diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index db74a3b6f606..3b2a180ea2a8 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -19,7 +19,7 @@ disabled: # MKI only configs files - x-pack/test_serverless/functional/test_suites/security/config.mki_only.ts -defaultQueue: "n2-4-spot" +defaultQueue: 'n2-4-spot' enabled: - x-pack/test_serverless/api_integration/test_suites/security/config.ts - x-pack/test_serverless/api_integration/test_suites/security/config.feature_flags.ts @@ -76,22 +76,15 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/serverless.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index 75fa543d129d..2d7066513ecf 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -59,23 +59,18 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/ess_basic_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/configs/ess.config.ts diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts index 2b5d1d4701d7..c75382295f61 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts @@ -33,6 +33,7 @@ export const getPrebuiltRuleMock = (rewrites?: Partial): Preb version: 1, author: [], license: 'Elastic License v2', + index: ['index-1', 'index-2'], ...rewrites, }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts deleted file mode 100644 index 2930438a76a0..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import path from 'path'; -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export const BUNDLED_PACKAGE_DIR = path.join( - path.dirname(__filename), - './../fleet_bundled_packages/fixtures' -); -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Bundled Prebuilt Rules Integration Tests - Serverless Env - Complete License', - }, - kbnTestServerArgs: [ - /* Tests in this directory simulate an air-gapped environment in which the instance doesn't have access to EPR. - * To do that, we point the Fleet url to an invalid URL, and instruct Fleet to fetch bundled packages at the - * location defined in BUNDLED_PACKAGE_DIR. - */ - `--xpack.fleet.registryUrl=http://invalidURL:8080`, - `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`, - ], -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/ess_basic_license.config.ts similarity index 76% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/ess_basic_license.config.ts index e72ae9a45ecb..f120009a5e89 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/ess_basic_license.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../config/ess/config.base.basic') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Export Integration Tests - Customization enabled - ESS Env', + 'Rules Management - Prebuilt Rules (Customization Disabled) Integration Tests - ESS Env Basic License', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/serverless_essentials_tier.config.ts similarity index 62% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/serverless_essentials_tier.config.ts index ac783accd0b1..741d45f9adac 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/serverless_essentials_tier.config.ts @@ -5,12 +5,12 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; +import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Export Integration Tests - Customization enabled - Serverless Env', + 'Rules Management - Prebuilt Rules (Customization Disabled) Integration Tests - Serverless Env Essentials Tier', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts index e598f1c59fe2..6f42b26bc644 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts @@ -29,7 +29,7 @@ export default ({ getService }: FtrProviderContext) => { rule_id: 'test-rule-id', }); - describe('@ess @serverless @skipInServerlessMKI is_customized calculation with disabled customization', () => { + describe('@ess @serverless @skipInServerlessMKI Calculate "is_customized"', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts new file mode 100644 index 000000000000..7784d1c77073 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts @@ -0,0 +1,165 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { + BulkActionTypeEnum, + BulkActionEditTypeEnum, + BulkActionEditPayload, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management'; +import { installMockPrebuiltRules } from '../../../../utils'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ getService }: FtrProviderContext): void => { + const supertest = getService('supertest'); + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + + const fetchPrebuiltRule = async () => { + const { + body: { + data: [prebuiltRule], + }, + } = await securitySolutionApi.findRules({ + query: { + filter: 'alert.attributes.params.immutable: true', + per_page: 1, + }, + }); + + return prebuiltRule; + }; + + describe('@ess @serverless @skipInServerless Customize via bulk editing', () => { + const bulkEditingCases = [ + { + type: BulkActionEditTypeEnum.add_tags, + value: ['new-tag'], + }, + { + type: BulkActionEditTypeEnum.set_tags, + value: ['new-tag'], + }, + { + type: BulkActionEditTypeEnum.delete_tags, + value: ['new-tag'], + }, + { + type: BulkActionEditTypeEnum.add_index_patterns, + value: ['test-*'], + }, + { + type: BulkActionEditTypeEnum.set_index_patterns, + value: ['test-*'], + }, + { + type: BulkActionEditTypeEnum.delete_index_patterns, + // We have to make sure rule has non empty index patterns after this action + // otherwise API returns 500 error + value: ['unknown-*'], + }, + { + type: BulkActionEditTypeEnum.set_timeline, + value: { timeline_id: 'mock-id', timeline_title: 'mock-title' }, + }, + { + type: BulkActionEditTypeEnum.set_schedule, + value: { interval: '1m', lookback: '1m' }, + }, + ]; + + bulkEditingCases.forEach(({ type, value }) => { + it(`returns an error after applying "${type}" bulk edit action to prebuilt rules`, async () => { + await installMockPrebuiltRules(supertest, es); + + const prebuiltRule = await fetchPrebuiltRule(); + + await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type, + value, + } as BulkActionEditPayload, + ], + }, + }) + .expect(500); + }); + }); + + // if rule action is applied together with another edit action, that can't be applied to prebuilt rule (for example: tags action) + // bulk edit request should return error + it(`returns an error if one of edit action is not eligible for prebuilt rule`, async () => { + const webHookAction = { + // Higher license level is required for creating connectors + // Using the pre-configured connector for testing + id: 'my-test-email', + group: 'default', + params: { + body: '{"test":"action to be saved in a rule"}', + }, + }; + + await installMockPrebuiltRules(supertest, es); + const prebuiltRule = await fetchPrebuiltRule(); + + const { body } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type: BulkActionEditTypeEnum.set_rule_actions, + value: { + throttle: '1h', + actions: [webHookAction], + }, + }, + { + type: BulkActionEditTypeEnum.set_tags, + value: ['tag-1'], + }, + ], + }, + }) + .expect(500); + + expect(body.attributes.summary).toEqual({ + failed: 1, + skipped: 0, + succeeded: 0, + total: 1, + }); + expect(body.attributes.errors[0]).toEqual({ + message: "Elastic rule can't be edited", + status_code: 500, + rules: [ + { + id: prebuiltRule.id, + name: prebuiltRule.name, + }, + ], + }); + + // Check that the updates were not made + const { body: readRule } = await securitySolutionApi + .readRule({ query: { rule_id: prebuiltRule.rule_id } }) + .expect(200); + + expect(readRule.actions).toEqual(prebuiltRule.actions); + expect(readRule.tags).toEqual(prebuiltRule.tags); + expect(readRule.version).toBe(prebuiltRule.version); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/index.ts similarity index 70% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/index.ts index 61c343751810..c5b37f0817a3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/index.ts @@ -8,7 +8,6 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Update Prebuilt Rules Package', function () { - loadTestFile(require.resolve('./update_prebuilt_rules_package')); - }); + loadTestFile(require.resolve('./calculate_is_customized')); + loadTestFile(require.resolve('./customize_via_bulk_editing')); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/rules_export/export_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/export_prebuilt_rules.ts similarity index 89% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/rules_export/export_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/export_prebuilt_rules.ts index b462824541e5..c3a39540a7cf 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/rules_export/export_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/export_prebuilt_rules.ts @@ -7,7 +7,7 @@ import expect from 'expect'; import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; import { binaryToString, createPrebuiltRuleAssetSavedObjects, @@ -15,8 +15,8 @@ import { deleteAllPrebuiltRuleAssets, installPrebuiltRules, parseNdJson, -} from '../../../../../utils'; -import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; +} from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); @@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI Prebuilt rule export - feature disabled', () => { + describe('@ess @serverless @skipInServerlessMKI Prebuilt rules export', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/index.ts similarity index 69% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/index.ts index 8a43cdafeb3e..7be3a406d048 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/index.ts @@ -8,7 +8,5 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Large Prebuilt Rules Package', function () { - loadTestFile(require.resolve('./install_large_prebuilt_rules_package')); - }); + loadTestFile(require.resolve('./export_prebuilt_rules')); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/index.ts new file mode 100644 index 000000000000..55c615a11c89 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/index.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + describe('Rules Management - Prebuilt Rules - Prebuilt Rule (Customization Disabled)', function () { + this.tags('skipFIPS'); + loadTestFile(require.resolve('./customization')); + loadTestFile(require.resolve('./import_export')); + loadTestFile(require.resolve('./upgrade_prebuilt_rules')); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/index.ts similarity index 60% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/index.ts index fdc218eed10d..8d96ac6c1f4f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/index.ts @@ -7,8 +7,6 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Prebuilt rule export', function () { - loadTestFile(require.resolve('./export_prebuilt_rules_feature_enabled')); - }); -} +export default ({ loadTestFile }: FtrProviderContext): void => { + loadTestFile(require.resolve('./upgrade_prebuilt_rules')); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/upgrade_perform_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/upgrade_prebuilt_rules.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/upgrade_perform_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/upgrade_prebuilt_rules.ts index 26362f7b8faa..7247f7de8d37 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/upgrade_perform_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/upgrade_prebuilt_rules.ts @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI Perform Prebuilt Rule Upgrades - Customization Disabled', () => { + describe('@ess @serverless @skipInServerlessMKI Upgrade prebuilt rules', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts similarity index 78% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts index a4b57fbb77ea..b1534cd74806 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../config/ess/config.base.trial') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Integration Tests - ESS Env', + 'Rules Management - Prebuilt Rules (Customization Enabled) Integration Tests - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/serverless.config.ts similarity index 66% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/serverless.config.ts index e9d65f209eb7..662cae940c71 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/serverless.config.ts @@ -5,12 +5,12 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; +import { createTestConfig } from '../../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Integration Tests - Serverless Env', + 'Rules Management - Prebuilt Rules (Customization Enabled) Integration Tests - Serverless Env', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts new file mode 100644 index 000000000000..38f75baaed2b --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts @@ -0,0 +1,199 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { + BulkActionEditTypeEnum, + BulkActionTypeEnum, +} from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, + deleteAllPrebuiltRuleAssets, + installPrebuiltRules, +} from '../../../../utils'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const supertest = getService('supertest'); + const securitySolutionApi = getService('securitySolutionApi'); + const log = getService('log'); + + const ruleAsset = createRuleAssetSavedObject({ + rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19', + tags: ['test-tag'], + }); + + describe('@ess @serverless @skipInServerlessMKI Calculate "is_customized"', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it('sets "is_customized" to true on bulk prebuilt rule modification', async () => { + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body: findResult } = await securitySolutionApi + .findRules({ + query: { + per_page: 1, + filter: `alert.attributes.params.immutable: true`, + }, + }) + .expect(200); + const prebuiltRule = findResult.data[0]; + expect(prebuiltRule).toBeDefined(); + expect(prebuiltRule.rule_source.is_customized).toEqual(false); + + const { body: bulkResult } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type: BulkActionEditTypeEnum.add_tags, + value: ['new-tag'], + }, + ], + }, + }) + .expect(200); + + expect(bulkResult.attributes.summary).toEqual({ + failed: 0, + skipped: 0, + succeeded: 1, + total: 1, + }); + expect(bulkResult.attributes.results.updated[0].rule_source.is_customized).toEqual(true); + }); + + it('leaves "is_customized" intact if the change has been skipped', async () => { + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body: findResult } = await securitySolutionApi + .findRules({ + query: { + per_page: 1, + filter: `alert.attributes.params.immutable: true`, + }, + }) + .expect(200); + const prebuiltRule = findResult.data[0]; + expect(prebuiltRule).toBeDefined(); + expect(prebuiltRule.rule_source.is_customized).toEqual(false); + + const { body: bulkResult } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type: BulkActionEditTypeEnum.add_tags, + // This tag is already present on the rule, so the change will be skipped + value: [prebuiltRule.tags[0]], + }, + ], + }, + }) + .expect(200); + + expect(bulkResult.attributes.summary).toEqual({ + failed: 0, + skipped: 1, + succeeded: 0, + total: 1, + }); + + // Check that the rule has not been customized + const { body: findResultAfter } = await securitySolutionApi + .findRules({ + query: { + per_page: 1, + filter: `alert.attributes.params.immutable: true`, + }, + }) + .expect(200); + expect(findResultAfter.data[0].rule_source.is_customized).toEqual(false); + }); + + it('sets "is_customized" to false if the change has been reverted', async () => { + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body: findResult } = await securitySolutionApi + .findRules({ + query: { + per_page: 1, + filter: `alert.attributes.params.immutable: true`, + }, + }) + .expect(200); + const prebuiltRule = findResult.data[0]; + expect(prebuiltRule).toBeDefined(); + expect(prebuiltRule.rule_source.is_customized).toEqual(false); + + // Add a tag to the rule + const { body: bulkResult } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type: BulkActionEditTypeEnum.add_tags, + value: ['new-tag'], + }, + ], + }, + }) + .expect(200); + + expect(bulkResult.attributes.summary).toEqual({ + failed: 0, + skipped: 0, + succeeded: 1, + total: 1, + }); + + // Remove the added tag + const { body: revertResult } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type: BulkActionEditTypeEnum.delete_tags, + value: ['new-tag'], + }, + ], + }, + }) + .expect(200); + + expect(revertResult.attributes.summary).toEqual({ + failed: 0, + skipped: 0, + succeeded: 1, + total: 1, + }); + + expect(revertResult.attributes.results.updated[0].rule_source.is_customized).toEqual(false); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rule_customization.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts similarity index 99% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rule_customization.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts index 05eb432698b1..d1b431898b1c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rule_customization.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts @@ -29,7 +29,7 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule_1', }); - describe('@ess @serverless @skipInServerlessMKI rule customization', () => { + describe('@ess @serverless @skipInServerlessMKI Customize prebuilt rules', () => { before(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); @@ -389,7 +389,7 @@ export default ({ getService }: FtrProviderContext): void => { it('data_view_id field', async () => { const { body } = await securitySolutionApi .patchRule({ - body: { rule_id: 'rule_1', data_view_id: 'new-data-view', index: undefined }, + body: { rule_id: 'rule_1', data_view_id: 'new-data-view', index: [] }, }) .expect(200); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts new file mode 100644 index 000000000000..208986ba0d45 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts @@ -0,0 +1,106 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { + BulkActionTypeEnum, + BulkActionEditTypeEnum, + BulkActionEditPayload, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { deleteAllPrebuiltRuleAssets, installMockPrebuiltRules } from '../../../../utils'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ getService }: FtrProviderContext): void => { + const supertest = getService('supertest'); + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerless Customize via bulk editing', () => { + before(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + const bulkEditingCases = [ + { + type: BulkActionEditTypeEnum.add_tags, + value: ['new-tag'], + }, + { + type: BulkActionEditTypeEnum.set_tags, + value: ['new-tag'], + }, + { + type: BulkActionEditTypeEnum.delete_tags, + value: ['test-tag'], + }, + { + type: BulkActionEditTypeEnum.delete_index_patterns, + // Testing index pattern removal requires as minimum of two index patterns + // to have a valid rule after the edit. + value: ['index-1'], + }, + { + type: BulkActionEditTypeEnum.add_index_patterns, + value: ['test-*'], + }, + { + type: BulkActionEditTypeEnum.set_index_patterns, + value: ['test-*'], + }, + { + type: BulkActionEditTypeEnum.set_timeline, + value: { timeline_id: 'mock-id', timeline_title: 'mock-title' }, + }, + { + type: BulkActionEditTypeEnum.set_schedule, + value: { interval: '1m', lookback: '1m' }, + }, + ]; + + bulkEditingCases.forEach(({ type, value }) => { + it(`applies "${type}" bulk edit action to prebuilt rules`, async () => { + await installMockPrebuiltRules(supertest, es); + + const { + body: { + data: [prebuiltRule], + }, + } = await securitySolutionApi.findRules({ + query: { + filter: 'alert.attributes.params.immutable: true', + per_page: 1, + }, + }); + + const { body } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type, + value, + } as BulkActionEditPayload, + ], + }, + }) + .expect(200); + + expect(body).toMatchObject({ + success: true, + rules_count: 1, + }); + expect(body.attributes.summary).toMatchObject({ succeeded: 1, total: 1 }); + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/index.ts new file mode 100644 index 000000000000..645e840fbf14 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + loadTestFile(require.resolve('./calculate_is_customized')); + loadTestFile(require.resolve('./customize_prebuilt_rules')); + loadTestFile(require.resolve('./customize_via_bulk_editing')); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rules_export.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/export_prebuilt_rules.ts similarity index 77% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rules_export.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/export_prebuilt_rules.ts index 729bd7849cd0..c2ca11de4d63 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rules_export.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/export_prebuilt_rules.ts @@ -39,13 +39,13 @@ export default ({ getService }: FtrProviderContext): void => { * This test suite is skipped in Serverless MKI environments due to reliance on the * feature flag for prebuilt rule customization. */ - describe('@ess @serverless @skipInServerlessMKI Exporting Rules with Prebuilt Rule Customization', () => { + describe('@ess @serverless @skipInServerlessMKI Export prebuilt rules', () => { beforeEach(async () => { await deleteAllPrebuiltRuleAssets(es, log); await deleteAllRules(supertest, log); }); - it('exports a set of custom installed rules via the _export API', async () => { + it('exports a set of custom rules via the _export API', async () => { await Promise.all([ securitySolutionApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) }) @@ -98,7 +98,7 @@ export default ({ getService }: FtrProviderContext): void => { await installPrebuiltRules(es, supertest); }); - it('exports a set of prebuilt installed rules via the _export API', async () => { + it('exports a set of non-customized prebuilt rules via the _export API', async () => { const { body: exportResult } = await securitySolutionApi .exportRules({ query: {}, body: null }) .expect(200) @@ -124,17 +124,18 @@ export default ({ getService }: FtrProviderContext): void => { }), ]) ); + }); - const [firstExportedRule, secondExportedRule] = parsedExportResult as Array<{ - id: string; - rule_id: string; - }>; + it('exports a set of customized prebuilt rules via the _export API', async () => { + const { + body: { data: rules }, + } = await securitySolutionApi.findRules({ query: {} }).expect(200); const { body: bulkEditResult } = await securitySolutionApi .performRulesBulkAction({ query: {}, body: { - ids: [firstExportedRule.id], + ids: [rules[0].id], action: BulkActionTypeEnum.edit, [BulkActionTypeEnum.edit]: [ { @@ -164,14 +165,14 @@ export default ({ getService }: FtrProviderContext): void => { expect(parseNdJson(secondExportResult)).toEqual( expect.arrayContaining([ expect.objectContaining({ - rule_id: firstExportedRule.rule_id, + rule_id: rules[0].rule_id, rule_source: { type: 'external', is_customized: true, }, }), expect.objectContaining({ - rule_id: secondExportedRule.rule_id, + rule_id: rules[1].rule_id, rule_source: { type: 'external', is_customized: false, @@ -181,7 +182,7 @@ export default ({ getService }: FtrProviderContext): void => { ); }); - it('exports a set of custom and prebuilt installed rules via the _export API', async () => { + it('exports a set of custom and prebuilt rules via the _export API', async () => { await Promise.all([ securitySolutionApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) }) @@ -276,7 +277,74 @@ export default ({ getService }: FtrProviderContext): void => { ); }); - it('exports a set of custom and prebuilt installed rules via the bulk_actions API', async () => { + it('exports all prebuilt rules via _export API', async () => { + const { body } = await securitySolutionApi + .exportRules({ query: {}, body: null }) + .expect(200) + .parse(binaryToString); + + const exportJson = parseNdJson(body); + + expect(exportJson).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + rule_id: ruleAssets[0]['security-rule'].rule_id, + rule_source: { + type: 'external', + is_customized: false, + }, + }), + expect.objectContaining({ + rule_id: ruleAssets[1]['security-rule'].rule_id, + rule_source: { + type: 'external', + is_customized: false, + }, + }), + ]) + ); + + const exportStats = exportJson.at(-1); + + expect(exportStats).toMatchObject({ + exported_rules_count: 2, + missing_rules: [], + }); + }); + + it('exports a set of prebuilt rules via the bulk_actions API', async () => { + const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); + + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const findResponse = await securitySolutionApi.findRules({ query: {} }); + const installedRule = findResponse.body.data[0]; + + const { body } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] }, + }) + .expect(200) + .parse(binaryToString); + + const [ruleJson, exportDetailsJson] = parseNdJson(body); + + expect(ruleJson).toMatchObject({ + id: installedRule.id, + rule_source: { + type: 'external', + is_customized: false, + }, + }); + + expect(exportDetailsJson).toMatchObject({ + missing_rules: [], + }); + }); + + it('exports a set of custom and prebuilt rules via the bulk_actions API', async () => { await Promise.all([ securitySolutionApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/import_prebuilt_rules.ts similarity index 88% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/import_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/import_prebuilt_rules.ts index 898ccc676dc1..a9de62eedd26 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/import_prebuilt_rules.ts @@ -47,7 +47,7 @@ export default ({ getService }: FtrProviderContext): void => { ); const prebuiltRuleIds = [...new Set(prebuiltRules.map((rule) => rule.rule_id))]; - describe('@ess @serverless @skipInServerlessMKI import_rules', () => { + describe('@ess @serverless @skipInServerlessMKI Import prebuilt rules', () => { before(async () => { await deleteAllPrebuiltRuleAssets(es, log); await createHistoricalPrebuiltRuleAssetSavedObjects( @@ -318,6 +318,7 @@ export default ({ getService }: FtrProviderContext): void => { expect.objectContaining({ rule_id: 'rule-1', version: 2, + name: 'Customized prebuilt rule', rule_source: { type: 'external', is_customized: true }, immutable: true, }), @@ -331,6 +332,53 @@ export default ({ getService }: FtrProviderContext): void => { ); }); + it('accepts rules with "immutable: true"', async () => { + const rule = getCustomQueryRuleParams({ + rule_id: 'rule-immutable', + // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} + immutable: true, + }); + + const { body } = await importRules([rule]); + + expect(body).toMatchObject({ + success: true, + }); + }); + + it('allows (but ignores) rules with a value for rule_source', async () => { + const rule = getCustomQueryRuleParams({ + rule_id: 'with-rule-source', + // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} + rule_source: { + type: 'ignored', + }, + }); + + const { body } = await importRules([rule]); + + expect(body).toMatchObject({ + success: true, + success_count: 1, + }); + + const importedRule = await fetchRule(supertest, { ruleId: 'with-rule-source' }); + + expect(importedRule.rule_source).toMatchObject({ type: 'internal' }); + }); + + it('rejects rules without a rule_id', async () => { + const rule = getCustomQueryRuleParams({}); + delete rule.rule_id; + + const { body } = await importRules([rule]); + + expect(body.errors).toHaveLength(1); + expect(body.errors[0]).toMatchObject({ + error: { message: 'rule_id: Required', status_code: 400 }, + }); + }); + // TODO: Fix the test setup https://github.com/elastic/kibana/pull/206893#discussion_r1966170712 it.skip('imports prebuilt rules when the rules package is not installed', async () => { await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService }); // First we delete the rule package diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/index.ts new file mode 100644 index 000000000000..762350fb52f1 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/index.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + loadTestFile(require.resolve('./export_prebuilt_rules')); + loadTestFile(require.resolve('./import_prebuilt_rules')); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/index.ts new file mode 100644 index 000000000000..79f64ffedb21 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/index.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + describe('Rules Management - Prebuilt Rules (Customization Enabled)', function () { + loadTestFile(require.resolve('./customization')); + loadTestFile(require.resolve('./import_export')); + loadTestFile(require.resolve('./install_prebuilt_rules')); + loadTestFile(require.resolve('./status')); + loadTestFile(require.resolve('./upgrade_prebuilt_rules')); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/index.ts new file mode 100644 index 000000000000..9f65c6a218cb --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/index.ts @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + loadTestFile(require.resolve('./install_mocked_prebuilt_rule_assets')); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules_with_historical_versions.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts similarity index 50% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules_with_historical_versions.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts index 20f27e5a3de1..bf14bd4033b2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules_with_historical_versions.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts @@ -4,12 +4,14 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ + import expect from 'expect'; import { FtrProviderContext } from '../../../../../../ftr_provider_context'; import { deleteAllTimelines, deleteAllPrebuiltRuleAssets, createRuleAssetSavedObject, + createPrebuiltRuleAssetSavedObjects, installPrebuiltRulesAndTimelines, getPrebuiltRulesAndTimelinesStatus, createHistoricalPrebuiltRuleAssetSavedObjects, @@ -26,41 +28,135 @@ export default ({ getService }: FtrProviderContext): void => { const log = getService('log'); const securitySolutionApi = getService('securitySolutionApi'); - describe('@ess @serverless @skipInServerlessMKI install prebuilt rules from package with historical versions with mock rule assets', () => { - const getRuleAssetSavedObjects = () => [ - createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), - createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }), - ]; - const RULES_COUNT = 2; - + describe('@ess @serverless @skipInServerlessMKI Install from mocked prebuilt rule assets', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllTimelines(es, log); await deleteAllPrebuiltRuleAssets(es, log); }); - describe('using legacy endpoint', () => { + describe('without historical versions', () => { + const getRuleAssetSavedObjects = () => [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-3', version: 3 }), + createRuleAssetSavedObject({ rule_id: 'rule-4', version: 4 }), + ]; + const RULES_COUNT = getRuleAssetSavedObjects().length; + + it('installs prebuilt rules', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await installPrebuiltRules(es, supertest); + + expect(body.summary.succeeded).toBe(RULES_COUNT); + expect(body.summary.failed).toBe(0); + expect(body.summary.skipped).toBe(0); + }); + + it('installs correct prebuilt rule versions', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await installPrebuiltRules(es, supertest); + + // Check that all prebuilt rules were actually installed and their versions match the latest + expect(body.results.created).toEqual( + expect.arrayContaining([ + expect.objectContaining({ rule_id: 'rule-1', version: 1 }), + expect.objectContaining({ rule_id: 'rule-2', version: 2 }), + expect.objectContaining({ rule_id: 'rule-3', version: 3 }), + expect.objectContaining({ rule_id: 'rule-4', version: 4 }), + ]) + ); + }); + + it('installs missing prebuilt rules', async () => { + // Install all prebuilt detection rules + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRules(es, supertest); + + // Delete one of the installed rules + await deleteRule(supertest, 'rule-1'); + + // Check that one prebuilt rule is missing + const statusResponse = await getPrebuiltRulesStatus(es, supertest); + expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1); + + // Call the install prebuilt rules again and check that the missing rule was installed + const response = await installPrebuiltRules(es, supertest); + expect(response.summary.succeeded).toBe(1); + }); + + describe('legacy (PUT /api/detection_engine/rules/prepackaged)', () => { + it('installs prebuilt rules', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await installPrebuiltRulesAndTimelines(es, supertest); + + expect(body.rules_installed).toBe(RULES_COUNT); + expect(body.rules_updated).toBe(0); + }); + + it('installs correct prebuilt rule versions', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(es, supertest); + + // Get installed rules + const rulesResponse = await getInstalledRules(supertest); + + // Check that all prebuilt rules were actually installed and their versions match the latest + expect(rulesResponse.total).toBe(RULES_COUNT); + expect(rulesResponse.data).toEqual( + expect.arrayContaining([ + expect.objectContaining({ rule_id: 'rule-1', version: 1 }), + expect.objectContaining({ rule_id: 'rule-2', version: 2 }), + expect.objectContaining({ rule_id: 'rule-3', version: 3 }), + expect.objectContaining({ rule_id: 'rule-4', version: 4 }), + ]) + ); + }); + + it('installs missing prebuilt rules', async () => { + // Install all prebuilt detection rules + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(es, supertest); + + // Delete one of the installed rules + await deleteRule(supertest, 'rule-1'); + + // Check that one prebuilt rule is missing + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); + expect(statusResponse.rules_not_installed).toBe(1); + + // Call the install prebuilt rules again and check that the missing rule was installed + const response = await installPrebuiltRulesAndTimelines(es, supertest); + expect(response.rules_installed).toBe(1); + expect(response.rules_updated).toBe(0); + }); + }); + }); + + describe('with historical versions', () => { + const getRuleAssetSavedObjects = () => [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }), + ]; + const RULES_COUNT = 2; + it('should install prebuilt rules', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRulesAndTimelines(es, supertest); + const body = await installPrebuiltRules(es, supertest); - expect(body.rules_installed).toBe(RULES_COUNT); - expect(body.rules_updated).toBe(0); + expect(body.summary.succeeded).toBe(RULES_COUNT); }); it('should install correct prebuilt rule versions', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(es, supertest); - - // Get installed rules - const rulesResponse = await getInstalledRules(supertest); + const response = await installPrebuiltRules(es, supertest); // Check that all prebuilt rules were actually installed and their versions match the latest - expect(rulesResponse.total).toBe(RULES_COUNT); - expect(rulesResponse.data).toEqual( + expect(response.summary.succeeded).toBe(RULES_COUNT); + expect(response.results.created).toEqual( expect.arrayContaining([ expect.objectContaining({ rule_id: 'rule-1', version: 2 }), expect.objectContaining({ rule_id: 'rule-2', version: 3 }), @@ -71,37 +167,37 @@ export default ({ getService }: FtrProviderContext): void => { it('should not install prebuilt rules if they are up to date', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(es, supertest); + await installPrebuiltRules(es, supertest); // Check that all prebuilt rules were installed - const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); - expect(statusResponse.rules_not_installed).toBe(0); + const statusResponse = await getPrebuiltRulesStatus(es, supertest); + expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(0); // Call the install prebuilt rules again and check that no rules were installed - const response = await installPrebuiltRulesAndTimelines(es, supertest); - expect(response.rules_installed).toBe(0); - expect(response.rules_updated).toBe(0); + const response = await installPrebuiltRules(es, supertest); + expect(response.summary.succeeded).toBe(0); + expect(response.summary.total).toBe(0); }); it('should install missing prebuilt rules', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(es, supertest); + await installPrebuiltRules(es, supertest); // Delete one of the installed rules await deleteRule(supertest, 'rule-1'); // Check that one prebuilt rule is missing - const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); - expect(statusResponse.rules_not_installed).toBe(1); + const statusResponse = await getPrebuiltRulesStatus(es, supertest); + expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1); // Call the install prebuilt rules endpoint again and check that the missing rule was installed - const response = await installPrebuiltRulesAndTimelines(es, supertest); - expect(response.rules_installed).toBe(1); - expect(response.rules_updated).toBe(0); + const response = await installPrebuiltRules(es, supertest); + expect(response.summary.succeeded).toBe(1); + expect(response.summary.total).toBe(1); }); - it('should not overwrite existing actions', async () => { + it('should NOT overwrite existing actions', async () => { // Install prebuilt detection rule await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), @@ -156,7 +252,7 @@ export default ({ getService }: FtrProviderContext): void => { ]); }); - it('should not overwrite existing exceptions lists', async () => { + it('should NOT overwrite existing exceptions lists', async () => { // Install prebuilt detection rule await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), @@ -203,61 +299,65 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); }); - }); - describe('using current endpoint', () => { - it('should install prebuilt rules', async () => { - await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRules(es, supertest); + describe('legacy (PUT /api/detection_engine/rules/prepackaged)', () => { + it('should install prebuilt rules', async () => { + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await installPrebuiltRulesAndTimelines(es, supertest); - expect(body.summary.succeeded).toBe(RULES_COUNT); - }); + expect(body.rules_installed).toBe(RULES_COUNT); + expect(body.rules_updated).toBe(0); + }); - it('should install correct prebuilt rule versions', async () => { - await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const response = await installPrebuiltRules(es, supertest); + it('should install correct prebuilt rule versions', async () => { + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(es, supertest); - // Check that all prebuilt rules were actually installed and their versions match the latest - expect(response.summary.succeeded).toBe(RULES_COUNT); - expect(response.results.created).toEqual( - expect.arrayContaining([ - expect.objectContaining({ rule_id: 'rule-1', version: 2 }), - expect.objectContaining({ rule_id: 'rule-2', version: 3 }), - ]) - ); - }); + // Get installed rules + const rulesResponse = await getInstalledRules(supertest); - it('should not install prebuilt rules if they are up to date', async () => { - // Install all prebuilt detection rules - await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(es, supertest); + // Check that all prebuilt rules were actually installed and their versions match the latest + expect(rulesResponse.total).toBe(RULES_COUNT); + expect(rulesResponse.data).toEqual( + expect.arrayContaining([ + expect.objectContaining({ rule_id: 'rule-1', version: 2 }), + expect.objectContaining({ rule_id: 'rule-2', version: 3 }), + ]) + ); + }); - // Check that all prebuilt rules were installed - const statusResponse = await getPrebuiltRulesStatus(es, supertest); - expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(0); + it('should not install prebuilt rules if they are up to date', async () => { + // Install all prebuilt detection rules + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(es, supertest); - // Call the install prebuilt rules again and check that no rules were installed - const response = await installPrebuiltRules(es, supertest); - expect(response.summary.succeeded).toBe(0); - expect(response.summary.total).toBe(0); - }); + // Check that all prebuilt rules were installed + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); + expect(statusResponse.rules_not_installed).toBe(0); - it('should install missing prebuilt rules', async () => { - // Install all prebuilt detection rules - await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(es, supertest); + // Call the install prebuilt rules again and check that no rules were installed + const response = await installPrebuiltRulesAndTimelines(es, supertest); + expect(response.rules_installed).toBe(0); + expect(response.rules_updated).toBe(0); + }); - // Delete one of the installed rules - await deleteRule(supertest, 'rule-1'); + it('should install missing prebuilt rules', async () => { + // Install all prebuilt detection rules + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(es, supertest); - // Check that one prebuilt rule is missing - const statusResponse = await getPrebuiltRulesStatus(es, supertest); - expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1); + // Delete one of the installed rules + await deleteRule(supertest, 'rule-1'); - // Call the install prebuilt rules endpoint again and check that the missing rule was installed - const response = await installPrebuiltRules(es, supertest); - expect(response.summary.succeeded).toBe(1); - expect(response.summary.total).toBe(1); + // Check that one prebuilt rule is missing + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); + expect(statusResponse.rules_not_installed).toBe(1); + + // Call the install prebuilt rules endpoint again and check that the missing rule was installed + const response = await installPrebuiltRulesAndTimelines(es, supertest); + expect(response.rules_installed).toBe(1); + expect(response.rules_updated).toBe(0); + }); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts similarity index 70% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts index e50aff79a7b4..b8b6d36ec10e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts @@ -8,23 +8,14 @@ import { FtrConfigProviderContext } from '@kbn/test'; import path from 'path'; -export const BUNDLED_PACKAGE_DIR = path.join( - path.dirname(__filename), - './../fleet_bundled_packages/fixtures' -); +export const BUNDLED_PACKAGE_DIR = path.join(path.dirname(__filename), './../fixtures/packages'); export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); + const functionalConfig = await readConfigFile(require.resolve('../../../configs/ess.config')); return { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Bundled Prebuilt Rules Integration Tests - ESS Env - Trial License', - }, kbnTestServer: { ...functionalConfig.get('kbnTestServer'), serverArgs: [ @@ -33,7 +24,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { * To do that, we point the Fleet url to an invalid URL, and instruct Fleet to fetch bundled packages at the * location defined in BUNDLED_PACKAGE_DIR. */ - `--xpack.fleet.registryUrl=http://invalidURL:8080`, + `--xpack.fleet.isAirGapped=true`, `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`, ], }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts similarity index 66% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts index d4ef8795c889..0e30ec517592 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts @@ -10,21 +10,15 @@ import path from 'path'; export const BUNDLED_PACKAGE_DIR = path.join( path.dirname(__filename), - './../fleet_bundled_packages/fixtures' + './../fixtures/packages/large' ); export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); + const functionalConfig = await readConfigFile(require.resolve('../../../configs/ess.config')); return { ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Large Prebuilt Rules Package Integration Tests - ESS Env - Trial License', - }, + testFiles: [require.resolve('../install_large_bundled_package')], kbnTestServer: { ...functionalConfig.get('kbnTestServer'), serverArgs: [ @@ -35,15 +29,9 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { * Since we want to test the installation of a large package, we created a specific package `security_detection_engine-100.0.0` * which contains 15000 rules assets and 750 unique rules, and attempt to install it. */ - `--xpack.fleet.registryUrl=http://invalidURL:8080`, + `--xpack.fleet.isAirGapped=true`, `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`, ], - env: { - /* Limit the heap memory to the lowest amount with which Kibana doesn't crash with an out of memory error - * when installing the large package. - */ - NODE_OPTIONS: '--max-old-space-size=800', - }, }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-100.0.0.zip b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/large/security_detection_engine-100.0.0.zip similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-100.0.0.zip rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/large/security_detection_engine-100.0.0.zip diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.0.zip b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/security_detection_engine-99.0.0.zip similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.0.zip rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/security_detection_engine-99.0.0.zip diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.1-beta.1.zip b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/security_detection_engine-99.0.1-beta.1.zip similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.1-beta.1.zip rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/security_detection_engine-99.0.1-beta.1.zip diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/index.ts new file mode 100644 index 000000000000..888e27843cc1 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + describe('Air-gapped environment with pre-bundled packages', () => { + loadTestFile(require.resolve('./install_bundled_package')); + loadTestFile(require.resolve('./prerelease_packages')); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/install_latest_bundled_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_bundled_package.ts similarity index 92% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/install_latest_bundled_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_bundled_package.ts index fa2adc20d415..5f2543b3af61 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/install_latest_bundled_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_bundled_package.ts @@ -4,6 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ + import fs from 'fs/promises'; import path from 'path'; import { REPO_ROOT } from '@kbn/repo-info'; @@ -11,13 +12,14 @@ import JSON5 from 'json5'; import expect from 'expect'; import { PackageSpecManifest } from '@kbn/fleet-plugin/common'; import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; import { deleteAllPrebuiltRuleAssets, getPrebuiltRulesStatus, installPrebuiltRulesPackageByVersion, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +} from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; + export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); @@ -31,7 +33,7 @@ export default ({ getService }: FtrProviderContext): void => { /* from a package that was bundled with Kibana */ // // FLAKY: https://github.com/elastic/kibana/issues/180087 - describe.skip('@ess @serverless @skipInServerlessMKI install_bundled_prebuilt_rules', () => { + describe.skip('@ess @serverless @skipInServerlessMKI Install bundled package', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/install_large_prebuilt_rules_package.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_large_bundled_package.ts similarity index 86% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/install_large_prebuilt_rules_package.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_large_bundled_package.ts index 29ca3eea3023..118418105612 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/install_large_prebuilt_rules_package.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_large_bundled_package.ts @@ -5,20 +5,20 @@ * 2.0. */ import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; import { deleteAllPrebuiltRuleAssets, getPrebuiltRulesAndTimelinesStatus, installPrebuiltRulesAndTimelines, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +} from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI install_large_prebuilt_rules_package', () => { + describe('@ess @serverless @skipInServerlessMKI Install large bundled package', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/prerelease_packages.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/prerelease_packages.ts similarity index 92% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/prerelease_packages.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/prerelease_packages.ts index 9f7809b16b98..f7116cc9fae3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/prerelease_packages.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/prerelease_packages.ts @@ -4,9 +4,9 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import expect from 'expect'; +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; import { deleteAllPrebuiltRuleAssets, deletePrebuiltRulesFleetPackage, @@ -15,8 +15,8 @@ import { getPrebuiltRulesStatus, installPrebuiltRules, installPrebuiltRulesPackageViaFleetAPI, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +} from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); @@ -31,14 +31,14 @@ export default ({ getService }: FtrProviderContext): void => { /* (We use high mock version numbers to prevent clashes with real packages downloaded in other tests.) /* To do assertions on which packages have been installed, 99.0.0 has a single rule to install, /* while 99.0.1-beta.1 has 2 rules to install. Also, both packages have the version as part of the rule names. */ - describe('@ess @serverless @skipInServerlessMKI prerelease_packages', () => { + describe('@ess @serverless @skipInServerlessMKI Prerelease packages', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService }); }); - it('should install latest stable version and ignore prerelease packages', async () => { + it('installs the latest stable version ignoring prerelease packages', async () => { // Verify that status is empty before package installation const statusBeforePackageInstallation = await getPrebuiltRulesStatus(es, supertest); expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_installed).toBe(0); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/bootstrap_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/bootstrap_prebuilt_rules.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/bootstrap_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/bootstrap_prebuilt_rules.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/index.ts similarity index 63% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/index.ts index faeda80e35f7..22f521dedfe3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/index.ts @@ -8,8 +8,9 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Bundled Prebuilt Rules Package', function () { - loadTestFile(require.resolve('./install_latest_bundled_prebuilt_rules')); - loadTestFile(require.resolve('./prerelease_packages')); + describe('Prebuilt rules package', function () { + loadTestFile(require.resolve('./bootstrap_prebuilt_rules')); + loadTestFile(require.resolve('./install_package_from_epr')); + loadTestFile(require.resolve('./update_package')); }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/fleet_integration.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/install_package_from_epr.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/fleet_integration.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/install_package_from_epr.ts index 291ed2d7ea51..839ff86695a8 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/fleet_integration.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/install_package_from_epr.ts @@ -22,7 +22,7 @@ export default ({ getService }: FtrProviderContext): void => { const log = getService('log'); const retryService = getService('retry'); - describe('@ess @serverless @skipInServerlessMKI install_prebuilt_rules_from_real_package', () => { + describe('@ess @serverless @skipInServerlessMKI Install prebuilt rules from EPR', () => { beforeEach(async () => { await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService }); await deleteAllRules(supertest, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/update_prebuilt_rules_package.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/update_package.ts similarity index 99% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/update_prebuilt_rules_package.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/update_package.ts index d0c2e673924e..2f4be45735ac 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/update_prebuilt_rules_package.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/update_package.ts @@ -61,7 +61,7 @@ export default ({ getService }: FtrProviderContext): void => { return getPackageResponse.body.item.version ?? ''; }; - describe('@ess @serverless @skipInServerlessMKI update_prebuilt_rules_package', () => { + describe('@ess @serverless @skipInServerlessMKI Update package', () => { before(async () => { const configFilePath = path.resolve(REPO_ROOT, 'fleet_packages.json'); const fleetPackages = await fs.readFile(configFilePath, 'utf8'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_rules_status.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/get_prebuilt_rules_status.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_rules_status.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/get_prebuilt_rules_status.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/index.ts new file mode 100644 index 000000000000..3421e5cdaef5 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/index.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + loadTestFile(require.resolve('./get_prebuilt_rules_status')); + loadTestFile(require.resolve('./legacy/get_prebuilt_timelines_status')); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_timelines_status.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/legacy/get_prebuilt_timelines_status.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_timelines_status.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/legacy/get_prebuilt_timelines_status.ts index d7f368d7f69a..faad7a173ffb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_timelines_status.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/legacy/get_prebuilt_timelines_status.ts @@ -6,12 +6,12 @@ */ import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; import { deleteAllTimelines, getPrebuiltRulesAndTimelinesStatus, installPrebuiltRulesAndTimelines, -} from '../../../../utils'; +} from '../../../../../utils'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts index 7f03101502f6..e37b09e9f2fb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts @@ -7,11 +7,12 @@ import expect from 'expect'; import { ModeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { setUpRuleUpgrade } from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { performUpgradePrebuiltRules } from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { setUpRuleUpgrade } from '../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { deleteAllPrebuiltRuleAssets, performUpgradePrebuiltRules } from '../../../../utils'; -export function bulkUpgradeAllPrebuiltRules({ getService }: FtrProviderContext): void { +export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); @@ -21,7 +22,12 @@ export function bulkUpgradeAllPrebuiltRules({ getService }: FtrProviderContext): log, }; - describe('all rules', () => { + describe('@ess @serverless @skipInServerlessMKI Bulk upgrade all prebuilt rules', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + describe('with historical versions', () => { const TEST_DATA = [ { pickVersion: 'BASE', expectedTags: ['tagA'] }, @@ -365,4 +371,4 @@ export function bulkUpgradeAllPrebuiltRules({ getService }: FtrProviderContext): } }); }); -} +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts index fc2f083a180e..003d188e9439 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts @@ -7,11 +7,12 @@ import expect from 'expect'; import { ModeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { setUpRuleUpgrade } from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { performUpgradePrebuiltRules } from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { setUpRuleUpgrade } from '../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { deleteAllPrebuiltRuleAssets, performUpgradePrebuiltRules } from '../../../../utils'; -export function bulkUpgradeSelectedPrebuiltRules({ getService }: FtrProviderContext): void { +export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); @@ -21,7 +22,12 @@ export function bulkUpgradeSelectedPrebuiltRules({ getService }: FtrProviderCont log, }; - describe('selected rules', () => { + describe('@ess @serverless @skipInServerlessMKI Bulk upgrade selected prebuilt rules', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + describe('with historical versions', () => { describe('without customizations', () => { beforeEach(async () => { @@ -500,4 +506,4 @@ export function bulkUpgradeSelectedPrebuiltRules({ getService }: FtrProviderCont } }); }); -} +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/alert_suppression.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/alert_suppression.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/alert_suppression.ts index 9b6fad04aeb7..f30086e032a4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/alert_suppression.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/alert_suppression.ts @@ -16,7 +16,7 @@ import { export function alertSuppressionField({ getService }: FtrProviderContext): void { describe('"alert_suppression"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/building_block.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/building_block.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/building_block.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/building_block.ts index a86153371dc2..3fe12ae8faeb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/building_block.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/building_block.ts @@ -16,7 +16,7 @@ import { export function buildingBlockField({ getService }: FtrProviderContext): void { describe('"building_block"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/ess.config.ts similarity index 84% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/ess.config.ts index 3ebc09e11f2f..5ff527858c70 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/ess.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../../../../config/ess/config.base.trial.ts') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - ESS Env', + 'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/serverless.config.ts similarity index 80% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/serverless.config.ts index 691330c33c12..67a22e55ca11 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - Serverless Env', + 'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - Serverless Env', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/data_source.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/data_source.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/data_source.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/data_source.ts index e2890febe732..6c88e67a8243 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/data_source.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/data_source.ts @@ -19,7 +19,7 @@ import { export function dataSourceField({ getService }: FtrProviderContext): void { describe('"data_source" with index patterns', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -55,7 +55,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -106,7 +106,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -160,7 +160,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -213,7 +213,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -265,7 +265,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -304,7 +304,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -357,7 +357,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { }); describe('"data_source" with data view', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -393,7 +393,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -444,7 +444,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -498,7 +498,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -551,7 +551,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -597,7 +597,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -636,7 +636,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/description.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/description.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/description.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/description.ts index 3f06b6e6e8bb..fdf03ad7c233 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/description.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/description.ts @@ -16,7 +16,7 @@ import { export function descriptionField({ getService }: FtrProviderContext): void { describe('"description"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -99,7 +99,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -155,7 +155,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -205,7 +205,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -251,7 +251,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -287,7 +287,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/false_positives.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/false_positives.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/false_positives.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/false_positives.ts index 74ff45fae6b3..50a731562844 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/false_positives.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/false_positives.ts @@ -16,7 +16,7 @@ import { export function falsePositivesField({ getService }: FtrProviderContext): void { describe('"false_positives"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/investigation_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/investigation_fields.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/investigation_fields.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/investigation_fields.ts index afed997049eb..ff911c332078 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/investigation_fields.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/investigation_fields.ts @@ -16,7 +16,7 @@ import { export function investigationFieldsField({ getService }: FtrProviderContext): void { describe('"investigation_fields"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/max_signals.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/max_signals.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/max_signals.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/max_signals.ts index 122b00022b47..4cab3c9d483d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/max_signals.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/max_signals.ts @@ -16,7 +16,7 @@ import { export function maxSignalsField({ getService }: FtrProviderContext): void { describe('"max_signals"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/name.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/name.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/name.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/name.ts index 1030d8f77478..69b10fb5bc2e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/name.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/name.ts @@ -16,7 +16,7 @@ import { export function nameField({ getService }: FtrProviderContext): void { describe('"name"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function nameField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function nameField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function nameField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function nameField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function nameField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function nameField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/note.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/note.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/note.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/note.ts index 5b7f1df6834b..80be32c0d981 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/note.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/note.ts @@ -16,7 +16,7 @@ import { export function noteField({ getService }: FtrProviderContext): void { describe('"note"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function noteField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function noteField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function noteField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function noteField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function noteField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function noteField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/references.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/references.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/references.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/references.ts index 532c49e6e571..90aeebac6cc2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/references.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/references.ts @@ -16,7 +16,7 @@ import { export function referencesField({ getService }: FtrProviderContext): void { describe('"references"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function referencesField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function referencesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function referencesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function referencesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function referencesField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function referencesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/related_integrations.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/related_integrations.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/related_integrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/related_integrations.ts index bdc4f0081c31..476932d62830 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/related_integrations.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/related_integrations.ts @@ -16,7 +16,7 @@ import { export function relatedIntegrationsField({ getService }: FtrProviderContext): void { describe('"related_integrations"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -71,7 +71,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -184,7 +184,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -288,7 +288,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -392,7 +392,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -490,7 +490,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -553,7 +553,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/required_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/required_fields.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/required_fields.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/required_fields.ts index 5dbd464bc243..15ed2144493d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/required_fields.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/required_fields.ts @@ -16,7 +16,7 @@ import { export function requiredFieldsField({ getService }: FtrProviderContext): void { describe('"required_fields"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -73,7 +73,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -177,7 +177,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -289,7 +289,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -401,7 +401,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -498,7 +498,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -564,7 +564,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score.ts index e83d9d3a8287..049e23a14f4d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score.ts @@ -16,7 +16,7 @@ import { export function riskScoreField({ getService }: FtrProviderContext): void { describe('"risk_score"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score_mapping.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score_mapping.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score_mapping.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score_mapping.ts index 77f68493254f..765a4a4b8aba 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score_mapping.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score_mapping.ts @@ -16,7 +16,7 @@ import { export function riskScoreMappingField({ getService }: FtrProviderContext): void { describe('"risk_score_mapping"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -79,7 +79,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -194,7 +194,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -318,7 +318,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -442,7 +442,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -550,7 +550,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -623,7 +623,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_name_override.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_name_override.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_name_override.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_name_override.ts index afe5b1cac682..c38ea0e707ba 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_name_override.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_name_override.ts @@ -16,7 +16,7 @@ import { export function ruleNameOverrideField({ getService }: FtrProviderContext): void { describe('"rule_name_override"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_schedule.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_schedule.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_schedule.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_schedule.ts index 3efb3057920a..5dd985f01794 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_schedule.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_schedule.ts @@ -16,7 +16,7 @@ import { export function ruleScheduleField({ getService }: FtrProviderContext): void { describe('"rule_schedule"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -57,7 +57,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -129,7 +129,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -204,7 +204,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -278,7 +278,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -345,7 +345,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -389,7 +389,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/setup.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/setup.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/setup.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/setup.ts index 78c954fcc20f..b7009390839d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/setup.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/setup.ts @@ -16,7 +16,7 @@ import { export function setupField({ getService }: FtrProviderContext): void { describe('"setup"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function setupField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function setupField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function setupField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function setupField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function setupField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function setupField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity.ts index 57183c1f7687..f6491e84e30f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity.ts @@ -16,7 +16,7 @@ import { export function severityField({ getService }: FtrProviderContext): void { describe('"severity"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function severityField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function severityField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function severityField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function severityField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function severityField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function severityField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity_mapping.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity_mapping.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity_mapping.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity_mapping.ts index 6cd09f94d965..1477ff7b232c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity_mapping.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity_mapping.ts @@ -16,7 +16,7 @@ import { export function severityMappingField({ getService }: FtrProviderContext): void { describe('"severity_mapping"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -79,7 +79,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -194,7 +194,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -318,7 +318,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -442,7 +442,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -550,7 +550,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -623,7 +623,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/tags.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/tags.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/tags.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/tags.ts index 1f67e55692fa..446f2308b9f1 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/tags.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/tags.ts @@ -16,7 +16,7 @@ import { export function tagsField({ getService }: FtrProviderContext): void { describe('"tags"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function tagsField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function tagsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function tagsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function tagsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function tagsField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function tagsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/threat.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/threat.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/threat.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/threat.ts index 2e001b5322de..fcffb46b24c8 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/threat.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/threat.ts @@ -16,7 +16,7 @@ import { export function threatField({ getService }: FtrProviderContext): void { describe('"threat"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -87,7 +87,7 @@ export function threatField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -220,7 +220,7 @@ export function threatField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -364,7 +364,7 @@ export function threatField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -508,7 +508,7 @@ export function threatField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -634,7 +634,7 @@ export function threatField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -717,7 +717,7 @@ export function threatField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timeline_template.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timeline_template.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timeline_template.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timeline_template.ts index 911500e0bb34..bdb403b40641 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timeline_template.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timeline_template.ts @@ -16,7 +16,7 @@ import { export function timelineTemplateField({ getService }: FtrProviderContext): void { describe('"timeline_template"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -54,7 +54,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -107,7 +107,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -163,7 +163,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -219,7 +219,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -268,7 +268,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -310,7 +310,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timestamp_override.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timestamp_override.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timestamp_override.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timestamp_override.ts index a6529cfcd5c5..7557402e1468 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timestamp_override.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timestamp_override.ts @@ -16,7 +16,7 @@ import { export function timestampOverrideField({ getService }: FtrProviderContext): void { describe('"timestamp_override"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/test_helpers.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/test_helpers.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts index 16153505e556..6ad7701303de 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts @@ -16,7 +16,7 @@ import { export function anomalyThresholdField({ getService }: FtrProviderContext): void { describe('"anomaly_threshold"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -49,7 +49,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -97,7 +97,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -148,7 +148,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -199,7 +199,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -243,7 +243,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -280,7 +280,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/ess.config.ts similarity index 84% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/ess.config.ts index 3ebc09e11f2f..5ff527858c70 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/ess.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../../../../config/ess/config.base.trial.ts') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - ESS Env', + 'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts similarity index 80% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts index 691330c33c12..67a22e55ca11 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - Serverless Env', + 'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - Serverless Env', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/eql_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/eql_query.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/eql_query.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/eql_query.ts index 1e1f6795c540..e33643d6d8fd 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/eql_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/eql_query.ts @@ -16,7 +16,7 @@ import { export function eqlQueryField({ getService }: FtrProviderContext): void { describe('"eql_query"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -58,7 +58,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -134,7 +134,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -212,7 +212,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -290,7 +290,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -358,7 +358,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -403,7 +403,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/esql_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/esql_query.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/esql_query.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/esql_query.ts index f59086d07560..94d586bc5082 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/esql_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/esql_query.ts @@ -16,7 +16,7 @@ import { export function esqlQueryField({ getService }: FtrProviderContext): void { describe('"esql_query"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -51,7 +51,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -113,7 +113,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -179,7 +179,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -245,7 +245,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -304,7 +304,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -344,7 +344,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/history_window_start.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/history_window_start.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/history_window_start.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/history_window_start.ts index 6362fd474b44..8745742e54bd 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/history_window_start.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/history_window_start.ts @@ -16,7 +16,7 @@ import { export function historyWindowStartField({ getService }: FtrProviderContext): void { describe('"history_window_start"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -49,7 +49,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -97,7 +97,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -148,7 +148,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -199,7 +199,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -243,7 +243,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -280,7 +280,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts index 6f2d4a8809a7..511df139cb7d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts @@ -22,7 +22,7 @@ const RULE_TYPES = ['query', 'threat_match', 'threshold', 'new_terms'] as const; export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): void { for (const ruleType of RULE_TYPES) { describe(`"kql_query" with inline query for ${ruleType} rule`, () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { describe('without filters', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { @@ -145,7 +145,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo }); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, @@ -228,7 +228,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, @@ -334,7 +334,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, @@ -440,7 +440,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, @@ -539,7 +539,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, @@ -611,7 +611,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts index faacc1ea63ea..38f514769c7d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts @@ -21,7 +21,7 @@ import { export function savedQueryKqlQueryField({ getService }: FtrProviderContext): void { describe('"kql_query" with saved query', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -57,7 +57,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -116,7 +116,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -178,7 +178,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -240,7 +240,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -295,7 +295,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -335,7 +335,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts index 64c08959eb01..3f61a2575235 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts @@ -16,7 +16,7 @@ import { export function machineLearningJobIdField({ getService }: FtrProviderContext): void { describe('"machine_learning_job_id"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -49,7 +49,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -97,7 +97,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -148,7 +148,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -199,7 +199,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -243,7 +243,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -280,7 +280,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/new_terms_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/new_terms_fields.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/new_terms_fields.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/new_terms_fields.ts index 71356a1e437a..57be81a679f2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/new_terms_fields.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/new_terms_fields.ts @@ -19,7 +19,7 @@ import { export function newTermsFieldsField({ getService }: FtrProviderContext): void { describe('"new_terms_fields"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -52,7 +52,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -100,7 +100,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -151,7 +151,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -202,7 +202,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -246,7 +246,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -283,7 +283,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_index.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_index.ts index 58c8d2cab5fd..d2405329d4b3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_index.ts @@ -19,7 +19,7 @@ import { export function threatIndexField({ getService }: FtrProviderContext): void { describe('"threat_index"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -52,7 +52,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -100,7 +100,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -151,7 +151,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -202,7 +202,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -246,7 +246,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -283,7 +283,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts index de706df8c19b..166d70fdf6ad 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts @@ -16,7 +16,7 @@ import { export function threatIndicatorPathField({ getService }: FtrProviderContext): void { describe('"threat_indicator_path"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -49,7 +49,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -97,7 +97,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -148,7 +148,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -199,7 +199,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -243,7 +243,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -280,7 +280,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_mapping.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_mapping.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_mapping.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_mapping.ts index 06763e06db80..74b75829d5e6 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_mapping.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_mapping.ts @@ -16,7 +16,7 @@ import { export function threatMappingField({ getService }: FtrProviderContext): void { describe('"threat_mapping"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -55,7 +55,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -111,7 +111,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -170,7 +170,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -229,7 +229,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -279,7 +279,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -322,7 +322,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_query.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_query.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_query.ts index a30c3a4cb6cf..009ae859a5cb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_query.ts @@ -19,7 +19,7 @@ import { export function threatQueryField({ getService }: FtrProviderContext): void { describe('"threat_query"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -57,7 +57,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -133,7 +133,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -212,7 +212,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -291,7 +291,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -360,7 +360,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -402,7 +402,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threshold.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threshold.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threshold.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threshold.ts index 9469fda5f8ae..d5c0a0f53c02 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threshold.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threshold.ts @@ -16,7 +16,7 @@ import { export function thresholdField({ getService }: FtrProviderContext): void { describe('"threshold"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -49,7 +49,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -97,7 +97,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -148,7 +148,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -199,7 +199,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -243,7 +243,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -280,7 +280,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/index.ts similarity index 54% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/index.ts index 231ac03a270b..037e5f00c1ff 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/index.ts @@ -8,10 +8,10 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Prebuilt Rule Customization Disabled', function () { - this.tags('skipFIPS'); - loadTestFile(require.resolve('./is_customized_calculation')); - loadTestFile(require.resolve('./upgrade_perform_prebuilt_rules')); - loadTestFile(require.resolve('./rules_export/export_prebuilt_rules')); + describe('Upgrade prebuilt rules', function () { + loadTestFile(require.resolve('./review_prebuilt_rules_upgrade')); + loadTestFile(require.resolve('./bulk_upgrade_all_prebuilt_rules')); + loadTestFile(require.resolve('./bulk_upgrade_selected_prebuilt_rules')); + loadTestFile(require.resolve('./upgrade_single_prebuilt_rule')); }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/preview_prebuilt_rules_upgrade.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/review_prebuilt_rules_upgrade.ts similarity index 98% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/preview_prebuilt_rules_upgrade.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/review_prebuilt_rules_upgrade.ts index d5fbc330ee3e..50e00c8e9853 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/preview_prebuilt_rules_upgrade.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/review_prebuilt_rules_upgrade.ts @@ -18,14 +18,13 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - const deps = { es, supertest, log, }; - describe('@ess @serverless @skipInServerlessMKI preview prebuilt rules upgrade', () => { + describe('@ess @serverless @skipInServerlessMKI review prebuilt rules upgrade', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); @@ -190,7 +189,7 @@ export default ({ getService }: FtrProviderContext): void => { }); }); - it(`asserts "has_update" is ${!withHistoricalVersions} for customized fields w/o upgrades`, async () => { + it(`asserts "has_update" is ${!withHistoricalVersions} for customized fields without upgrades`, async () => { await setUpRuleUpgrade({ assets: [ { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts index 6f345365a4e2..b2204d8aa9ab 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts @@ -8,14 +8,19 @@ import expect from 'expect'; import type SuperTest from 'supertest'; import { ModeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; import { DEFAULT_TEST_RULE_ID, setUpRuleUpgrade, -} from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { performUpgradePrebuiltRules, getWebHookAction } from '../../../../../utils'; +} from '../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { + deleteAllPrebuiltRuleAssets, + performUpgradePrebuiltRules, + getWebHookAction, +} from '../../../../utils'; -export function upgradeSinglePrebuiltRule({ getService }: FtrProviderContext): void { +export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); @@ -26,18 +31,23 @@ export function upgradeSinglePrebuiltRule({ getService }: FtrProviderContext): v log, }; - const RULE_TYPES = [ - 'query', - 'saved_query', - 'eql', - 'esql', - 'threat_match', - 'threshold', - 'machine_learning', - 'new_terms', - ] as const; + describe('@ess @serverless @skipInServerlessMKI Upgrade single prebuilt rule', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + const RULE_TYPES = [ + 'query', + 'saved_query', + 'eql', + 'esql', + 'threat_match', + 'threshold', + 'machine_learning', + 'new_terms', + ] as const; - describe('single rule', () => { for (const withHistoricalVersions of [true, false]) { describe( withHistoricalVersions ? 'with historical versions' : 'without historical versions', @@ -353,7 +363,7 @@ export function upgradeSinglePrebuiltRule({ getService }: FtrProviderContext): v ); } }); -} +}; async function createAction(supertest: SuperTest.Agent) { const createConnector = async (payload: Record) => diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts deleted file mode 100644 index e6ecd5825e98..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import path from 'path'; -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export const BUNDLED_PACKAGE_DIR = path.join( - path.dirname(__filename), - './../fleet_bundled_packages/fixtures' -); -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Large Prebuilt Rules Package Installation Integration Tests - Serverless Env - Complete License', - }, - kbnTestServerArgs: [ - /* Tests in this directory simulate an air-gapped environment in which the instance doesn't have access to EPR. - * To do that, we point the Fleet url to an invalid URL, and instruct Fleet to fetch bundled packages at the - * location defined in BUNDLED_PACKAGE_DIR. - * Since we want to test the installation of a large package, we created a specific package `security_detection_engine-100.0.0` - * which contains 15000 rules assets and 750 unique rules, and attempt to install it. - */ - `--xpack.fleet.registryUrl=http://invalidURL:8080`, - `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`, - ], - kbnTestServerEnv: { - /* Limit the heap memory to the lowest amount with which Kibana doesn't crash with an out of memory error - * when installing the large package. - */ - NODE_OPTIONS: '--max-old-space-size=800', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts deleted file mode 100644 index 401740109535..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); - - return { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Prebuilt Rules Management Integration Tests - ESS Env - Trial License', - }, - }; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts deleted file mode 100644 index ac06cacf21f6..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Prebuilt Rules Management Integration Tests - Serverless Env - Complete License', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts deleted file mode 100644 index 0b57697c483b..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; - -export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Prebuilt Rules Management', function () { - loadTestFile(require.resolve('./bootstrap_prebuilt_rules')); - loadTestFile(require.resolve('./get_prebuilt_rules_status')); - loadTestFile(require.resolve('./get_prebuilt_timelines_status')); - loadTestFile(require.resolve('./install_prebuilt_rules')); - loadTestFile(require.resolve('./install_prebuilt_rules_with_historical_versions')); - loadTestFile(require.resolve('./fleet_integration')); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules.ts deleted file mode 100644 index a96f88101d00..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules.ts +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - deleteAllTimelines, - deleteAllPrebuiltRuleAssets, - createRuleAssetSavedObject, - createPrebuiltRuleAssetSavedObjects, - installPrebuiltRulesAndTimelines, - getPrebuiltRulesAndTimelinesStatus, - getPrebuiltRulesStatus, - installPrebuiltRules, - getInstalledRules, -} from '../../../../utils'; -import { deleteAllRules, deleteRule } from '../../../../../../../common/utils/security_solution'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI install prebuilt rules from package without historical versions with mock rule assets', () => { - const getRuleAssetSavedObjects = () => [ - createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), - createRuleAssetSavedObject({ rule_id: 'rule-3', version: 3 }), - createRuleAssetSavedObject({ rule_id: 'rule-4', version: 4 }), - ]; - const RULES_COUNT = getRuleAssetSavedObjects().length; - - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllTimelines(es, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - describe('using current endpoint', () => { - it('should install prebuilt rules', async () => { - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRules(es, supertest); - - expect(body.summary.succeeded).toBe(RULES_COUNT); - expect(body.summary.failed).toBe(0); - expect(body.summary.skipped).toBe(0); - }); - - it('should install correct prebuilt rule versions', async () => { - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRules(es, supertest); - - // Check that all prebuilt rules were actually installed and their versions match the latest - expect(body.results.created).toEqual( - expect.arrayContaining([ - expect.objectContaining({ rule_id: 'rule-1', version: 1 }), - expect.objectContaining({ rule_id: 'rule-2', version: 2 }), - expect.objectContaining({ rule_id: 'rule-3', version: 3 }), - expect.objectContaining({ rule_id: 'rule-4', version: 4 }), - ]) - ); - }); - - it('should install missing prebuilt rules', async () => { - // Install all prebuilt detection rules - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(es, supertest); - - // Delete one of the installed rules - await deleteRule(supertest, 'rule-1'); - - // Check that one prebuilt rule is missing - const statusResponse = await getPrebuiltRulesStatus(es, supertest); - expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1); - - // Call the install prebuilt rules again and check that the missing rule was installed - const response = await installPrebuiltRules(es, supertest); - expect(response.summary.succeeded).toBe(1); - }); - }); - - describe('using legacy endpoint', () => { - it('should install prebuilt rules', async () => { - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRulesAndTimelines(es, supertest); - - expect(body.rules_installed).toBe(RULES_COUNT); - expect(body.rules_updated).toBe(0); - }); - - it('should install correct prebuilt rule versions', async () => { - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(es, supertest); - - // Get installed rules - const rulesResponse = await getInstalledRules(supertest); - - // Check that all prebuilt rules were actually installed and their versions match the latest - expect(rulesResponse.total).toBe(RULES_COUNT); - expect(rulesResponse.data).toEqual( - expect.arrayContaining([ - expect.objectContaining({ rule_id: 'rule-1', version: 1 }), - expect.objectContaining({ rule_id: 'rule-2', version: 2 }), - expect.objectContaining({ rule_id: 'rule-3', version: 3 }), - expect.objectContaining({ rule_id: 'rule-4', version: 4 }), - ]) - ); - }); - - it('should install missing prebuilt rules', async () => { - // Install all prebuilt detection rules - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(es, supertest); - - // Delete one of the installed rules - await deleteRule(supertest, 'rule-1'); - - // Check that one prebuilt rule is missing - const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); - expect(statusResponse.rules_not_installed).toBe(1); - - // Call the install prebuilt rules again and check that the missing rule was installed - const response = await installPrebuiltRulesAndTimelines(es, supertest); - expect(response.rules_installed).toBe(1); - expect(response.rules_updated).toBe(0); - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts deleted file mode 100644 index 49bb40b06d39..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.basic') - ); - - const testConfig = { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Prebuilt Rule Customization Disabled Integration Tests - ESS Env Basic License', - }, - }; - - return testConfig; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts deleted file mode 100644 index 1983a1f5bdc5..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Prebuilt Rule Customization Disabled Integration Tests - Serverless Env Essentials Tier', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/index.ts deleted file mode 100644 index 625b37ebd130..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/index.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; - -export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Prebuilt Rule Customization Enabled', function () { - loadTestFile(require.resolve('./is_customized_calculation')); - loadTestFile(require.resolve('./import_rules')); - loadTestFile(require.resolve('./rules_export')); - loadTestFile(require.resolve('./rule_customization')); - loadTestFile(require.resolve('./preview_prebuilt_rules_upgrade')); - loadTestFile(require.resolve('./upgrade_prebuilt_rules')); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/is_customized_calculation.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/is_customized_calculation.ts deleted file mode 100644 index b9f27dc627fb..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/is_customized_calculation.ts +++ /dev/null @@ -1,200 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import { - BulkActionEditTypeEnum, - BulkActionTypeEnum, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; -import expect from 'expect'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - installPrebuiltRules, -} from '../../../../utils'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); - const log = getService('log'); - - const ruleAsset = createRuleAssetSavedObject({ - rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19', - tags: ['test-tag'], - }); - - describe('@ess @serverless @skipInServerlessMKI is_customized calculation', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - describe('prebuilt rules', () => { - it('should set is_customized to true on bulk rule modification', async () => { - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body: findResult } = await securitySolutionApi - .findRules({ - query: { - per_page: 1, - filter: `alert.attributes.params.immutable: true`, - }, - }) - .expect(200); - const prebuiltRule = findResult.data[0]; - expect(prebuiltRule).toBeDefined(); - expect(prebuiltRule.rule_source.is_customized).toEqual(false); - - const { body: bulkResult } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type: BulkActionEditTypeEnum.add_tags, - value: ['new-tag'], - }, - ], - }, - }) - .expect(200); - - expect(bulkResult.attributes.summary).toEqual({ - failed: 0, - skipped: 0, - succeeded: 1, - total: 1, - }); - expect(bulkResult.attributes.results.updated[0].rule_source.is_customized).toEqual(true); - }); - - it('should leave is_customized intact if the change has been skipped', async () => { - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body: findResult } = await securitySolutionApi - .findRules({ - query: { - per_page: 1, - filter: `alert.attributes.params.immutable: true`, - }, - }) - .expect(200); - const prebuiltRule = findResult.data[0]; - expect(prebuiltRule).toBeDefined(); - expect(prebuiltRule.rule_source.is_customized).toEqual(false); - - const { body: bulkResult } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type: BulkActionEditTypeEnum.add_tags, - // This tag is already present on the rule, so the change will be skipped - value: [prebuiltRule.tags[0]], - }, - ], - }, - }) - .expect(200); - - expect(bulkResult.attributes.summary).toEqual({ - failed: 0, - skipped: 1, - succeeded: 0, - total: 1, - }); - - // Check that the rule has not been customized - const { body: findResultAfter } = await securitySolutionApi - .findRules({ - query: { - per_page: 1, - filter: `alert.attributes.params.immutable: true`, - }, - }) - .expect(200); - expect(findResultAfter.data[0].rule_source.is_customized).toEqual(false); - }); - - it('should set is_customized to false if the change has been reverted', async () => { - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body: findResult } = await securitySolutionApi - .findRules({ - query: { - per_page: 1, - filter: `alert.attributes.params.immutable: true`, - }, - }) - .expect(200); - const prebuiltRule = findResult.data[0]; - expect(prebuiltRule).toBeDefined(); - expect(prebuiltRule.rule_source.is_customized).toEqual(false); - - // Add a tag to the rule - const { body: bulkResult } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type: BulkActionEditTypeEnum.add_tags, - value: ['new-tag'], - }, - ], - }, - }) - .expect(200); - - expect(bulkResult.attributes.summary).toEqual({ - failed: 0, - skipped: 0, - succeeded: 1, - total: 1, - }); - - // Remove the added tag - const { body: revertResult } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type: BulkActionEditTypeEnum.delete_tags, - value: ['new-tag'], - }, - ], - }, - }) - .expect(200); - - expect(revertResult.attributes.summary).toEqual({ - failed: 0, - skipped: 0, - succeeded: 1, - total: 1, - }); - - expect(revertResult.attributes.results.updated[0].rule_source.is_customized).toEqual(false); - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/index.ts deleted file mode 100644 index 03b0c28326f4..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/index.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { deleteAllPrebuiltRuleAssets } from '../../../../../utils'; -import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; -import { bulkUpgradeAllPrebuiltRules } from './bulk_upgrade_all_prebuilt_rules'; -import { bulkUpgradeSelectedPrebuiltRules } from './bulk_upgrade_selected_prebuilt_rules'; -import { upgradeSinglePrebuiltRule } from './upgrade_single_prebuilt_rule'; - -export default (context: FtrProviderContext): void => { - const es = context.getService('es'); - const supertest = context.getService('supertest'); - const log = context.getService('log'); - - describe('@ess @serverless @skipInServerlessMKI upgrade prebuilt rules', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - bulkUpgradeAllPrebuiltRules(context); - bulkUpgradeSelectedPrebuiltRules(context); - upgradeSinglePrebuiltRule(context); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts deleted file mode 100644 index 2198f4e6fa0d..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); - - return { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Update Prebuilt Rules Integration Tests - ESS Env - Trial License', - }, - }; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts deleted file mode 100644 index 181c938ad734..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Update Prebuilt Rules Integration Tests - Serverless Env - Complete Tier', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts index 88e86bad8e4b..29cb6884268b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts @@ -1489,67 +1489,6 @@ export default ({ getService }: FtrProviderContext): void => { expect(updatedRule.version).toBe(rule.version + 1); }); - describe('prebuilt rules', () => { - const cases = [ - { - type: BulkActionEditTypeEnum.add_tags, - value: ['new-tag'], - }, - { - type: BulkActionEditTypeEnum.set_tags, - value: ['new-tag'], - }, - { - type: BulkActionEditTypeEnum.delete_tags, - value: ['new-tag'], - }, - { - type: BulkActionEditTypeEnum.add_index_patterns, - value: ['test-*'], - }, - { - type: BulkActionEditTypeEnum.set_index_patterns, - value: ['test-*'], - }, - { - type: BulkActionEditTypeEnum.delete_index_patterns, - value: ['test-*'], - }, - { - type: BulkActionEditTypeEnum.set_timeline, - value: { timeline_id: 'mock-id', timeline_title: 'mock-title' }, - }, - { - type: BulkActionEditTypeEnum.set_schedule, - value: { interval: '1m', lookback: '1m' }, - }, - ]; - cases.forEach(({ type, value }) => { - it(`should NOT return error when trying to apply "${type}" edit action to prebuilt rule`, async () => { - await installMockPrebuiltRules(supertest, es); - const prebuiltRule = await fetchPrebuiltRule(); - - const { body } = await postBulkAction() - .send({ - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type, - value, - }, - ], - }) - .expect(200); - - expect(body).toMatchObject({ - success: true, - rules_count: 1, - }); - }); - }); - }); - describe('rule actions', () => { const webHookActionMock = { group: 'default', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts index ed1ef1d4ee07..2933c585c086 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts @@ -10,12 +10,7 @@ import { BulkActionEditTypeEnum, } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management'; import moment from 'moment'; -import { - getCustomQueryRuleParams, - getSimpleMlRule, - getSimpleRule, - installMockPrebuiltRules, -} from '../../../utils'; +import { getCustomQueryRuleParams, getSimpleMlRule, getSimpleRule } from '../../../utils'; import { createRule, createAlertsIndex, @@ -201,31 +196,6 @@ export default ({ getService }: FtrProviderContext): void => { expect(ruleBody.tags).toEqual(tags); }); - it('should allow prebuilt rules edit', async () => { - await installMockPrebuiltRules(supertest, es); - const { body: findBody } = await securitySolutionApi - .findRules({ query: { per_page: 1, filter: 'alert.attributes.params.immutable: true' } }) - .expect(200); - - const prebuiltRule = findBody.data[0]; - - const { body } = await securitySolutionApi - .performRulesBulkAction({ - query: { dry_run: true }, - body: { - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { type: BulkActionEditTypeEnum.set_tags, value: ['reset-tag'] }, - ], - }, - }) - .expect(200); - - expect(body).toMatchObject({ success: true }); - expect(body.attributes.summary).toMatchObject({ succeeded: 1, total: 1 }); - }); - describe('validate updating index pattern for machine learning rule', () => { const actions = [ BulkActionEditTypeEnum.add_index_patterns, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/export_prebuilt_rules_feature_enabled.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/export_prebuilt_rules_feature_enabled.ts deleted file mode 100644 index dd06a1a6ec41..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/export_prebuilt_rules_feature_enabled.ts +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - binaryToString, - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - installPrebuiltRules, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Prebuilt rule export', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it("Export API - exports prebuilt all rules if rule_id's are not specified", async () => { - const ruleId = 'prebuilt-rule-1'; - const ruleAsset = createRuleAssetSavedObject({ rule_id: ruleId, version: 1 }); - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body } = await securitySolutionApi - .exportRules({ query: {}, body: null }) - .expect(200) - .parse(binaryToString); - - const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); - - expect(JSON.parse(ruleJson)).toMatchObject({ - rule_id: ruleId, - rule_source: { - type: 'external', - is_customized: false, - }, - }); - - expect(JSON.parse(exportDetailsJson)).toMatchObject({ - exported_rules_count: 1, - missing_rules: [], - }); - }); - - it('Export API - exports specified prebuilt rules', async () => { - const ruleId = 'prebuilt-rule-1'; - const ruleAsset = createRuleAssetSavedObject({ rule_id: ruleId, version: 1 }); - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body } = await securitySolutionApi - .exportRules({ - query: {}, - body: { - objects: [{ rule_id: ruleId }], - }, - }) - .expect(200) - .parse(binaryToString); - - const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); - - expect(JSON.parse(ruleJson)).toMatchObject({ - rule_id: ruleId, - rule_source: { - type: 'external', - is_customized: false, - }, - }); - - expect(JSON.parse(exportDetailsJson)).toMatchObject({ - exported_rules_count: 1, - missing_rules: [], - }); - }); - - it('Bulk actions export API - exports prebuilt rules', async () => { - const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const findResponse = await securitySolutionApi.findRules({ query: {} }); - const installedRule = findResponse.body.data[0]; - - const { body } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] }, - }) - .expect(200) - .parse(binaryToString); - - const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); - - expect(JSON.parse(ruleJson)).toMatchObject({ - id: installedRule.id, - rule_source: { - type: 'external', - is_customized: false, - }, - }); - - expect(JSON.parse(exportDetailsJson)).toMatchObject({ - missing_rules: [], - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts deleted file mode 100644 index 6f71abc686d1..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - getCustomQueryRuleParams, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; -import { combineToNdJson } from '../../../../utils/combine_to_ndjson'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Prebuilt rule import', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it(`imports customized prebuilt rules`, async () => { - const ruleId = 'prebuilt-rule-to-be-customized'; - const ruleParams = getCustomQueryRuleParams({ - rule_id: ruleId, - // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} - immutable: true, - rule_source: { type: 'external', is_customized: false }, - version: 1, - }); - const ruleAsset = createRuleAssetSavedObject(ruleParams); - - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - - // Customizing the rule before importing - const ndjson = combineToNdJson({ ...ruleParams, name: 'My customized rule' }); - - const { body } = await securitySolutionApi - .importRules({ query: {} }) - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: true, - errors: [], - }); - - const { body: importedRule } = await securitySolutionApi - .readRule({ - query: { rule_id: ruleId }, - }) - .expect(200); - - expect(importedRule).toMatchObject({ - ...ruleParams, - name: 'My customized rule', - rule_source: { - type: 'external', - is_customized: true, - }, - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts deleted file mode 100644 index c037f95548a5..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); - - const testConfig = { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization enabled - ESS Env', - }, - }; - - return testConfig; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts deleted file mode 100644 index 46738a39c1ff..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization disabled - Serverless Env', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/index.ts deleted file mode 100644 index 66752a09e225..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; - -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Import API - Customized prebuilt rules', function () { - loadTestFile(require.resolve('./allowed_importing_customized_prebuilt_rules')); - }); -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts deleted file mode 100644 index 7dd9643cdd18..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - getCustomQueryRuleParams, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; -import { combineToNdJson } from '../../../../utils/combine_to_ndjson'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Import - Customization Enabled', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it(`imports non-customized prebuilt rules`, async () => { - const ruleId = 'prebuilt-rule'; - const ruleParams = getCustomQueryRuleParams({ - rule_id: ruleId, - // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} - immutable: true, - rule_source: { type: 'external', is_customized: false }, - version: 1, - }); - const ruleAsset = createRuleAssetSavedObject(ruleParams); - - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - - const ndjson = combineToNdJson(ruleParams); - - const { body } = await securitySolutionApi - .importRules({ query: {} }) - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: true, - errors: [], - }); - - const { body: importedRule } = await securitySolutionApi - .readRule({ - query: { rule_id: ruleId }, - }) - .expect(200); - - expect(importedRule).toMatchObject(ruleParams); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts deleted file mode 100644 index c8582fc7c20d..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.basic') - ); - - const testConfig = { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules - ESS Env', - }, - }; - - return testConfig; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts deleted file mode 100644 index 8648e1b49387..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules - Serverless Env', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts deleted file mode 100644 index 22cd4aaeda8c..000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; - -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Import API - Non-customized prebuilt rules', function () { - loadTestFile(require.resolve('./allowed_importing_non_customized_prebuilt_rules')); - }); -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts index 06e2e3db81c3..31cf4e47cb09 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts @@ -1611,98 +1611,5 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); }); }); - - describe('supporting prebuilt rule customization', () => { - describe('compatibility with prebuilt rule fields', () => { - it('accepts rules with "immutable: true"', async () => { - const rule = getCustomQueryRuleParams({ - rule_id: 'rule-immutable', - // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} - immutable: true, - }); - const ndjson = combineToNdJson(rule); - - const { body } = await supertest - .post(DETECTION_ENGINE_RULES_IMPORT_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: true, - }); - }); - - it('imports custom rules alongside prebuilt rules', async () => { - const ndjson = combineToNdJson( - getCustomQueryRuleParams({ - rule_id: 'rule-immutable', - // @ts-expect-error the API supports the 'immutable' param, but we only need it in {@link RuleToImport} - immutable: true, - }), - // @ts-expect-error the API supports the 'immutable' param, but we only need it in {@link RuleToImport} - getCustomQueryRuleParams({ rule_id: 'custom-rule', immutable: false }) - ); - - const { body } = await supertest - .post(DETECTION_ENGINE_RULES_IMPORT_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: true, - success_count: 2, - }); - }); - - it('allows (but ignores) rules with a value for rule_source', async () => { - const rule = getCustomQueryRuleParams({ - rule_id: 'with-rule-source', - // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} - rule_source: { - type: 'ignored', - }, - }); - const ndjson = combineToNdJson(rule); - - const { body } = await supertest - .post(DETECTION_ENGINE_RULES_IMPORT_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: true, - success_count: 1, - }); - - const importedRule = await fetchRule(supertest, { ruleId: 'with-rule-source' }); - - expect(importedRule.rule_source).toMatchObject({ type: 'internal' }); - }); - - it('rejects rules without a rule_id', async () => { - const rule = getCustomQueryRuleParams({}); - delete rule.rule_id; - const ndjson = combineToNdJson(rule); - - const { body } = await supertest - .post(DETECTION_ENGINE_RULES_IMPORT_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body.errors).toHaveLength(1); - expect(body.errors[0]).toMatchObject({ - error: { message: 'rule_id: Required', status_code: 400 }, - }); - }); - }); - }); }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/get_rule_management_filters.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/get_rule_management_filters.ts index 0c7b47e9cf5c..a69c848da282 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/get_rule_management_filters.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/get_rule_management_filters.ts @@ -116,7 +116,12 @@ export default ({ getService }: FtrProviderContext): void => { .send() .expect(200); - expect(body.aggregated_fields.tags).to.eql(['test-tag-1', 'test-tag-2', 'test-tag-3']); + expect(body.aggregated_fields.tags).to.eql([ + 'test-tag', + 'test-tag-1', + 'test-tag-2', + 'test-tag-3', + ]); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/create_prebuilt_rule_saved_objects.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/create_prebuilt_rule_saved_objects.ts index 256dd76147b2..3efd5f6e788d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/create_prebuilt_rule_saved_objects.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/create_prebuilt_rule_saved_objects.ts @@ -53,16 +53,16 @@ export const SAMPLE_PREBUILT_RULES = [ createRuleAssetSavedObject({ ...getPrebuiltRuleWithExceptionsMock(), rule_id: ELASTIC_SECURITY_RULE_ID, - tags: ['test-tag-1'], + tags: ['test-tag', 'test-tag-1'], enabled: true, }), createRuleAssetSavedObject({ rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19', - tags: ['test-tag-2'], + tags: ['test-tag', 'test-tag-2'], }), createRuleAssetSavedObject({ rule_id: '00140285-b827-4aee-aa09-8113f58a08f3', - tags: ['test-tag-3'], + tags: ['test-tag', 'test-tag-3'], }), ];