github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 01:13:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Support rule id in wait for rule status helper (#153410)

Browse source 
**Relates to:** https://github.com/elastic/kibana/pull/152900

## Summary

This PR adds an ability to wait for rule status by its rule id in functional tests. It is a result of splitting of https://github.com/elastic/kibana/pull/150553 into isolated parts.

## Details

Based on what kind of id is used (SO id or rule id) it leads to different behaviour under the hood. SO id related functionality consumes ES Get API while rule id related functionality consumes ES Search API. This way it may require to add some delay to let ES to refresh the data if the testing logic consumes ES Search API while rule status was awaited via SO id so that handled by ES Get API. This PR removes such a delay at rule exporting functional tests.
This commit is contained in:
Maxim Palenov 2023-03-27 11:03:15 +02:00 committed by GitHub
parent a73bf874a5
commit 519185ffa8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
39 changed files with 571 additions and 596 deletions
Download patch file Download diff file Expand all files Collapse all files

4
x-pack/test/cases_api_integration/common/lib/alerts.ts
View file

@ -14,7 +14,7 @@ import { RiskEnrichmentFields } from '@kbn/security-solution-plugin/server/lib/d
import {
getRuleForSignalTesting,
createRule,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
getSignalsByIds,
getQuerySignalIds,
@ -29,7 +29,7 @@ export const createSecuritySolutionAlerts = async (
): Promise<estypes.SearchResponse<DetectionAlert & RiskEnrichmentFields>> => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);

10
x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts
View file

@ -43,7 +43,7 @@ import {
deleteSignalsIndex,
deleteAllRules,
getRuleForSignalTesting,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
getSignalsByIds,
createRule,
@ -804,7 +804,7 @@ export default ({ getService }: FtrProviderContext): void => {
const postedCase = await createCase(supertest, postCaseReq);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
@ -864,7 +864,7 @@ export default ({ getService }: FtrProviderContext): void => {
});
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
@ -917,7 +917,7 @@ export default ({ getService }: FtrProviderContext): void => {
});
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
@ -986,7 +986,7 @@ export default ({ getService }: FtrProviderContext): void => {
const postedCase = await createCase(supertest, postCaseReq);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);

10
x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts
View file

@ -24,7 +24,7 @@ import {
createRule,
waitForSignalsToBePresent,
getSignalsByIds,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
getRuleForSignalTesting,
} from '../../utils';
@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should be able to execute and get 10 signals', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 10, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).equal(10);
@ -66,7 +66,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should be have set the signals in an open state initially', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 10, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
const everySignalOpen = signalsOpen.hits.hits.every(
@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should be able to get a count of 10 closed signals when closing 10', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 10, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
const signalIds = signalsOpen.hits.hits.map((signal) => signal._id);
@ -104,7 +104,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should be able close 10 signals immediately and they all should be closed', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 10, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
const signalIds = signalsOpen.hits.hits.map((signal) => signal._id);

6
x-pack/test/detection_engine_api_integration/security_and_spaces/group1/add_actions.ts
View file

@ -17,7 +17,7 @@ import {
getWebHookAction,
getRuleWithWebHookAction,
getSimpleRuleOutputWithWebHookAction,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
createRule,
} from '../../utils';
@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext) => {
log,
getRuleWithWebHookAction(hookAction.id, true)
);
await waitForRuleSuccessOrStatus(supertest, log, rule.id);
await waitForRuleSuccess({ supertest, log, id: rule.id });
});
it('should be able to create a new webhook action and attach it to a rule with a meta field and run it correctly', async () => {
@ -95,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => {
};
const rule = await createRule(supertest, log, ruleWithAction);
await waitForRuleSuccessOrStatus(supertest, log, rule.id);
await waitForRuleSuccess({ supertest, log, id: rule.id });
});
});
});

6
x-pack/test/detection_engine_api_integration/security_and_spaces/group1/aliases.ts
View file

@ -15,7 +15,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../utils';
@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should keep the original alias value such as "host_alias" from a source index when the value is indexed', async () => {
const rule = getRuleForSignalTesting(['host_alias']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits
@ -62,7 +62,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should copy alias data from a source index into the signals index in the same position when the target is ECS compatible', async () => {
const rule = getRuleForSignalTesting(['host_alias']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits

13
x-pack/test/detection_engine_api_integration/security_and_spaces/group1/check_privileges.ts
View file

@ -8,14 +8,13 @@
import expect from '@kbn/expect';
import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { RuleExecutionStatus } from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
import { ThresholdRuleCreateProps } from '@kbn/security-solution-plugin/common/detection_engine/rule_schema';
import { FtrProviderContext } from '../../common/ftr_provider_context';
import {
createSignalsIndex,
deleteSignalsIndex,
deleteAllRules,
waitForRuleSuccessOrStatus,
waitForRulePartialFailure,
getRuleForSignalTesting,
createRuleWithAuth,
getThresholdRuleForSignalTesting,
@ -65,12 +64,11 @@ export default ({ getService }: FtrProviderContext) => {
user: ROLES.detections_admin,
pass: 'changeme',
});
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
id,
RuleExecutionStatus['partial failure']
);
});
const { body } = await supertest
.get(DETECTION_ENGINE_RULES_URL)
.set('kbn-xsrf', 'true')
@ -104,12 +102,11 @@ export default ({ getService }: FtrProviderContext) => {
user: ROLES.detections_admin,
pass: 'changeme',
});
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
id,
RuleExecutionStatus['partial failure']
);
});
const { body } = await supertest
.get(DETECTION_ENGINE_RULES_URL)
.set('kbn-xsrf', 'true')

29
x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules.ts
View file

@ -8,7 +8,6 @@
import expect from '@kbn/expect';
import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
import { RuleExecutionStatus } from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
import { RuleCreateProps } from '@kbn/security-solution-plugin/common/detection_engine/rule_schema';
import { ExceptionListTypeEnum } from '@kbn/securitysolution-io-ts-list-types';
import { ROLES } from '@kbn/security-solution-plugin/common/test';
@ -26,12 +25,13 @@ import {
removeServerGeneratedPropertiesIncludingRuleId,
getSimpleMlRule,
getSimpleMlRuleOutput,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
getRuleForSignalTesting,
getRuleForSignalTestingWithTimestampOverride,
waitForAlertToComplete,
waitForSignalsToBePresent,
getThresholdRuleForSignalTesting,
waitForRulePartialFailure,
} from '../../utils';
import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution';
@ -118,7 +118,7 @@ export default ({ getService }: FtrProviderContext) => {
.send(simpleRule)
.expect(200);
await waitForRuleSuccessOrStatus(supertest, log, body.id);
await waitForRuleSuccess({ supertest, log, id: body.id });
});
it('should create a single rule with a rule_id and an index pattern that does not match anything available and partial failure for the rule', async () => {
@ -129,12 +129,11 @@ export default ({ getService }: FtrProviderContext) => {
.send(simpleRule)
.expect(200);
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
body.id,
RuleExecutionStatus['partial failure']
);
id: body.id,
});
const { body: rule } = await supertest
.get(DETECTION_ENGINE_RULES_URL)
@ -157,7 +156,7 @@ export default ({ getService }: FtrProviderContext) => {
.send(simpleRule)
.expect(200);
await waitForRuleSuccessOrStatus(supertest, log, body.id, RuleExecutionStatus.succeeded);
await waitForRuleSuccess({ supertest, log, id: body.id });
});
it('should create a single rule without an input index', async () => {
@ -519,12 +518,11 @@ export default ({ getService }: FtrProviderContext) => {
const bodyId = body.id;
await waitForAlertToComplete(supertest, log, bodyId);
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
bodyId,
RuleExecutionStatus['partial failure']
);
id: bodyId,
});
const { body: rule } = await supertest
.get(DETECTION_ENGINE_RULES_URL)
@ -551,12 +549,11 @@ export default ({ getService }: FtrProviderContext) => {
.expect(200);
const bodyId = body.id;
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
bodyId,
RuleExecutionStatus['partial failure']
);
id: bodyId,
});
await waitForSignalsToBePresent(supertest, log, 2, [bodyId]);
const { body: rule } = await supertest

4
x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules_bulk.ts
View file

@ -25,7 +25,7 @@ import {
getSimpleRuleWithoutRuleId,
removeServerGeneratedProperties,
removeServerGeneratedPropertiesIncludingRuleId,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
} from '../../utils';
// eslint-disable-next-line import/no-default-export
@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext): void => {
.send([simpleRule])
.expect(200);
await waitForRuleSuccessOrStatus(supertest, log, body[0].id);
await waitForRuleSuccess({ supertest, log, id: body[0].id });
});
it('should create a single rule without a rule_id', async () => {

40
x-pack/test/detection_engine_api_integration/security_and_spaces/group1/export_rules.ts
View file

@ -8,7 +8,6 @@
import expect from 'expect';
import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
import { RuleExecutionStatus } from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
import { FtrProviderContext } from '../../common/ftr_provider_context';
import {
binaryToString,
@ -20,7 +19,7 @@ import {
getSimpleRuleOutput,
getWebHookAction,
removeServerGeneratedProperties,
waitForRuleSuccessOrStatus,
waitForRulePartialFailure,
} from '../../utils';
// eslint-disable-next-line import/no-default-export
@ -54,19 +53,13 @@ export default ({ getService }: FtrProviderContext): void => {
it('should validate exported rule schema when its exported by its rule_id', async () => {
const ruleId = 'rule-1';
const rule = await createRule(supertest, log, getSimpleRule(ruleId, true));
await createRule(supertest, log, getSimpleRule(ruleId, true));
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
rule.id,
RuleExecutionStatus['partial failure']
);
// to properly execute the test on rule's data with runtime fields some delay is needed as
// ES Search API may return outdated data
// it causes a reliable delay so exported rule's SO contains runtime fields returned via ES Search API
// and will be removed after addressing this issue
await new Promise((r) => setTimeout(r, 1000));
ruleId,
});
const { body } = await supertest
.post(`${DETECTION_ENGINE_RULES_URL}/_export`)
@ -86,26 +79,19 @@ export default ({ getService }: FtrProviderContext): void => {
const ruleId1 = 'rule-1';
const ruleId2 = 'rule-2';
const rule1 = await createRule(supertest, log, getSimpleRule(ruleId1, true));
const rule2 = await createRule(supertest, log, getSimpleRule(ruleId2, true));
await createRule(supertest, log, getSimpleRule(ruleId1, true));
await createRule(supertest, log, getSimpleRule(ruleId2, true));
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
rule1.id,
RuleExecutionStatus['partial failure']
);
await waitForRuleSuccessOrStatus(
ruleId: ruleId1,
});
await waitForRulePartialFailure({
supertest,
log,
rule2.id,
RuleExecutionStatus['partial failure']
);
// to properly execute the test on rule's data with runtime fields some delay is needed as
// ES Search API may return outdated data
// it causes a reliable delay so exported rule's SO contains runtime fields returned via ES Search API
// and will be removed after addressing this issue
await new Promise((r) => setTimeout(r, 1000));
ruleId: ruleId2,
});
const { body } = await supertest
.post(`${DETECTION_ENGINE_RULES_URL}/_export`)

6
x-pack/test/detection_engine_api_integration/security_and_spaces/group1/update_actions.ts
View file

@ -18,7 +18,7 @@ import {
removeServerGeneratedProperties,
getRuleWithWebHookAction,
getSimpleRuleOutputWithWebHookAction,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
createRule,
getSimpleRule,
updateRule,
@ -101,7 +101,7 @@ export default ({ getService }: FtrProviderContext) => {
await createRule(supertest, log, rule);
const ruleToUpdate = getRuleWithWebHookAction(hookAction.id, true, rule);
const updatedRule = await updateRule(supertest, log, ruleToUpdate);
await waitForRuleSuccessOrStatus(supertest, log, updatedRule.id);
await waitForRuleSuccess({ supertest, log, id: updatedRule.id });
});
it('should be able to create a new webhook action and attach it to a rule with a meta field and run it correctly', async () => {
@ -113,7 +113,7 @@ export default ({ getService }: FtrProviderContext) => {
meta: {}, // create a rule with the action attached and a meta field
};
const updatedRule = await updateRule(supertest, log, ruleToUpdate);
await waitForRuleSuccessOrStatus(supertest, log, updatedRule.id);
await waitForRuleSuccess({ supertest, log, id: updatedRule.id });
});
it('should not change properties of immutable rule when applying actions to it', async () => {

12
x-pack/test/detection_engine_api_integration/security_and_spaces/group10/get_rule_execution_results.ts
View file

@ -11,10 +11,7 @@ import expect from '@kbn/expect';
import moment from 'moment';
import { set } from '@kbn/safer-lodash-set';
import { v4 as uuidv4 } from 'uuid';
import {
getRuleExecutionResultsUrl,
RuleExecutionStatus,
} from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
import { getRuleExecutionResultsUrl } from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
import { FtrProviderContext } from '../../common/ftr_provider_context';
import {
@ -26,7 +23,8 @@ import {
getRuleForSignalTesting,
indexEventLogExecutionEvents,
waitForEventLogExecuteComplete,
waitForRuleSuccessOrStatus,
waitForRulePartialFailure,
waitForRuleSuccess,
} from '../../utils';
import {
failedGapExecution,
@ -76,7 +74,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should return execution events for a rule that has executed successfully', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForEventLogExecuteComplete(es, log, id);
const start = dateMath.parse('now-24h')?.utc().toISOString();
@ -102,7 +100,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should return execution events for a rule that has executed in a warning state', async () => {
const rule = getRuleForSignalTesting(['no-name-index']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id, RuleExecutionStatus['partial failure']);
await waitForRulePartialFailure({ supertest, log, id });
await waitForEventLogExecuteComplete(es, log, id);
const start = dateMath.parse('now-24h')?.utc().toISOString();

10
x-pack/test/detection_engine_api_integration/security_and_spaces/group10/ignore_fields.ts
View file

@ -15,7 +15,7 @@ import {
deleteSignalsIndex,
getEqlRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../utils';
@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext): void => {
const rule = getEqlRuleForSignalTesting(['ignore_fields']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits
@ -88,7 +88,7 @@ export default ({ getService }: FtrProviderContext): void => {
const rule = getEqlRuleForSignalTesting(['ignore_fields']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => (hit._source as Ignore).testing_regex).sort();
@ -101,7 +101,7 @@ export default ({ getService }: FtrProviderContext): void => {
const rule = getEqlRuleForSignalTesting(['ignore_fields']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits
@ -117,7 +117,7 @@ export default ({ getService }: FtrProviderContext): void => {
const rule = getEqlRuleForSignalTesting(['ignore_fields']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => (hit._source as Ignore).small_field).sort();

14
x-pack/test/detection_engine_api_integration/security_and_spaces/group10/open_close_signals.ts
View file

@ -26,7 +26,7 @@ import {
createRule,
waitForSignalsToBePresent,
getSignalsByIds,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
getRuleForSignalTesting,
} from '../../utils';
import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution';
@ -91,7 +91,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should be able to execute and get 10 signals', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 10, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).equal(10);
@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should be have set the signals in an open state initially', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 10, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
const everySignalOpen = signalsOpen.hits.hits.every(
@ -112,7 +112,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should be able to get a count of 10 closed signals when closing 10', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 10, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
const signalIds = signalsOpen.hits.hits.map((signal) => signal._id);
@ -138,7 +138,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should be able close signals immediately and they all should be closed', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
const signalIds = signalsOpen.hits.hits.map((signal) => signal._id);
@ -169,7 +169,7 @@ export default ({ getService }: FtrProviderContext) => {
it.skip('should be able to close signals with t1 analyst user', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
await createUserAndRole(getService, ROLES.t1_analyst);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
@ -205,7 +205,7 @@ export default ({ getService }: FtrProviderContext) => {
it.skip('should be able to close signals with soc_manager user', async () => {
const rule = getRuleForSignalTesting(['auditbeat-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const userAndRole = ROLES.soc_manager;
await createUserAndRole(getService, userAndRole);

12
x-pack/test/detection_engine_api_integration/security_and_spaces/group10/runtime.ts
View file

@ -16,7 +16,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../utils';
@ -55,7 +55,7 @@ export default ({ getService }: FtrProviderContext) => {
const rule = getRuleForSignalTesting(['runtime']);
const { id } = await createRule(supertest, log, rule);
const start = performance.now();
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const end = performance.now();
expect(end - start).to.be.lessThan(10000);
});
@ -63,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should copy normal non-runtime data set from the source index into the signals index in the same position when the target is ECS compatible', async () => {
const rule = getRuleForSignalTesting(['runtime']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits
@ -75,7 +75,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should copy "runtime mapping" data from a source index into the signals index in the same position when the target is ECS compatible', async () => {
const rule = getRuleForSignalTesting(['runtime']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits
@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should NOT copy normal non-runtime data set from the source index into the signals index in the same position when the target is ECS compatible', async () => {
const rule = getRuleForSignalTesting(['runtime_conflicting_fields']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits
@ -166,7 +166,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should NOT copy "runtime mapping" data from a source index into the signals index in the same position when the target is ECS compatible', async () => {
const rule = getRuleForSignalTesting(['runtime_conflicting_fields']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map(

48
x-pack/test/detection_engine_api_integration/security_and_spaces/group10/timestamps.ts
View file

@ -20,12 +20,13 @@ import {
deleteAllRules,
deleteSignalsIndex,
createRule,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
getOpenSignals,
getRuleForSignalTesting,
getSignalsByIds,
getEqlRuleForSignalTesting,
waitForRulePartialFailure,
} from '../../utils';
// eslint-disable-next-line import/no-default-export
@ -67,7 +68,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should convert the @timestamp which is epoch_seconds into the correct ISO format', async () => {
const rule = getRuleForSignalTesting(['timestamp_in_seconds']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
const hits = signalsOpen.hits.hits
@ -82,7 +83,7 @@ export default ({ getService }: FtrProviderContext) => {
timestamp_override: 'event.ingested',
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
const hits = signalsOpen.hits.hits
@ -96,7 +97,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should convert the @timestamp which is epoch_seconds into the correct ISO format for EQL', async () => {
const rule = getEqlRuleForSignalTesting(['timestamp_in_seconds']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
const hits = signalsOpen.hits.hits
@ -111,7 +112,7 @@ export default ({ getService }: FtrProviderContext) => {
timestamp_override: 'event.ingested',
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
const hits = signalsOpen.hits.hits
@ -172,12 +173,11 @@ export default ({ getService }: FtrProviderContext) => {
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
id,
RuleExecutionStatus['partial failure']
);
});
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsResponse = await getSignalsByIds(supertest, log, [id], 3);
const signals = signalsResponse.hits.hits.map((hit) => hit._source);
@ -196,12 +196,11 @@ export default ({ getService }: FtrProviderContext) => {
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
id,
RuleExecutionStatus['partial failure']
);
});
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsResponse = await getSignalsByIds(supertest, log, [id], 2);
const signals = signalsResponse.hits.hits.map((hit) => hit._source);
@ -215,12 +214,11 @@ export default ({ getService }: FtrProviderContext) => {
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
id,
RuleExecutionStatus['partial failure']
);
});
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsResponse = await getSignalsByIds(supertest, log, [id]);
const signals = signalsResponse.hits.hits.map((hit) => hit._source);
@ -236,12 +234,11 @@ export default ({ getService }: FtrProviderContext) => {
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
id,
RuleExecutionStatus['partial failure']
);
});
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsResponse = await getSignalsByIds(supertest, log, [id, id]);
const signals = signalsResponse.hits.hits.map((hit) => hit._source);
@ -282,7 +279,7 @@ export default ({ getService }: FtrProviderContext) => {
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsResponse = await getSignalsByIds(supertest, log, [id, id]);
const hits = signalsResponse.hits.hits
@ -298,12 +295,11 @@ export default ({ getService }: FtrProviderContext) => {
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
id,
RuleExecutionStatus['partial failure']
);
});
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsResponse = await getSignalsByIds(supertest, log, [id]);
const signals = signalsResponse.hits.hits.map((hit) => hit._source);
@ -319,12 +315,11 @@ export default ({ getService }: FtrProviderContext) => {
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
id,
RuleExecutionStatus['partial failure']
);
});
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsResponse = await getSignalsByIds(supertest, log, [id, id]);
const signals = signalsResponse.hits.hits.map((hit) => hit._source);
@ -390,12 +385,11 @@ export default ({ getService }: FtrProviderContext) => {
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(
await waitForRulePartialFailure({
supertest,
log,
id,
RuleExecutionStatus['partial failure']
);
});
await waitForSignalsToBePresent(supertest, log, 200, [id]);
const signalsResponse = await getSignalsByIds(supertest, log, [id], 200);
const signals = signalsResponse.hits.hits.map((hit) => hit._source);

42
x-pack/test/detection_engine_api_integration/security_and_spaces/group2/create_endpoint_exceptions.ts
View file

@ -23,7 +23,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../utils';
@ -104,7 +104,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the "hosts" from a "agent" index when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['agent']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -126,7 +126,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the "hosts" from a "endpoint_without_host_type" index when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['endpoint_without_host_type']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -169,7 +169,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -206,7 +206,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -254,7 +254,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -299,7 +299,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -335,7 +335,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -372,7 +372,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -420,7 +420,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -465,7 +465,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -501,7 +501,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 6, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -547,7 +547,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 6, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -604,7 +604,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -655,7 +655,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -707,7 +707,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -747,7 +747,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -780,7 +780,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -817,7 +817,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -851,7 +851,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([
@ -885,7 +885,7 @@ export default ({ getService }: FtrProviderContext) => {
},
]
);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const hits = await getHostHits(supertest, log, id);
expect(hits).to.eql([

6
x-pack/test/detection_engine_api_integration/security_and_spaces/group3/create_exceptions.ts
View file

@ -33,7 +33,7 @@ import {
removeServerGeneratedProperties,
downgradeImmutableRule,
createRule,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
installMockPrebuiltRules,
getRule,
createExceptionList,
@ -145,7 +145,7 @@ export default ({ getService }: FtrProviderContext) => {
};
const rule = await createRule(supertest, log, ruleWithException);
await waitForRuleSuccessOrStatus(supertest, log, rule.id);
await waitForRuleSuccess({ supertest, log, id: rule.id });
const bodyToCompare = removeServerGeneratedProperties(rule);
const expected = {
@ -568,7 +568,7 @@ export default ({ getService }: FtrProviderContext) => {
],
};
const { id: createdId } = await createRule(supertest, log, ruleWithException);
await waitForRuleSuccessOrStatus(supertest, log, createdId);
await waitForRuleSuccess({ supertest, log, id: createdId });
await waitForSignalsToBePresent(supertest, log, 10, [createdId]);
const signalsOpen = await getSignalsByIds(supertest, log, [createdId]);
expect(signalsOpen.hits.hits.length).equal(10);

10
x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rule_status.ts
View file

@ -30,7 +30,7 @@ import {
getSimpleThreatMatch,
getStats,
getThresholdRuleForSignalTesting,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
deleteAllEventLogExecutionEvents,
} from '../../../../utils';
@ -72,7 +72,7 @@ export default ({ getService }: FtrProviderContext) => {
before(async () => {
const rule = getRuleForSignalTesting(['telemetry']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
// get the stats for all the tests where we at least have the expected "query" to reduce chances of flake by checking that at least one custom rule passed
await retry.try(async () => {
@ -259,7 +259,7 @@ export default ({ getService }: FtrProviderContext) => {
before(async () => {
const rule = getEqlRuleForSignalTesting(['telemetry']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
// get the stats for all the tests where we at least have the expected "query" to reduce chances of flake by checking that at least one custom rule passed
await retry.try(async () => {
@ -452,7 +452,7 @@ export default ({ getService }: FtrProviderContext) => {
},
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
// get the stats for all the tests where we at least have the expected "query" to reduce chances of flake by checking that at least one custom rule passed
await retry.try(async () => {
@ -661,7 +661,7 @@ export default ({ getService }: FtrProviderContext) => {
],
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
// get the stats for all the tests where we at least have the expected "query" to reduce chances of flake by checking that at least one custom rule passed
await retry.try(async () => {

26
x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rules.ts
View file

@ -32,7 +32,7 @@ import {
getStats,
getThresholdRuleForSignalTesting,
installMockPrebuiltRules,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
updateRule,
deleteAllEventLogExecutionEvents,
@ -105,7 +105,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "enabled"/"active" rule that does not have any actions', async () => {
const rule = getRuleForSignalTesting(['telemetry']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
const stats = await getStats(supertest, log);
@ -184,7 +184,7 @@ export default ({ getService }: FtrProviderContext) => {
const hookAction = await createNewAction(supertest, log);
const ruleToCreate = getRuleWithWebHookAction(hookAction.id, true, rule);
const { id } = await createRule(supertest, log, ruleToCreate);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
@ -254,7 +254,7 @@ export default ({ getService }: FtrProviderContext) => {
const { id } = await createRule(supertest, log, rule);
const hookAction = await createNewAction(supertest, log);
await createLegacyRuleAction(supertest, id, hookAction.id);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
@ -327,7 +327,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "enabled"/"active" rule that does not have any actions', async () => {
const rule = getEqlRuleForSignalTesting(['telemetry']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
const stats = await getStats(supertest, log);
@ -406,7 +406,7 @@ export default ({ getService }: FtrProviderContext) => {
const hookAction = await createNewAction(supertest, log);
const ruleToCreate = getRuleWithWebHookAction(hookAction.id, true, rule);
const { id } = await createRule(supertest, log, ruleToCreate);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
@ -476,7 +476,7 @@ export default ({ getService }: FtrProviderContext) => {
const { id } = await createRule(supertest, log, rule);
const hookAction = await createNewAction(supertest, log);
await createLegacyRuleAction(supertest, id, hookAction.id);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
@ -561,7 +561,7 @@ export default ({ getService }: FtrProviderContext) => {
},
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
const stats = await getStats(supertest, log);
@ -652,7 +652,7 @@ export default ({ getService }: FtrProviderContext) => {
const hookAction = await createNewAction(supertest, log);
const ruleToCreate = getRuleWithWebHookAction(hookAction.id, true, rule);
const { id } = await createRule(supertest, log, ruleToCreate);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
@ -738,7 +738,7 @@ export default ({ getService }: FtrProviderContext) => {
const { id } = await createRule(supertest, log, rule);
const hookAction = await createNewAction(supertest, log);
await createLegacyRuleAction(supertest, id, hookAction.id);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
@ -1047,7 +1047,7 @@ export default ({ getService }: FtrProviderContext) => {
],
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
const stats = await getStats(supertest, log);
@ -1141,7 +1141,7 @@ export default ({ getService }: FtrProviderContext) => {
const hookAction = await createNewAction(supertest, log);
const ruleToCreate = getRuleWithWebHookAction(hookAction.id, true, rule);
const { id } = await createRule(supertest, log, ruleToCreate);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {
@ -1230,7 +1230,7 @@ export default ({ getService }: FtrProviderContext) => {
const { id } = await createRule(supertest, log, rule);
const hookAction = await createNewAction(supertest, log);
await createLegacyRuleAction(supertest, id, hookAction.id);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
await retry.try(async () => {

12
x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/const_keyword.ts
View file

@ -22,7 +22,7 @@ import {
getRuleForSignalTesting,
getSignalsById,
getThresholdRuleForSignalTesting,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => {
query: 'event.dataset: "dataset_name_1"',
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
expect(signalsOpen.hits.hits.length).to.eql(4);
@ -71,7 +71,7 @@ export default ({ getService }: FtrProviderContext) => {
query: 'event.dataset: "dataset_name_1"',
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.['event.dataset']).sort();
@ -92,7 +92,7 @@ export default ({ getService }: FtrProviderContext) => {
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
expect(signalsOpen.hits.hits.length).to.eql(4);
@ -105,7 +105,7 @@ export default ({ getService }: FtrProviderContext) => {
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.['event.dataset']).sort();
@ -128,7 +128,7 @@ export default ({ getService }: FtrProviderContext) => {
},
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits

8
x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/keyword.ts
View file

@ -23,7 +23,7 @@ import {
getRuleForSignalTesting,
getSignalsById,
getThresholdRuleForSignalTesting,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => {
query: 'event.dataset: "dataset_name_1"',
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.['event.dataset']).sort();
@ -79,7 +79,7 @@ export default ({ getService }: FtrProviderContext) => {
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.['event.dataset']).sort();
@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext) => {
},
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits

12
x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/keyword_mixed_with_const.ts
View file

@ -21,7 +21,7 @@ import {
getEqlRuleForSignalTesting,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -60,7 +60,7 @@ export default ({ getService }: FtrProviderContext) => {
query: 'event.dataset: "dataset_name_1"',
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 8, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
expect(signalsOpen.hits.hits.length).to.eql(8);
@ -72,7 +72,7 @@ export default ({ getService }: FtrProviderContext) => {
query: 'event.dataset: "dataset_name_1"',
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 8, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.['event.dataset']).sort();
@ -97,7 +97,7 @@ export default ({ getService }: FtrProviderContext) => {
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 8, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
expect(signalsOpen.hits.hits.length).to.eql(8);
@ -110,7 +110,7 @@ export default ({ getService }: FtrProviderContext) => {
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 8, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.['event.dataset']).sort();
@ -141,7 +141,7 @@ export default ({ getService }: FtrProviderContext) => {
},
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits

22
x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/alerts_compatibility.ts
View file

@ -34,7 +34,7 @@ import {
getThresholdRuleForSignalTesting,
startSignalsMigration,
waitFor,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
import { FtrProviderContext } from '../../../common/ftr_provider_context';
@ -186,7 +186,7 @@ export default ({ getService }: FtrProviderContext) => {
'.siem-signals-*',
]);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).greaterThan(0);
@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => {
`.alerts-security.alerts-default`,
]);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).greaterThan(0);
@ -225,7 +225,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should generate a signal-on-legacy-signal with legacy index pattern', async () => {
const rule: QueryRuleCreateProps = getRuleForSignalTesting([`.siem-signals-*`]);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).greaterThan(0);
@ -385,7 +385,7 @@ export default ({ getService }: FtrProviderContext) => {
`.alerts-security.alerts-default`,
]);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).greaterThan(0);
@ -560,7 +560,7 @@ export default ({ getService }: FtrProviderContext) => {
`.siem-signals-*`,
]);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).greaterThan(0);
@ -573,7 +573,7 @@ export default ({ getService }: FtrProviderContext) => {
`.alerts-security.alerts-default`,
]);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).greaterThan(0);
@ -599,7 +599,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should generate a signal-on-legacy-signal with legacy index pattern', async () => {
const rule: EqlRuleCreateProps = getEqlRuleForSignalTesting(['.siem-signals-*']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).greaterThan(0);
@ -612,7 +612,7 @@ export default ({ getService }: FtrProviderContext) => {
`.alerts-security.alerts-default`,
]);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).greaterThan(0);
@ -648,7 +648,7 @@ export default ({ getService }: FtrProviderContext) => {
},
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).greaterThan(0);
@ -669,7 +669,7 @@ export default ({ getService }: FtrProviderContext) => {
},
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, log, [id]);
expect(signalsOpen.hits.hits.length).greaterThan(0);

46
x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/date.ts
View file

@ -22,7 +22,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the dates from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['date']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -81,7 +81,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -112,7 +112,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -147,7 +147,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -190,7 +190,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
@ -210,7 +210,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
@ -228,7 +228,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -255,7 +255,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
@ -275,7 +275,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -298,7 +298,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -321,7 +321,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -345,7 +345,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
@ -365,7 +365,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
@ -383,7 +383,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -403,7 +403,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
@ -422,7 +422,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -452,7 +452,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -485,7 +485,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -519,7 +519,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
@ -543,7 +543,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -572,7 +572,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
@ -606,7 +606,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();

62
x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/double.ts
View file

@ -22,7 +22,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -61,7 +61,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the double from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['double']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -80,7 +80,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -107,7 +107,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -142,7 +142,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -185,7 +185,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
@ -205,7 +205,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
@ -223,7 +223,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -250,7 +250,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
@ -270,7 +270,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -289,7 +289,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -308,7 +308,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -327,7 +327,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
@ -347,7 +347,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
@ -365,7 +365,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -385,7 +385,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
@ -404,7 +404,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -430,7 +430,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -453,7 +453,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -482,7 +482,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
@ -506,7 +506,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -529,7 +529,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -558,7 +558,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
@ -583,7 +583,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -610,7 +610,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -633,7 +633,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -662,7 +662,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -687,7 +687,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -710,7 +710,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -739,7 +739,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
@ -765,7 +765,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();

62
x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/float.ts
View file

@ -22,7 +22,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the float from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['float']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -105,7 +105,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -140,7 +140,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -183,7 +183,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
@ -203,7 +203,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
@ -221,7 +221,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -248,7 +248,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
@ -268,7 +268,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -287,7 +287,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -306,7 +306,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -325,7 +325,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
@ -345,7 +345,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
@ -363,7 +363,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -383,7 +383,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
@ -402,7 +402,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -428,7 +428,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -451,7 +451,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -474,7 +474,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
@ -498,7 +498,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -521,7 +521,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -544,7 +544,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
@ -569,7 +569,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -596,7 +596,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -619,7 +619,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -642,7 +642,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -667,7 +667,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -690,7 +690,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -713,7 +713,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
@ -739,7 +739,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();

62
x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/integer.ts
View file

@ -22,7 +22,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -61,7 +61,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the integer from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['integer']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -80,7 +80,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -107,7 +107,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -142,7 +142,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -185,7 +185,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
@ -205,7 +205,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
@ -223,7 +223,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -250,7 +250,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
@ -270,7 +270,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -289,7 +289,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -308,7 +308,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -327,7 +327,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
@ -347,7 +347,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
@ -365,7 +365,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -385,7 +385,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
@ -404,7 +404,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -430,7 +430,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -453,7 +453,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -476,7 +476,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
@ -500,7 +500,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -523,7 +523,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -546,7 +546,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
@ -568,7 +568,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -595,7 +595,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -618,7 +618,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -641,7 +641,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -666,7 +666,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -689,7 +689,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -712,7 +712,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
@ -739,7 +739,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();

64
x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/keyword.ts
View file

@ -22,7 +22,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the keyword from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['keyword']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -76,7 +76,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -103,7 +103,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -138,7 +138,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -181,7 +181,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -201,7 +201,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -219,7 +219,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -246,7 +246,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -266,7 +266,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -285,7 +285,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -304,7 +304,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -323,7 +323,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -343,7 +343,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -361,7 +361,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -381,7 +381,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -400,7 +400,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -435,7 +435,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -458,7 +458,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -481,7 +481,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -510,7 +510,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -534,7 +534,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -557,7 +557,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -586,7 +586,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -608,7 +608,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -635,7 +635,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -655,7 +655,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -674,7 +674,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -696,7 +696,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -716,7 +716,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -736,7 +736,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -755,7 +755,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);

60
x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/keyword_array.ts
View file

@ -22,7 +22,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the keyword from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['keyword_as_array']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -83,7 +83,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -114,7 +114,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -149,7 +149,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -170,7 +170,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -188,7 +188,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -215,7 +215,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -235,7 +235,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -258,7 +258,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -277,7 +277,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -298,7 +298,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
@ -316,7 +316,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -339,7 +339,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -359,7 +359,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -398,7 +398,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -436,7 +436,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -463,7 +463,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -490,7 +490,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -519,7 +519,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -544,7 +544,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -567,7 +567,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -590,7 +590,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -622,7 +622,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -647,7 +647,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -670,7 +670,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -689,7 +689,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -710,7 +710,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -729,7 +729,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
@ -751,7 +751,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();

62
x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/long.ts
View file

@ -22,7 +22,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the long from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['long']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -105,7 +105,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -140,7 +140,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -183,7 +183,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
@ -203,7 +203,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
@ -221,7 +221,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -248,7 +248,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
@ -268,7 +268,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -287,7 +287,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -306,7 +306,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -325,7 +325,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
@ -345,7 +345,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
@ -363,7 +363,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -383,7 +383,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
@ -402,7 +402,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -428,7 +428,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -451,7 +451,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -474,7 +474,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
@ -498,7 +498,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -521,7 +521,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -544,7 +544,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
@ -570,7 +570,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -597,7 +597,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -620,7 +620,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -643,7 +643,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -668,7 +668,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -691,7 +691,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -714,7 +714,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
@ -741,7 +741,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();

74
x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/text.ts
View file

@ -23,7 +23,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -60,7 +60,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the text from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['text']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -79,7 +79,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -106,7 +106,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -141,7 +141,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -184,7 +184,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -202,7 +202,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -221,7 +221,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -239,7 +239,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -260,7 +260,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -278,7 +278,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -305,7 +305,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -323,7 +323,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -342,7 +342,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -361,7 +361,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -382,7 +382,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -401,7 +401,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -420,7 +420,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -439,7 +439,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -459,7 +459,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -477,7 +477,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -497,7 +497,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -516,7 +516,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -542,7 +542,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -565,7 +565,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -594,7 +594,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -618,7 +618,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -647,7 +647,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -670,7 +670,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -699,7 +699,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -725,7 +725,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -748,7 +748,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -777,7 +777,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -802,7 +802,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -831,7 +831,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -860,7 +860,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -889,7 +889,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();

58
x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/ip.ts
View file

@ -22,7 +22,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the ips from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['ip']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -76,7 +76,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -103,7 +103,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -138,7 +138,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -181,7 +181,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -220,7 +220,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
@ -238,7 +238,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -265,7 +265,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
@ -285,7 +285,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -304,7 +304,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -323,7 +323,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -342,7 +342,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
@ -362,7 +362,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
@ -380,7 +380,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -400,7 +400,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
@ -419,7 +419,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -444,7 +444,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -467,7 +467,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -496,7 +496,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
@ -522,7 +522,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -549,7 +549,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -579,7 +579,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -604,7 +604,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -627,7 +627,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -656,7 +656,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -683,7 +683,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -710,7 +710,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();

56
x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/ip_array.ts
View file

@ -22,7 +22,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the ips from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['ip_as_array']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -81,7 +81,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -112,7 +112,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -147,7 +147,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -166,7 +166,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -189,7 +189,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -210,7 +210,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
@ -228,7 +228,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -253,7 +253,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -280,7 +280,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
@ -300,7 +300,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -323,7 +323,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -342,7 +342,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -363,7 +363,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
@ -381,7 +381,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -404,7 +404,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -424,7 +424,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -453,7 +453,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -480,7 +480,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -509,7 +509,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -547,7 +547,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -578,7 +578,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -603,7 +603,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -626,7 +626,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -658,7 +658,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -700,7 +700,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
@ -734,7 +734,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();

48
x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/text_array.ts
View file

@ -22,7 +22,7 @@ import {
deleteSignalsIndex,
getRuleForSignalTesting,
getSignalsById,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
waitForSignalsToBePresent,
} from '../../../utils';
@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
it('should find all the text from the data set when no exceptions are set on the rule', async () => {
const rule = getRuleForSignalTesting(['text_as_array']);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 4, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -81,7 +81,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -112,7 +112,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -147,7 +147,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -168,7 +168,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -186,7 +186,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -213,7 +213,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -233,7 +233,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -256,7 +256,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -275,7 +275,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -296,7 +296,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
@ -314,7 +314,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -337,7 +337,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -357,7 +357,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -396,7 +396,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -434,7 +434,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -461,7 +461,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -488,7 +488,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -517,7 +517,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -542,7 +542,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -565,7 +565,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -588,7 +588,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 2, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
@ -620,7 +620,7 @@ export default ({ getService }: FtrProviderContext) => {
},
],
]);
await waitForRuleSuccessOrStatus(supertest, log, id);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 3, [id]);
const signalsOpen = await getSignalsById(supertest, log, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();

4
x-pack/test/detection_engine_api_integration/utils/get_open_signals.ts
View file

@ -11,7 +11,7 @@ import type { ToolingLog } from '@kbn/tooling-log';
import { RuleExecutionStatus } from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
import type { RuleResponse } from '@kbn/security-solution-plugin/common/detection_engine/rule_schema';
import { waitForRuleSuccessOrStatus } from './wait_for_rule_success_or_status';
import { waitForRuleStatus } from './wait_for_rule_status';
import { refreshIndex } from './refresh_index';
import { getSignalsByIds } from './get_signals_by_ids';
@ -24,7 +24,7 @@ export const getOpenSignals = async (
size?: number,
afterDate?: Date
) => {
await waitForRuleSuccessOrStatus(supertest, log, rule.id, status, afterDate);
await waitForRuleStatus(status, { supertest, log, id: rule.id, afterDate });
// Critically important that we wait for rule success AND refresh the write index in that order before we
// assert that no signals were created. Otherwise, signals could be written but not available to query yet
// when we search, causing tests that check that signals are NOT created to pass when they should fail.

2
x-pack/test/detection_engine_api_integration/utils/index.ts
View file

@ -96,7 +96,7 @@ export * from './wait_for';
export * from './wait_for_alert_to_complete';
export * from './wait_for_event_log_execute_complete';
export * from './wait_for_index_to_populate';
export * from './wait_for_rule_success_or_status';
export * from './wait_for_rule_status';
export * from './wait_for_signals_to_be_present';
export * from './prebuilt_rules/create_prebuilt_rule_saved_objects';
export * from './prebuilt_rules/delete_all_prebuilt_rule_assets';

72
x-pack/test/detection_engine_api_integration/utils/wait_for_rule_status.ts Normal file
View file

@ -0,0 +1,72 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { ToolingLog } from '@kbn/tooling-log';
import type SuperTest from 'supertest';
import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
import { RuleExecutionStatus } from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
import { waitFor } from './wait_for';
interface WaitForRuleStatusBaseParams {
supertest: SuperTest.SuperTest<SuperTest.Test>;
log: ToolingLog;
afterDate?: Date;
}
interface WaitForRuleStatusWithId extends WaitForRuleStatusBaseParams {
id: string;
ruleId?: never;
}
interface WaitForRuleStatusWithRuleId extends WaitForRuleStatusBaseParams {
ruleId: string;
id?: never;
}
export type WaitForRuleStatusParams = WaitForRuleStatusWithId | WaitForRuleStatusWithRuleId;
/**
* Waits for rule to settle in a provided status.
* Depending on wether `id` or `ruleId` provided it may impact the behavior.
* - `id` leads to fetching a rule via ES Get API (rulesClient.resolve -> SOClient.resolve -> ES Get API)
* - `ruleId` leads to fetching a rule via ES Search API (rulesClient.find -> SOClient.find -> ES Search API)
* ES Search API may return outdated data while ES Get API always returns fresh data
*/
export const waitForRuleStatus = async (
expectedStatus: RuleExecutionStatus,
{ supertest, log, afterDate, ...idOrRuleId }: WaitForRuleStatusParams
): Promise<void> => {
await waitFor(
async () => {
const query = 'id' in idOrRuleId ? { id: idOrRuleId.id } : { rule_id: idOrRuleId.ruleId };
const response = await supertest
.get(DETECTION_ENGINE_RULES_URL)
.set('kbn-xsrf', 'true')
.query(query)
.expect(200);
// TODO: https://github.com/elastic/kibana/pull/121644 clean up, make type-safe
const rule = response.body;
const ruleStatus = rule?.execution_summary?.last_execution.status;
const ruleStatusDate = rule?.execution_summary?.last_execution.date;
return (
rule != null &&
ruleStatus === expectedStatus &&
(afterDate ? new Date(ruleStatusDate) > afterDate : true)
);
},
'waitForRuleStatus',
log
);
};
export const waitForRuleSuccess = (params: WaitForRuleStatusParams): Promise<void> =>
waitForRuleStatus(RuleExecutionStatus.succeeded, params);
export const waitForRulePartialFailure = (params: WaitForRuleStatusParams): Promise<void> =>
waitForRuleStatus(RuleExecutionStatus['partial failure'], params);

69
x-pack/test/detection_engine_api_integration/utils/wait_for_rule_success_or_status.ts
View file

@ -1,69 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { ToolingLog } from '@kbn/tooling-log';
import type SuperTest from 'supertest';
import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
import { RuleExecutionStatus } from '@kbn/security-solution-plugin/common/detection_engine/rule_monitoring';
import { waitFor } from './wait_for';
/**
* Waits for the rule in find status to be 'succeeded'
* or the provided status, before continuing
* @param supertest Deps
*/
export const waitForRuleSuccessOrStatus = async (
supertest: SuperTest.SuperTest<SuperTest.Test>,
log: ToolingLog,
id: string,
status: RuleExecutionStatus = RuleExecutionStatus.succeeded,
afterDate?: Date
): Promise<void> => {
await waitFor(
async () => {
try {
const response = await supertest
.get(DETECTION_ENGINE_RULES_URL)
.set('kbn-xsrf', 'true')
.query({ id });
if (response.status !== 200) {
log.debug(
`Did not get an expected 200 "ok" when waiting for a rule success or status (waitForRuleSuccessOrStatus). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify(
response.body
)}, status: ${JSON.stringify(response.status)}`
);
}
// TODO: https://github.com/elastic/kibana/pull/121644 clean up, make type-safe
const rule = response.body;
const ruleStatus = rule?.execution_summary?.last_execution.status;
const ruleStatusDate = rule?.execution_summary?.last_execution.date;
if (ruleStatus !== status) {
log.debug(
`Did not get an expected status of ${status} while waiting for a rule success or status for rule id ${id} (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: ${JSON.stringify(
response.body
)}, status: ${JSON.stringify(ruleStatus)}`
);
}
return (
rule != null &&
ruleStatus === status &&
(afterDate ? new Date(ruleStatusDate) > afterDate : true)
);
} catch (e) {
if ((e as Error).message.includes('got 503 "Service Unavailable"')) {
return false;
}
throw e;
}
},
'waitForRuleSuccessOrStatus',
log
);
};

4
x-pack/test/rule_registry/security_and_spaces/tests/basic/search_strategy.ts
View file

@ -17,7 +17,7 @@ import {
getRuleForSignalTesting,
createRule,
waitForSignalsToBePresent,
waitForRuleSuccessOrStatus,
waitForRuleSuccess,
} from '../../../../detection_engine_api_integration/utils';
import {
obsOnlySpacesAllEsRead,
@ -122,7 +122,7 @@ export default ({ getService }: FtrProviderContext) => {
query: `_id:${ID}`,
};
const { id: createdId } = await createRule(supertest, log, rule);
await waitForRuleSuccessOrStatus(supertest, log, createdId);
await waitForRuleSuccess({ supertest, log, id: createdId });
await waitForSignalsToBePresent(supertest, log, 1, [createdId]);
});