[Security Solution][Threat Intelligence] - fix Cypress tests (#209195)

## Summary This PR fixes the few Threat Intelligence Cypress tests which started failing recently. [This PR](https://github.com/elastic/kibana/pull/208990) ([commit](296c452345) on `main`) which was a basic bump PR started had to skip a few Threat Intelligence Cypress tests that started failing. I tried to understand what happened but did not find the origin of the issue. The indicators table was previously showing data sorted from oldest to newest (but only on Cypress, not when running the application locally, really weird). After the commit mentioned above, the Cypress tests are now sorting the data from newest to oldest. Looking at the code, nothing mentions sorting, the `threatIntelligenceSearchStrategy` is identical between the application running locally and the Cypress tests. #### Payload | Local run | Cypress | | ------------- | ------------- | | ![Screenshot 2025-01-31 at 2 20 33 PM](https://github.com/user-attachments/assets/7095eeef-3ceb-4a3c-85ee-7fee7e07b9ba) | ![Screenshot 2025-01-31 at 2 21 39 PM](https://github.com/user-attachments/assets/7bce82d2-12ff-483f-bf85-ad8f0ce45054) | #### Result The results are different, one sorted ascending, the other descending. | Local run | Cypress | | ------------- | ------------- | | ![Screenshot 2025-01-31 at 2 22 19 PM](https://github.com/user-attachments/assets/09715344-0c6e-44e9-8abd-d0b56ae8c984) | ![Screenshot 2025-01-31 at 2 22 03 PM](https://github.com/user-attachments/assets/b66412fc-0018-4a84-9ddf-98b90c200878) | No code changes have been done to the Threat Intelligence plugin in many months. Fetching the data is done using `useQuery` (see [here](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/threat_intelligence/public/modules/indicators/hooks/use_indicators.ts#L101)) and the logic to fetch the actual data is [here](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/threat_intelligence/public/modules/indicators/services/fetch_indicators.ts#L71). Both haven't been touched in months... Nothing in the commit mentioned above seems to give any details on why these tests just started failing. Resetting to the commit right before makes the tests pass... The solution to fix the tests was to ensure that the data_archive files had the correct timestamps, to know exactly which ones we select in the Cypress tests to test against... https://github.com/elastic/kibana/issues/209050 https://github.com/elastic/kibana/issues/209039 https://github.com/elastic/kibana/issues/209051 Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2025-04-23 09:19:04 -04:00 · 2025-02-03 16:03:32 +01:00 · 2025-02-03 16:03:32 +01:00 · 4886061950
commit 4886061950
parent bcc0f4d5f6
4 changed files with 30 additions and 33 deletions
--- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/threat_intelligence/block_list.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/threat_intelligence/block_list.cy.ts
@ -8,6 +8,7 @@
 import { visitWithTimeRange } from '../../../tasks/navigation';
 import {
  closeFlyout,
+  navigateToBlocklist,
  navigateToThreatIntelligence,
  openFlyout,
  openFlyoutTakeAction,
@ -19,7 +20,6 @@ import {
  openAddToBlockListFlyoutFromTable,
  openAddToBlocklistFromFlyout,
 } from '../../../tasks/threat_intelligence/blocklist';
-import { navigateToBlocklist } from '../../../tasks/threat_intelligence/common';
 import { login } from '../../../tasks/login';
 import {
  BLOCK_LIST_VALUE_INPUT,
@ -57,8 +57,7 @@ describe('Block list with invalid indicators', { tags: ['@ess'] }, () => {
  });
 });

-// FAILING VERSION BUMP: https://github.com/elastic/kibana/issues/209051
-describe.skip('Block list interactions', { tags: ['@ess'] }, () => {
+describe('Block list interactions', { tags: ['@ess'] }, () => {
  before(() => cy.task('esArchiverLoad', { archiveName: 'ti_indicators_data_multiple' }));

  after(() => cy.task('esArchiverUnload', { archiveName: 'ti_indicators_data_multiple' }));
@ -71,7 +70,7 @@ describe.skip('Block list interactions', { tags: ['@ess'] }, () => {

  it('should add to block list from the indicators table and from flyout', () => {
    // first indicator is a valid indicator for add to blocklist feature
-    const firstIndicatorId = 'd86e656455f985357df3063dff6637f7f3b95bb27d1769a6b88c7adecaf7763f';
+    const firstIndicatorId = '7cbf47ef916aa02a1b39cad40dfe71ea121d8d5b36d5a13fdec5977a8dcb4550';

    cy.log('add to blocklist from the table more action menu');

@ -91,7 +90,7 @@ describe.skip('Block list interactions', { tags: ['@ess'] }, () => {
    navigateToThreatIntelligence();

    // second indicator is a valid indicator for add to blocklist feature
-    const secondIndicatorId = 'd3e2cf87eabf84ef929aaf8dad1431b3387f5a26de8ffb7a0c3c2a13f973c0ab';
+    const secondIndicatorId = 'd4ba36cfa7e4191199836b228f6d79bd74e86793bc183563b78591f508b066ed';

    cy.log('add to blocklist from the flyout');

--- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/threat_intelligence/cases.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/threat_intelligence/cases.cy.ts
@ -33,8 +33,7 @@ import { login } from '../../../tasks/login';

 const URL = '/app/security/threat_intelligence/indicators';

-// FAILING VERSION BUMP: https://github.com/elastic/kibana/issues/209050
-describe.skip('Cases with invalid indicators', { tags: ['@ess'] }, () => {
+describe('Cases with invalid indicators', { tags: ['@ess'] }, () => {
  before(() => cy.task('esArchiverLoad', { archiveName: 'ti_indicators_data_invalid' }));

  after(() => cy.task('esArchiverUnload', { archiveName: 'ti_indicators_data_invalid' }));
@ -106,7 +105,7 @@ describe('Cases interactions', { tags: ['@ess'] }, () => {

    cy.log('should add to new case when clicking on the button in the indicators flyout');

-    openFlyout(0);
+    openFlyout();
    openFlyoutTakeAction();
    openAddToNewCaseFromFlyout();
    createNewCaseFromTI();
@ -123,7 +122,7 @@ describe('Cases interactions', { tags: ['@ess'] }, () => {

    cy.log('should add to existing case when clicking on the button in the indicators flyout');

-    openFlyout(0);
+    openFlyout();
    openFlyoutTakeAction();
    openAddToExistingCaseFromFlyout();
    selectExistingCase();
--- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/threat_intelligence/indicators.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/threat_intelligence/indicators.cy.ts
@ -305,8 +305,7 @@ describe('Multiple indicators', { tags: ['@ess'] }, () => {
  });
 });

-// FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/209039
-describe.skip('Invalid Indicators', { tags: ['@ess'] }, () => {
+describe('Invalid Indicators', { tags: ['@ess'] }, () => {
  before(() => cy.task('esArchiverLoad', { archiveName: 'ti_indicators_data_invalid' }));

  after(() => cy.task('esArchiverUnload', { archiveName: 'ti_indicators_data_invalid' }));
--- a/x-pack/test/security_solution_cypress/es_archives/ti_indicators_data_invalid/data.json
+++ b/x-pack/test/security_solution_cypress/es_archives/ti_indicators_data_invalid/data.json
@ -5,7 +5,7 @@
    "id": "RP0HlUQkToBRTlZeGAItbyWMx1E=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.677Z",
+      "@timestamp": "2022-06-02T13:29:47.685Z",
      "abusech": {
        "malware": {
        }
@ -97,7 +97,7 @@
    "id": "C4ObxkoTZzcjmk1jFwGlRadzMnA=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.678Z",
+      "@timestamp": "2022-06-02T13:29:47.684Z",
      "abusech": {
        "malware": {
          "virustotal": {
@ -193,7 +193,7 @@
    "id": "5hGL0ETQsk+B0L7ryVcQVwsYhOk=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.678Z",
+      "@timestamp": "2022-06-02T13:29:47.683Z",
      "abusech": {
        "malware": {
          "virustotal": {
@ -288,7 +288,7 @@
    "id": "qq3AKvjp1c/FBtEoh10Vt+PsT14=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.678Z",
+      "@timestamp": "2022-06-02T13:29:47.682Z",
      "abusech": {
        "malware": {
        }
@ -377,7 +377,7 @@
    "id": "CNCiNUxTNHF5qyRWclltlrnxwhk=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.678Z",
+      "@timestamp": "2022-06-02T13:29:47.681Z",
      "abusech": {
        "malware": {
          "virustotal": {
@ -470,7 +470,7 @@
    "id": "Rk80kuvgnMegEB+1jhGlgLO5h5Y=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.681Z",
+      "@timestamp": "2022-06-02T13:29:47.680Z",
      "abusech": {
        "malware": {
          "virustotal": {
@ -562,7 +562,7 @@
    "id": "oF2/6vlWcu7040SDtfZuBX4sXEo=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.681Z",
+      "@timestamp": "2022-06-02T13:29:47.679Z",
      "abusech": {
        "malware": {
        }
@ -648,7 +648,7 @@
    "id": "mgUWSsWrUtqPZFUpBNhFU75TKyc=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.681Z",
+      "@timestamp": "2022-06-02T13:29:47.678Z",
      "abusech": {
        "malware": {
        }
@ -733,7 +733,7 @@
    "id": "auKnqhqoLKmnMsohKHQMvqvLSK4=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.681Z",
+      "@timestamp": "2022-06-02T13:29:47.677Z",
      "abusech": {
        "malware": {
        }
@ -817,7 +817,7 @@
    "id": "Llc8xZPNZbUM6j5sAHAFCeyu+po=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.681Z",
+      "@timestamp": "2022-06-02T13:29:47.676Z",
      "abusech": {
        "malware": {
          "virustotal": {
@ -905,7 +905,7 @@
    "id": "VbMLdKEoQI/Xli/LgjmvMOlGYZY=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.681Z",
+      "@timestamp": "2022-06-02T13:29:47.675Z",
      "abusech": {
        "malware": {
        }
@ -987,7 +987,7 @@
    "id": "/6DDSx9lUsUoJUF8QSZiQ/oMvmQ=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.681Z",
+      "@timestamp": "2022-06-02T13:29:47.674Z",
      "abusech": {
        "malware": {
        }
@ -1068,7 +1068,7 @@
    "id": "d+KIrgaxYVhvb/sqhlb5AYOHQDo=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.682Z",
+      "@timestamp": "2022-06-02T13:29:47.673Z",
      "abusech": {
        "malware": {
        }
@ -1148,7 +1148,7 @@
    "id": "bAPvrGKWj/ess46s3KwFqAJ8+tc=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.682Z",
+      "@timestamp": "2022-06-02T13:29:47.672Z",
      "abusech": {
        "malware": {
        }
@ -1227,7 +1227,7 @@
    "id": "uM8A5Yr/gMJ4tPHb9XIABYC/mRk=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.682Z",
+      "@timestamp": "2022-06-02T13:29:47.671Z",
      "abusech": {
        "malware": {
        }
@ -1305,7 +1305,7 @@
    "id": "YPTTIf8ctfvqnTo2W9OpoJD6n9Q=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.682Z",
+      "@timestamp": "2022-06-02T13:29:47.670Z",
      "abusech": {
        "malware": {
        }
@ -1382,7 +1382,7 @@
    "id": "UJBUWYV6AtCidXCm1NBsWtAYWZI=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.682Z",
+      "@timestamp": "2022-06-02T13:29:47.669Z",
      "abusech": {
        "malware": {
        }
@ -1458,7 +1458,7 @@
    "id": "e1yn2nAO9PlprMEaPBhcjgg9lwE=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.682Z",
+      "@timestamp": "2022-06-02T13:29:47.668Z",
      "abusech": {
        "malware": {
        }
@ -1533,7 +1533,7 @@
    "id": "e74l+UPbo6o0DotQc8Roo3OVcJQ=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.682Z",
+      "@timestamp": "2022-06-02T13:29:47.667Z",
      "abusech": {
        "malware": {
          "virustotal": {
@ -1612,7 +1612,7 @@
    "id": "XIDmYG67Bs5j3njl7xYKAyH1emM=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.682Z",
+      "@timestamp": "2022-06-02T13:29:47.666Z",
      "abusech": {
        "malware": {
          "virustotal": {
@ -1684,7 +1684,7 @@
    "id": "TxxcH4E0aWG8D8rloVjU3cK+sy0=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.685Z",
+      "@timestamp": "2022-06-02T13:29:47.665Z",
      "abusech": {
        "malware": {
          "virustotal": {
@ -1750,7 +1750,7 @@
    "id": "0j+BQ8HFrDQYe5kbXMc9ANSCjBY=",
    "index": ".ds-logs-ti_abusech.malware-default-2022.06.02-000001",
    "source": {
-      "@timestamp": "2022-06-02T13:29:47.685Z",
+      "@timestamp": "2022-06-02T13:29:47.664Z",
      "abusech": {
        "malware": {
          "virustotal": {