github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution][Entity Analytics] Green execution of Cypress tests on MKI (#179249)

Browse source 
## Summary

In this PR we are introducing several changes to make sure we have a
green execution of Cypress tests on MKI environments.

- Split `entity_analytics.cy.ts` between different spec files
- Skipped managed data section test on MKI
- Refactor of `installRiskScoreModule` method 


#### Split `entity_analytics.cy.ts` between different spec files

The original spec file has a big execution time, what makes from time to
time in MKI environment to perform a log off.

To try to avoid that, we have splited the spec file in 3 new ones inside
the `entity_analytics` folder.

* anomalies.cy.ts
* legacy_risk_score.cy.ts
* new_risk_score.cy.ts


#### Skipped managed data section test on MKI

It has been skipped just on MKI (the test will be executed in PRs for
both serverless and ESS) since I don't know how to fix it. A
[ticket](https://github.com/elastic/kibana/issues/179248) has been
created to track it. It is now responsability of the team to investigate
what is happening (I can give support with that).


#### Refactor of `installRiskScoreModule` method 

That method is returning a `401` on MKI, to fix it, we refactored to use
`rootRequest` instead since it uses the basic API authentication by
default.
This commit is contained in:
Gloria Hornero 2024-03-25 15:25:58 +01:00 committed by GitHub
parent 7ea0ddc038
commit 65bd8b00ae
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 660 additions and 584 deletions
Download patch file Download diff file Expand all files Collapse all files

577
x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics.cy.ts
View file

@ -1,577 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import moment from 'moment';
import { login } from '../../../tasks/login';
import { visitWithTimeRange } from '../../../tasks/navigation';
import { ALERTS_URL, ENTITY_ANALYTICS_URL } from '../../../urls/navigation';
import { deleteAlertsAndRules } from '../../../tasks/api_calls/common';
import {
ANOMALIES_TABLE,
ANOMALIES_TABLE_ROWS,
ENABLE_HOST_RISK_SCORE_BUTTON,
ENABLE_USER_RISK_SCORE_BUTTON,
HOSTS_DONUT_CHART,
HOSTS_TABLE_ROWS,
HOST_RISK_SCORE_NO_DATA_DETECTED,
USERS_DONUT_CHART,
USERS_TABLE,
USERS_TABLE_ROWS,
USER_RISK_SCORE_NO_DATA_DETECTED,
USERS_TABLE_ALERT_CELL,
HOSTS_TABLE_ALERT_CELL,
HOSTS_TABLE,
ANOMALIES_TABLE_ENABLE_JOB_LOADER,
ANOMALIES_TABLE_COUNT_COLUMN,
} from '../../../screens/entity_analytics';
import {
openRiskTableFilterAndSelectTheLowOption,
removeLowFilterAndCloseRiskTableFilter,
openRiskTableFilterAndSelectTheCriticalOption,
removeCriticalFilterAndCloseRiskTableFilter,
} from '../../../tasks/host_risk';
import {
removeLowFilterAndCloseUserRiskTableFilter,
openUserRiskTableFilterAndSelectTheLowOption,
} from '../../../tasks/user_risk';
import { createRule } from '../../../tasks/api_calls/rules';
import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule';
import { getNewRule } from '../../../objects/rule';
import { clickOnFirstHostsAlerts, clickOnFirstUsersAlerts } from '../../../tasks/risk_scores';
import { OPTION_LIST_LABELS, OPTION_LIST_VALUES } from '../../../screens/common/filter_group';
import { setRowsPerPageTo } from '../../../tasks/table_pagination';
import { kqlSearch } from '../../../tasks/security_header';
import { setEndDate, setStartDate, updateDates } from '../../../tasks/date_picker';
import {
enableJob,
mockRiskEngineEnabled,
navigateToNextPage,
waitForAnomaliesToBeLoaded,
} from '../../../tasks/entity_analytics';
const TEST_USER_ALERTS = 1;
const TEST_USER_NAME = 'test';
const SIEM_KIBANA_HOST_ALERTS = 1;
const SIEM_KIBANA_HOST_NAME = 'siem-kibana';
const DATE_FORMAT = 'MMM D, YYYY @ HH:mm:ss.SSS';
const DATE_BEFORE_ALERT_CREATION = moment().format(DATE_FORMAT);
const OLDEST_DATE = moment('2019-01-19T16:22:56.217Z').format(DATE_FORMAT);
describe('Entity Analytics Dashboard', { tags: ['@ess', '@serverless'] }, () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' });
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'auditbeat_multiple' });
});
describe('legacy risk score', () => {
describe('Without data', () => {
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
it('shows enable host risk button', () => {
cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible');
});
it('shows enable user risk button', () => {
cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible');
});
});
describe('Risk Score enabled but still no data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_hosts_no_data' });
cy.task('esArchiverLoad', { archiveName: 'risk_users_no_data' });
});
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_hosts_no_data' });
cy.task('esArchiverUnload', { archiveName: 'risk_users_no_data' });
});
it('shows no data detected prompt for host risk score module', () => {
cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
});
it('shows no data detected prompt for user risk score module', () => {
cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
});
});
describe('With Legacy data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_hosts_legacy_data' });
cy.task('esArchiverLoad', { archiveName: 'risk_users_legacy_data' });
});
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_hosts_legacy_data' });
cy.task('esArchiverUnload', { archiveName: 'risk_users_legacy_data' });
});
it('shows enable host risk button', () => {
cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible');
});
it('shows enable user risk button', () => {
cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible');
});
});
describe('With host risk data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_hosts' });
});
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_hosts' });
});
it('renders donut chart', () => {
cy.get(HOSTS_DONUT_CHART).should('include.text', '6Total');
});
it('renders table', () => {
cy.get(HOSTS_TABLE).should('be.visible');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 5);
});
it('renders alerts column', () => {
cy.get(HOSTS_TABLE_ALERT_CELL).should('have.length', 5);
});
it('filters by risk level', () => {
cy.get(HOSTS_TABLE).should('be.visible');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 5);
openRiskTableFilterAndSelectTheLowOption();
cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 1);
removeLowFilterAndCloseRiskTableFilter();
});
it('filters the host risk table with KQL search bar query', () => {
kqlSearch(`host.name : ${SIEM_KIBANA_HOST_NAME}{enter}`);
cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 1);
});
// FLAKY: https://github.com/elastic/kibana/issues/178914
describe.skip('With alerts data', () => {
before(() => {
createRule(getNewRule());
});
beforeEach(() => {
login();
visitWithTimeRange(ALERTS_URL);
waitForAlertsToPopulate();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
deleteAlertsAndRules();
});
it('populates alerts column', () => {
cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', SIEM_KIBANA_HOST_ALERTS);
});
it('filters the alerts count with time range', () => {
setEndDate(DATE_BEFORE_ALERT_CREATION);
updateDates();
cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0);
});
it('opens alerts page when alerts count is clicked', () => {
clickOnFirstHostsAlerts();
cy.url().should('include', ALERTS_URL);
cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status');
cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open');
cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'Host');
cy.get(OPTION_LIST_VALUES(1)).should('include.text', SIEM_KIBANA_HOST_NAME);
});
});
});
describe('With user risk data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_users' });
});
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_users' });
});
it('renders donut chart', () => {
cy.get(USERS_DONUT_CHART).should('include.text', '7Total');
});
it('renders table', () => {
cy.get(USERS_TABLE).should('be.visible');
cy.get(USERS_TABLE_ROWS).should('have.length', 5);
});
it('renders alerts column', () => {
cy.get(USERS_TABLE_ALERT_CELL).should('have.length', 5);
});
it('filters by risk level', () => {
cy.get(USERS_TABLE).should('be.visible');
cy.get(USERS_TABLE_ROWS).should('have.length', 5);
openRiskTableFilterAndSelectTheLowOption();
cy.get(USERS_DONUT_CHART).should('include.text', '2Total');
cy.get(USERS_TABLE_ROWS).should('have.length', 2);
removeLowFilterAndCloseRiskTableFilter();
});
it('filters the host risk table with KQL search bar query', () => {
kqlSearch(`user.name : ${TEST_USER_NAME}{enter}`);
cy.get(USERS_DONUT_CHART).should('include.text', '1Total');
cy.get(USERS_TABLE_ROWS).should('have.length', 1);
});
// FLAKY: https://github.com/elastic/kibana/issues/178865
describe.skip('With alerts data', () => {
before(() => {
createRule(getNewRule());
});
beforeEach(() => {
login();
visitWithTimeRange(ALERTS_URL);
waitForAlertsToPopulate();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
deleteAlertsAndRules();
});
it('populates alerts column', () => {
cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', TEST_USER_ALERTS);
});
it('filters the alerts count with time range', () => {
setEndDate(DATE_BEFORE_ALERT_CREATION);
updateDates();
cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0);
});
it('opens alerts page when alerts count is clicked', () => {
clickOnFirstUsersAlerts();
cy.url().should('include', ALERTS_URL);
cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status');
cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open');
cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'User');
cy.get(OPTION_LIST_VALUES(1)).should('include.text', TEST_USER_NAME);
});
});
});
});
describe('new risk score', () => {
describe('Without data', () => {
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
it('shows enable host and user risk button', () => {
cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible');
cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible');
});
});
describe('When risk engine is enabled', () => {
beforeEach(() => {
login();
mockRiskEngineEnabled();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
describe('Without data (before the risk engine runs for the first time)', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_scores_new_no_data' });
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_scores_new_no_data' });
});
it('shows no data detected prompt for host and user risk scores', () => {
cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
});
});
describe('With host risk data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_scores_new' });
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_scores_new' });
});
it('renders donut chart', () => {
cy.get(HOSTS_DONUT_CHART).should('include.text', '6Total');
});
it('renders table', () => {
cy.get(HOSTS_TABLE).should('be.visible');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 5);
});
it('renders alerts column', () => {
cy.get(HOSTS_TABLE_ALERT_CELL).should('have.length', 5);
});
it('filters by risk level', () => {
cy.get(HOSTS_TABLE).should('be.visible');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 5);
cy.get(HOSTS_DONUT_CHART).should('include.text', '6Total');
openRiskTableFilterAndSelectTheCriticalOption();
cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 1);
removeCriticalFilterAndCloseRiskTableFilter();
});
it('filters the host risk table with KQL search bar query', () => {
kqlSearch(`host.name : ${SIEM_KIBANA_HOST_NAME}{enter}`);
cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 1);
});
// FLAKY: https://github.com/elastic/kibana/issues/178838
describe.skip('With alerts data', () => {
before(() => {
createRule(getNewRule());
});
beforeEach(() => {
login();
visitWithTimeRange(ALERTS_URL);
waitForAlertsToPopulate();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
deleteAlertsAndRules();
});
it('populates alerts column', () => {
cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', SIEM_KIBANA_HOST_ALERTS);
});
it('filters the alerts count with time range', () => {
setEndDate(DATE_BEFORE_ALERT_CREATION);
updateDates();
cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0);
});
it('filters risk scores with time range', () => {
const now = moment().format(DATE_FORMAT);
setStartDate(now);
updateDates();
cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
// CLEAR DATES
setStartDate(OLDEST_DATE);
updateDates();
});
it('opens alerts page when alerts count is clicked', () => {
clickOnFirstHostsAlerts();
cy.url().should('include', ALERTS_URL);
cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status');
cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open');
cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'Host');
cy.get(OPTION_LIST_VALUES(1)).should('include.text', SIEM_KIBANA_HOST_NAME);
});
});
});
describe('With user risk data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_scores_new' });
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_scores_new' });
});
it('renders donut chart', () => {
cy.get(USERS_DONUT_CHART).should('include.text', '7Total');
});
it('renders table', () => {
cy.get(USERS_TABLE).should('be.visible');
cy.get(USERS_TABLE_ROWS).should('have.length', 5);
});
it('renders alerts column', () => {
cy.get(USERS_TABLE_ALERT_CELL).should('have.length', 5);
});
it('filters by risk level', () => {
cy.get(USERS_DONUT_CHART).should('include.text', '7Total');
cy.get(USERS_TABLE).should('be.visible');
cy.get(USERS_TABLE_ROWS).should('have.length', 5);
openUserRiskTableFilterAndSelectTheLowOption(1);
cy.get(USERS_DONUT_CHART).should('include.text', '1Total');
cy.get(USERS_TABLE_ROWS).should('have.length', 1);
removeLowFilterAndCloseUserRiskTableFilter();
});
it('filters the host risk table with KQL search bar query', () => {
kqlSearch(`user.name : ${TEST_USER_NAME}{enter}`);
cy.get(USERS_DONUT_CHART).should('include.text', '1Total');
cy.get(USERS_TABLE_ROWS).should('have.length', 1);
});
describe('With alerts data', () => {
before(() => {
createRule(getNewRule());
});
beforeEach(() => {
login();
visitWithTimeRange(ALERTS_URL);
waitForAlertsToPopulate();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
deleteAlertsAndRules();
});
it('populates alerts column', () => {
cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', TEST_USER_ALERTS);
});
it('filters the alerts count with time range', () => {
setEndDate(DATE_BEFORE_ALERT_CREATION);
updateDates();
cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0);
});
it('filters risk scores with time range', () => {
const now = moment().format(DATE_FORMAT);
setStartDate(now);
updateDates();
cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
// CLEAR DATES
setStartDate(OLDEST_DATE);
updateDates();
});
it('opens alerts page when alerts count is clicked', () => {
clickOnFirstUsersAlerts();
cy.url().should('include', ALERTS_URL);
cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status');
cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open');
cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'User');
cy.get(OPTION_LIST_VALUES(1)).should('include.text', TEST_USER_NAME);
});
});
});
});
});
describe('With anomalies data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'network' });
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
cy.get(ANOMALIES_TABLE).should('be.visible');
waitForAnomaliesToBeLoaded();
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'network' });
});
it('should enable a job and renders the table with pagination', () => {
// Enables the job and perform checks
cy.get(ANOMALIES_TABLE_ROWS, { timeout: 120000 })
.eq(5)
.within(() => {
enableJob();
cy.get(ANOMALIES_TABLE_ENABLE_JOB_LOADER).should('be.visible');
cy.get(ANOMALIES_TABLE_COUNT_COLUMN).should('include.text', '0');
});
// Checks pagination
cy.get(ANOMALIES_TABLE_ROWS, { timeout: 120000 }).should('have.length', 10);
// navigates to next page
navigateToNextPage();
cy.get(ANOMALIES_TABLE_ROWS).should('have.length', 10);
// updates rows per page to 25 items
setRowsPerPageTo(25);
cy.get(ANOMALIES_TABLE_ROWS).should('have.length', 25);
});
});
});

70
x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/anomalies.cy.ts Normal file
View file

@ -0,0 +1,70 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { login } from '../../../../tasks/login';
import { visitWithTimeRange } from '../../../../tasks/navigation';
import { ENTITY_ANALYTICS_URL } from '../../../../urls/navigation';
import {
ANOMALIES_TABLE,
ANOMALIES_TABLE_ROWS,
ANOMALIES_TABLE_ENABLE_JOB_LOADER,
ANOMALIES_TABLE_COUNT_COLUMN,
} from '../../../../screens/entity_analytics';
import { setRowsPerPageTo } from '../../../../tasks/table_pagination';
import {
enableJob,
navigateToNextPage,
waitForAnomaliesToBeLoaded,
} from '../../../../tasks/entity_analytics';
describe('Entity Analytics Dashboard', { tags: ['@ess', '@serverless'] }, () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' });
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'auditbeat_multiple' });
});
describe('With anomalies data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'network' });
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
cy.get(ANOMALIES_TABLE).should('be.visible');
waitForAnomaliesToBeLoaded();
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'network' });
});
it('should enable a job and renders the table with pagination', () => {
// Enables the job and perform checks
cy.get(ANOMALIES_TABLE_ROWS, { timeout: 120000 })
.eq(5)
.within(() => {
enableJob();
cy.get(ANOMALIES_TABLE_ENABLE_JOB_LOADER).should('be.visible');
cy.get(ANOMALIES_TABLE_COUNT_COLUMN).should('include.text', '0');
});
// Checks pagination
cy.get(ANOMALIES_TABLE_ROWS, { timeout: 120000 }).should('have.length', 10);
// navigates to next page
navigateToNextPage();
cy.get(ANOMALIES_TABLE_ROWS).should('have.length', 10);
// updates rows per page to 25 items
setRowsPerPageTo(25);
cy.get(ANOMALIES_TABLE_ROWS).should('have.length', 25);
});
});
});

296
x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/legacy_risk_score.cy.ts Normal file
View file

@ -0,0 +1,296 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import moment from 'moment';
import { login } from '../../../../tasks/login';
import { visitWithTimeRange } from '../../../../tasks/navigation';
import { ALERTS_URL, ENTITY_ANALYTICS_URL } from '../../../../urls/navigation';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import {
ENABLE_HOST_RISK_SCORE_BUTTON,
ENABLE_USER_RISK_SCORE_BUTTON,
HOSTS_DONUT_CHART,
HOSTS_TABLE_ROWS,
HOST_RISK_SCORE_NO_DATA_DETECTED,
USERS_DONUT_CHART,
USERS_TABLE,
USERS_TABLE_ROWS,
USER_RISK_SCORE_NO_DATA_DETECTED,
USERS_TABLE_ALERT_CELL,
HOSTS_TABLE_ALERT_CELL,
HOSTS_TABLE,
} from '../../../../screens/entity_analytics';
import {
openRiskTableFilterAndSelectTheLowOption,
removeLowFilterAndCloseRiskTableFilter,
} from '../../../../tasks/host_risk';
import { createRule } from '../../../../tasks/api_calls/rules';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { getNewRule } from '../../../../objects/rule';
import { clickOnFirstHostsAlerts, clickOnFirstUsersAlerts } from '../../../../tasks/risk_scores';
import { OPTION_LIST_LABELS, OPTION_LIST_VALUES } from '../../../../screens/common/filter_group';
import { kqlSearch } from '../../../../tasks/security_header';
import { setEndDate, updateDates } from '../../../../tasks/date_picker';
const TEST_USER_ALERTS = 1;
const TEST_USER_NAME = 'test';
const SIEM_KIBANA_HOST_ALERTS = 1;
const SIEM_KIBANA_HOST_NAME = 'siem-kibana';
const DATE_FORMAT = 'MMM D, YYYY @ HH:mm:ss.SSS';
const DATE_BEFORE_ALERT_CREATION = moment().format(DATE_FORMAT);
describe('Entity Analytics Dashboard', { tags: ['@ess', '@serverless'] }, () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' });
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'auditbeat_multiple' });
});
describe('legacy risk score', () => {
describe('Without data', () => {
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
it('shows enable host risk button', () => {
cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible');
});
it('shows enable user risk button', () => {
cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible');
});
});
describe('Risk Score enabled but still no data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_hosts_no_data' });
cy.task('esArchiverLoad', { archiveName: 'risk_users_no_data' });
});
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_hosts_no_data' });
cy.task('esArchiverUnload', { archiveName: 'risk_users_no_data' });
});
it('shows no data detected prompt for host risk score module', () => {
cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
});
it('shows no data detected prompt for user risk score module', () => {
cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
});
});
describe('With Legacy data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_hosts_legacy_data' });
cy.task('esArchiverLoad', { archiveName: 'risk_users_legacy_data' });
});
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_hosts_legacy_data' });
cy.task('esArchiverUnload', { archiveName: 'risk_users_legacy_data' });
});
it('shows enable host risk button', () => {
cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible');
});
it('shows enable user risk button', () => {
cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible');
});
});
describe('With host risk data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_hosts' });
});
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_hosts' });
});
it('renders donut chart', () => {
cy.get(HOSTS_DONUT_CHART).should('include.text', '6Total');
});
it('renders table', () => {
cy.get(HOSTS_TABLE).should('be.visible');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 5);
});
it('renders alerts column', () => {
cy.get(HOSTS_TABLE_ALERT_CELL).should('have.length', 5);
});
it('filters by risk level', () => {
cy.get(HOSTS_TABLE).should('be.visible');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 5);
openRiskTableFilterAndSelectTheLowOption();
cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 1);
removeLowFilterAndCloseRiskTableFilter();
});
it('filters the host risk table with KQL search bar query', () => {
kqlSearch(`host.name : ${SIEM_KIBANA_HOST_NAME}{enter}`);
cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 1);
});
// FLAKY: https://github.com/elastic/kibana/issues/178914
describe.skip('With alerts data', () => {
before(() => {
createRule(getNewRule());
});
beforeEach(() => {
login();
visitWithTimeRange(ALERTS_URL);
waitForAlertsToPopulate();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
deleteAlertsAndRules();
});
it('populates alerts column', () => {
cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', SIEM_KIBANA_HOST_ALERTS);
});
it('filters the alerts count with time range', () => {
setEndDate(DATE_BEFORE_ALERT_CREATION);
updateDates();
cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0);
});
it('opens alerts page when alerts count is clicked', () => {
clickOnFirstHostsAlerts();
cy.url().should('include', ALERTS_URL);
cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status');
cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open');
cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'Host');
cy.get(OPTION_LIST_VALUES(1)).should('include.text', SIEM_KIBANA_HOST_NAME);
});
});
});
describe('With user risk data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_users' });
});
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_users' });
});
it('renders donut chart', () => {
cy.get(USERS_DONUT_CHART).should('include.text', '7Total');
});
it('renders table', () => {
cy.get(USERS_TABLE).should('be.visible');
cy.get(USERS_TABLE_ROWS).should('have.length', 5);
});
it('renders alerts column', () => {
cy.get(USERS_TABLE_ALERT_CELL).should('have.length', 5);
});
it('filters by risk level', () => {
cy.get(USERS_TABLE).should('be.visible');
cy.get(USERS_TABLE_ROWS).should('have.length', 5);
openRiskTableFilterAndSelectTheLowOption();
cy.get(USERS_DONUT_CHART).should('include.text', '2Total');
cy.get(USERS_TABLE_ROWS).should('have.length', 2);
removeLowFilterAndCloseRiskTableFilter();
});
it('filters the host risk table with KQL search bar query', () => {
kqlSearch(`user.name : ${TEST_USER_NAME}{enter}`);
cy.get(USERS_DONUT_CHART).should('include.text', '1Total');
cy.get(USERS_TABLE_ROWS).should('have.length', 1);
});
describe('With alerts data', () => {
before(() => {
createRule(getNewRule());
});
beforeEach(() => {
login();
visitWithTimeRange(ALERTS_URL);
waitForAlertsToPopulate();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
deleteAlertsAndRules();
});
it('populates alerts column', () => {
cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', TEST_USER_ALERTS);
});
it('filters the alerts count with time range', () => {
setEndDate(DATE_BEFORE_ALERT_CREATION);
updateDates();
cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0);
});
it('opens alerts page when alerts count is clicked', () => {
clickOnFirstUsersAlerts();
cy.url().should('include', ALERTS_URL);
cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status');
cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open');
cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'User');
cy.get(OPTION_LIST_VALUES(1)).should('include.text', TEST_USER_NAME);
});
});
});
});
});

289
x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/entity_analytics/new_risk_score.cy.ts Normal file
View file

@ -0,0 +1,289 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import moment from 'moment';
import { login } from '../../../../tasks/login';
import { visitWithTimeRange } from '../../../../tasks/navigation';
import { ALERTS_URL, ENTITY_ANALYTICS_URL } from '../../../../urls/navigation';
import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common';
import {
ENABLE_HOST_RISK_SCORE_BUTTON,
ENABLE_USER_RISK_SCORE_BUTTON,
HOSTS_DONUT_CHART,
HOSTS_TABLE_ROWS,
HOST_RISK_SCORE_NO_DATA_DETECTED,
USERS_DONUT_CHART,
USERS_TABLE,
USERS_TABLE_ROWS,
USER_RISK_SCORE_NO_DATA_DETECTED,
USERS_TABLE_ALERT_CELL,
HOSTS_TABLE_ALERT_CELL,
HOSTS_TABLE,
} from '../../../../screens/entity_analytics';
import {
openRiskTableFilterAndSelectTheCriticalOption,
removeCriticalFilterAndCloseRiskTableFilter,
} from '../../../../tasks/host_risk';
import {
removeLowFilterAndCloseUserRiskTableFilter,
openUserRiskTableFilterAndSelectTheLowOption,
} from '../../../../tasks/user_risk';
import { createRule } from '../../../../tasks/api_calls/rules';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { getNewRule } from '../../../../objects/rule';
import { clickOnFirstHostsAlerts, clickOnFirstUsersAlerts } from '../../../../tasks/risk_scores';
import { OPTION_LIST_LABELS, OPTION_LIST_VALUES } from '../../../../screens/common/filter_group';
import { kqlSearch } from '../../../../tasks/security_header';
import { setEndDate, setStartDate, updateDates } from '../../../../tasks/date_picker';
import { mockRiskEngineEnabled } from '../../../../tasks/entity_analytics';
const TEST_USER_ALERTS = 1;
const TEST_USER_NAME = 'test';
const SIEM_KIBANA_HOST_ALERTS = 1;
const SIEM_KIBANA_HOST_NAME = 'siem-kibana';
const DATE_FORMAT = 'MMM D, YYYY @ HH:mm:ss.SSS';
const DATE_BEFORE_ALERT_CREATION = moment().format(DATE_FORMAT);
const OLDEST_DATE = moment('2019-01-19T16:22:56.217Z').format(DATE_FORMAT);
describe('Entity Analytics Dashboard', { tags: ['@ess', '@serverless'] }, () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' });
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'auditbeat_multiple' });
});
describe('new risk score', () => {
describe('Without data', () => {
beforeEach(() => {
login();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
it('shows enable host and user risk button', () => {
cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible');
cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible');
});
});
describe('When risk engine is enabled', () => {
beforeEach(() => {
login();
mockRiskEngineEnabled();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
describe('Without data (before the risk engine runs for the first time)', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_scores_new_no_data' });
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_scores_new_no_data' });
});
it('shows no data detected prompt for host and user risk scores', () => {
cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
});
});
describe('With host risk data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_scores_new' });
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_scores_new' });
});
it('renders donut chart', () => {
cy.get(HOSTS_DONUT_CHART).should('include.text', '6Total');
});
it('renders table', () => {
cy.get(HOSTS_TABLE).should('be.visible');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 5);
});
it('renders alerts column', () => {
cy.get(HOSTS_TABLE_ALERT_CELL).should('have.length', 5);
});
it('filters by risk level', () => {
cy.get(HOSTS_TABLE).should('be.visible');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 5);
cy.get(HOSTS_DONUT_CHART).should('include.text', '6Total');
openRiskTableFilterAndSelectTheCriticalOption();
cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 1);
removeCriticalFilterAndCloseRiskTableFilter();
});
it('filters the host risk table with KQL search bar query', () => {
kqlSearch(`host.name : ${SIEM_KIBANA_HOST_NAME}{enter}`);
cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total');
cy.get(HOSTS_TABLE_ROWS).should('have.length', 1);
});
// FLAKY: https://github.com/elastic/kibana/issues/178838
describe.skip('With alerts data', () => {
before(() => {
createRule(getNewRule());
});
beforeEach(() => {
login();
visitWithTimeRange(ALERTS_URL);
waitForAlertsToPopulate();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
deleteAlertsAndRules();
});
it('populates alerts column', () => {
cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', SIEM_KIBANA_HOST_ALERTS);
});
it('filters the alerts count with time range', () => {
setEndDate(DATE_BEFORE_ALERT_CREATION);
updateDates();
cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0);
});
it('filters risk scores with time range', () => {
const now = moment().format(DATE_FORMAT);
setStartDate(now);
updateDates();
cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
// CLEAR DATES
setStartDate(OLDEST_DATE);
updateDates();
});
it('opens alerts page when alerts count is clicked', () => {
clickOnFirstHostsAlerts();
cy.url().should('include', ALERTS_URL);
cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status');
cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open');
cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'Host');
cy.get(OPTION_LIST_VALUES(1)).should('include.text', SIEM_KIBANA_HOST_NAME);
});
});
});
describe('With user risk data', () => {
before(() => {
cy.task('esArchiverLoad', { archiveName: 'risk_scores_new' });
});
after(() => {
cy.task('esArchiverUnload', { archiveName: 'risk_scores_new' });
});
it('renders donut chart', () => {
cy.get(USERS_DONUT_CHART).should('include.text', '7Total');
});
it('renders table', () => {
cy.get(USERS_TABLE).should('be.visible');
cy.get(USERS_TABLE_ROWS).should('have.length', 5);
});
it('renders alerts column', () => {
cy.get(USERS_TABLE_ALERT_CELL).should('have.length', 5);
});
it('filters by risk level', () => {
cy.get(USERS_DONUT_CHART).should('include.text', '7Total');
cy.get(USERS_TABLE).should('be.visible');
cy.get(USERS_TABLE_ROWS).should('have.length', 5);
openUserRiskTableFilterAndSelectTheLowOption(1);
cy.get(USERS_DONUT_CHART).should('include.text', '1Total');
cy.get(USERS_TABLE_ROWS).should('have.length', 1);
removeLowFilterAndCloseUserRiskTableFilter();
});
it('filters the host risk table with KQL search bar query', () => {
kqlSearch(`user.name : ${TEST_USER_NAME}{enter}`);
cy.get(USERS_DONUT_CHART).should('include.text', '1Total');
cy.get(USERS_TABLE_ROWS).should('have.length', 1);
});
describe('With alerts data', () => {
before(() => {
createRule(getNewRule());
});
beforeEach(() => {
login();
visitWithTimeRange(ALERTS_URL);
waitForAlertsToPopulate();
visitWithTimeRange(ENTITY_ANALYTICS_URL);
});
after(() => {
deleteAlertsAndRules();
});
it('populates alerts column', () => {
cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', TEST_USER_ALERTS);
});
it('filters the alerts count with time range', () => {
setEndDate(DATE_BEFORE_ALERT_CREATION);
updateDates();
cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0);
});
it('filters risk scores with time range', () => {
const now = moment().format(DATE_FORMAT);
setStartDate(now);
updateDates();
cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
// CLEAR DATES
setStartDate(OLDEST_DATE);
updateDates();
});
it('opens alerts page when alerts count is clicked', () => {
clickOnFirstUsersAlerts();
cy.url().should('include', ALERTS_URL);
cy.get(OPTION_LIST_LABELS).eq(0).should('include.text', 'Status');
cy.get(OPTION_LIST_VALUES(0)).should('include.text', 'open');
cy.get(OPTION_LIST_LABELS).eq(1).should('include.text', 'User');
cy.get(OPTION_LIST_VALUES(1)).should('include.text', TEST_USER_NAME);
});
});
});
});
});
});

3
x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/entity_flyout.cy.ts
View file

@ -131,7 +131,8 @@ describe(
});
});
describe('Managed data section', () => {
// https://github.com/elastic/kibana/issues/179248
describe('Managed data section', { tags: ['@brokenInServerlessQA'] }, () => {
beforeEach(() => {
mockFleetInstalledIntegrations([
{

9
x-pack/test/security_solution_cypress/cypress/tasks/api_calls/risk_scores/index.ts
View file

@ -50,6 +50,7 @@ import { createIndex, deleteRiskScoreIndicies } from './indices';
import { createIngestPipeline, deleteRiskScoreIngestPipelines } from './ingest_pipelines';
import { deleteSavedObjects } from './saved_objects';
import { createStoredScript, deleteStoredScripts } from './stored_scripts';
import { rootRequest } from '../common';
export const deleteRiskScore = ({
riskScoreEntity,
@ -293,18 +294,14 @@ export const waitForInstallRiskScoreModule = () => {
};
export const installRiskScoreModule = () => {
cy.request({
rootRequest({
url: RISK_SCORE_URL,
method: 'POST',
body: {
riskScoreEntity: 'host',
},
headers: {
'kbn-xsrf': 'cypress-creds',
'x-elastic-internal-origin': 'security-solution',
[ELASTIC_HTTP_VERSION_HEADER]: '1',
},
})
.its('status')
.should('eql', 200);
});
};