||||
|
||||
const kbnClient = new KbnClient({
|
||||
log,
|
||||
url: process.env.TEST_KIBANA_URLDATA,
|
||||
certificateAuthorities: config.get('servers.kibana.certificateAuthorities'),
|
||||
uiSettingDefaults: kibanaServer.uiSettings,
|
||||
});
|
||||
|
||||
const esArchiver = new EsArchiver({
|
||||
log,
|
||||
client: esClient,
|
||||
kbnClient,
|
||||
});
|
||||
|
||||
let signalsId;
|
||||
let dataId;
|
||||
let ruleId;
|
||||
|
||||
before('Prepare .siem-signal-*', async function () {
|
||||
log.info('Create index');
|
||||
// visit app/security so to create .siem-signals-* as side effect
|
||||
await PageObjects.common.navigateToApp('security', { insertTimestamp: false });
|
||||
|
||||
log.info('Create index pattern');
|
||||
signalsId = await supertest
|
||||
.post('/api/index_patterns/index_pattern')
|
||||
.set('kbn-xsrf', 'true')
|
||||
.send({
|
||||
index_pattern: {
|
||||
title: '.siem-signals-*',
|
||||
},
|
||||
override: true,
|
||||
})
|
||||
.expect(200)
|
||||
.then((res) => JSON.parse(res.text).index_pattern.id);
|
||||
log.debug('id: ' + signalsId);
|
||||
});
|
||||
|
||||
before('Prepare data:metricbeat-*', async function () {
|
||||
log.info('Create index');
|
||||
await esArchiver.load(ARCHIVE);
|
||||
|
||||
log.info('Create index pattern');
|
||||
dataId = await supertest
|
||||
.post('/api/index_patterns/index_pattern')
|
||||
.set('kbn-xsrf', 'true')
|
||||
.send({
|
||||
index_pattern: {
|
||||
title: 'data:metricbeat-*',
|
||||
},
|
||||
override: true,
|
||||
})
|
||||
.expect(200)
|
||||
.then((res) => JSON.parse(res.text).index_pattern.id);
|
||||
log.debug('id: ' + dataId);
|
||||
});
|
||||
|
||||
before('Add detection rule', async function () {
|
||||
ruleId = await supertest
|
||||
.post('/api/detection_engine/rules')
|
||||
.set('kbn-xsrf', 'true')
|
||||
.send({
|
||||
description: 'This is the description of the rule',
|
||||
risk_score: 17,
|
||||
severity: 'low',
|
||||
interval: '10s',
|
||||
name: 'CCS_Detection_test',
|
||||
type: 'query',
|
||||
from: 'now-1y',
|
||||
index: ['data:metricbeat-*'],
|
||||
query: '*:*',
|
||||
language: 'kuery',
|
||||
enabled: true,
|
||||
})
|
||||
.expect(200)
|
||||
.then((res) => JSON.parse(res.text).id);
|
||||
log.debug('id: ' + ruleId);
|
||||
});
|
||||
|
||||
after('Clean up detection rule', async function () {
|
||||
if (ruleId !== undefined) {
|
||||
log.debug('id: ' + ruleId);
|
||||
await supertest
|
||||
.delete('/api/detection_engine/rules?id=' + ruleId)
|
||||
.set('kbn-xsrf', 'true')
|
||||
.expect(200);
|
||||
}
|
||||
});
|
||||
|
||||
after('Clean up data:metricbeat-*', async function () {
|
||||
if (dataId !== undefined) {
|
||||
log.info('Delete index pattern');
|
||||
log.debug('id: ' + dataId);
|
||||
await supertest
|
||||
.delete('/api/index_patterns/index_pattern/' + dataId)
|
||||
.set('kbn-xsrf', 'true')
|
||||
.expect(200);
|
||||
}
|
||||
|
||||
log.info('Delete index');
|
||||
await esArchiver.unload(ARCHIVE);
|
||||
});
|
||||
|
||||
after('Clean up .siem-signal-*', async function () {
|
||||
if (signalsId !== undefined) {
|
||||
log.info('Delete index pattern: .siem-signals-*');
|
||||
log.debug('id: ' + signalsId);
|
||||
await supertest
|
||||
.delete('/api/index_patterns/index_pattern/' + signalsId)
|
||||
.set('kbn-xsrf', 'true')
|
||||
.expect(200);
|
||||
}
|
||||
|
||||
log.info('Delete index alias: .siem-signals-default');
|
||||
await esSupertest
|
||||
.delete('/.siem-signals-default-000001/_alias/.siem-signals-default')
|
||||
.expect(200);
|
||||
|
||||
log.info('Delete index: .siem-signals-default-000001');
|
||||
await esSupertest.delete('/.siem-signals-default-000001').expect(200);
|
||||
});
|
||||
|
||||
it('Should generate alerts based on remote events', async function () {
|
||||
log.info('Check if any alert got to .siem-signals-*');
|
||||
await PageObjects.common.navigateToApp('discover', { insertTimestamp: false });
|
||||
await PageObjects.discover.selectIndexPattern('.siem-signals-*');
|
||||
await retry.tryForTime(30000, async () => {
|
||||
const hitCount = await PageObjects.discover.getHitCount();
|
||||
log.debug('### hit count = ' + hitCount);
|
||||
expect(hitCount).to.be('100');
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue