github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Add analytics features to security roles (#169783)

Browse source 
## Summary

issue: https://github.com/elastic/kibana/issues/168245

Adding missing "Analytics" features to all Security roles:

```
        - feature_discover.all
        - feature_dashboard.all
        - feature_canvas.all
        - feature_graph.all
        - feature_maps.all
        - feature_visualize.all
```

In order to verify the Discover link is present in the sidenav a new
cypress test for serverless has been added to:

`x-pack/test/security_solution_cypress/cypress/e2e/navigation/navigation.cy.ts`

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Sergi Massaneda 2023-11-02 17:05:08 +01:00 committed by GitHub
parent 161e129fa3
commit c50730a173
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 555 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

78
packages/kbn-es/src/serverless_resources/roles.yml
View file

@ -117,7 +117,7 @@ t1_analyst:
- metrics-endpoint.metadata_current_*
- ".fleet-agents*"
- ".fleet-actions*"
- "risk-score.risk-score-*"
- risk-score.risk-score-*
privileges:
- read
applications:
@ -132,6 +132,12 @@ t1_analyst:
- feature_builtInAlerts.read
- feature_osquery.read
- feature_osquery.run_saved_queries
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
t2_analyst:
@ -158,7 +164,7 @@ t2_analyst:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- "risk-score.risk-score-*"
- risk-score.risk-score-*
privileges:
- read
applications:
@ -173,6 +179,12 @@ t2_analyst:
- feature_builtInAlerts.read
- feature_osquery.read
- feature_osquery.run_saved_queries
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
t3_analyst:
@ -206,7 +218,7 @@ t3_analyst:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- "risk-score.risk-score-*"
- risk-score.risk-score-*
privileges:
- read
applications:
@ -230,6 +242,12 @@ t3_analyst:
- feature_actions.read
- feature_builtInAlerts.all
- feature_osquery.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
threat_intelligence_analyst:
@ -259,7 +277,7 @@ threat_intelligence_analyst:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- "risk-score.risk-score-*"
- risk-score.risk-score-*
privileges:
- read
applications:
@ -274,6 +292,12 @@ threat_intelligence_analyst:
- feature_actions.read
- feature_builtInAlerts.read
- feature_osquery.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
rule_author:
@ -311,7 +335,7 @@ rule_author:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- "risk-score.risk-score-*"
- risk-score.risk-score-*
privileges:
- read
applications:
@ -332,6 +356,12 @@ rule_author:
- feature_actions.read
- feature_builtInAlerts.all
- feature_osquery.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
soc_manager:
@ -393,7 +423,13 @@ soc_manager:
- feature_actions.all
- feature_builtInAlerts.all
- feature_osquery.all
- feature_indexPatterns.all # Detections Data Views
- feature_indexPatterns.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
detections_admin:
@ -439,6 +475,12 @@ detections_admin:
- feature_actions.all
- feature_builtInAlerts.all
- feature_dev_tools.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
platform_engineer:
@ -483,7 +525,13 @@ platform_engineer:
- feature_fleet.all
- feature_fleetv2.all
- feature_osquery.all
- feature_indexPatterns.all # Detections Data Views
- feature_indexPatterns.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
endpoint_operations_analyst:
@ -493,7 +541,6 @@ endpoint_operations_analyst:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
privileges:
- read
- names:
@ -507,6 +554,7 @@ endpoint_operations_analyst:
- winlogbeat-*
- .lists*
- .items*
- risk-score.risk-score-*
privileges:
- read
- names:
@ -540,6 +588,12 @@ endpoint_operations_analyst:
- feature_osquery.all
- feature_fleet.all
- feature_fleetv2.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
endpoint_policy_manager:
@ -549,7 +603,6 @@ endpoint_policy_manager:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
privileges:
- read
- names:
@ -563,6 +616,7 @@ endpoint_policy_manager:
- winlogbeat-*
- .lists*
- .items*
- risk-score.risk-score-*
privileges:
- read
- names:
@ -593,4 +647,10 @@ endpoint_policy_manager:
- feature_osquery.all
- feature_fleet.all
- feature_fleetv2.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"

7
x-pack/plugins/osquery/cypress/tasks/live_query.ts
View file

@ -7,7 +7,6 @@
import { LIVE_QUERY_EDITOR, OSQUERY_FLYOUT_BODY_EDITOR } from '../screens/live_query';
import { ServerlessRoleName } from '../support/roles';
import { isServerless } from './serverless';
import { waitForAlertsToPopulate } from '../../../../test/security_solution_cypress/cypress/tasks/create_new_rule';
export const DEFAULT_QUERY = 'select * from processes;';
@ -146,10 +145,8 @@ export const checkActionItemsInResults = ({
cases: boolean;
timeline: boolean;
}) => {
cy.contains('View in Discover').should(
isServerless ? 'not.exist' : discover ? 'exist' : 'not.exist'
);
cy.contains('View in Lens').should(isServerless ? 'not.exist' : lens ? 'exist' : 'not.exist');
cy.contains('View in Discover').should(discover ? 'exist' : 'not.exist');
cy.contains('View in Lens').should(lens ? 'exist' : 'not.exist');
cy.contains('Add to Case').should(cases ? 'exist' : 'not.exist');
cy.contains('Add to timeline investigation').should(timeline ? 'exist' : 'not.exist');
};

267
x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml
View file

@ -11,7 +11,6 @@ system_indices_superuser:
resources: ['*']
run_as: ['*']
#--------------------------------------------------------------------------------------------------
#
# FILE SOURCE AT:
@ -26,84 +25,129 @@ viewer:
cluster: []
indices:
- names:
- "/~(([.]|ilm-history-).*)/"
- '.siem-signals*'
- '.lists-*'
- '.items-*'
privileges:
- "read"
- "view_index_metadata"
- 'read'
- 'view_index_metadata'
allow_restricted_indices: false
- names:
- ".siem-signals*"
- ".lists-*"
- ".items-*"
- '.alerts*'
- '.preview.alerts*'
privileges:
- "read"
- "view_index_metadata"
- 'read'
- 'view_index_metadata'
allow_restricted_indices: false
- names:
- ".alerts*"
- ".preview.alerts*"
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
- metrics-endpoint.metadata_current_*
- '.fleet-agents*'
- '.fleet-actions*'
- 'risk-score.risk-score-*'
privileges:
- "read"
- "view_index_metadata"
allow_restricted_indices: false
- read
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- "read"
resources:
- "*"
- feature_ml.read
- feature_siem.read
- feature_siem.read_alerts
- feature_siem.endpoint_list_read
- feature_securitySolutionCases.read
- feature_actions.read
- feature_builtInAlerts.read
- feature_osquery.read
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
run_as: []
# modeled after t3_analyst
editor:
cluster: []
indices:
- names:
- "/~(([.]|ilm-history-).*)/"
- '.siem-signals*'
- '.lists-*'
- '.items-*'
privileges:
- "read"
- "view_index_metadata"
- 'read'
- 'view_index_metadata'
- 'write'
- 'maintenance'
allow_restricted_indices: false
- names:
- "observability-annotations"
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
privileges:
- "read"
- "view_index_metadata"
- "write"
allow_restricted_indices: false
- read
- write
- names:
- ".siem-signals*"
- ".lists-*"
- ".items-*"
- '.internal.alerts*'
- '.alerts*'
- '.internal.preview.alerts*'
- '.preview.alerts*'
- 'risk-score.risk-score-*'
privileges:
- "read"
- "view_index_metadata"
- "write"
- "maintenance"
allow_restricted_indices: false
- names:
- ".internal.alerts*"
- ".alerts*"
- ".internal.preview.alerts*"
- ".preview.alerts*"
privileges:
- "read"
- "view_index_metadata"
- "write"
- "maintenance"
- 'read'
- 'view_index_metadata'
- 'write'
- 'maintenance'
allow_restricted_indices: false
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- "all"
resources:
- "*"
- feature_ml.read
- feature_siem.all
- feature_siem.read_alerts
- feature_siem.crud_alerts
- feature_siem.endpoint_list_all
- feature_siem.trusted_applications_all
- feature_siem.event_filters_all
- feature_siem.host_isolation_exceptions_all
- feature_siem.blocklist_all
- feature_siem.policy_management_read # Elastic Defend Policy Management
- feature_siem.host_isolation_all
- feature_siem.process_operations_all
- feature_siem.actions_log_management_all # Response actions history
- feature_siem.file_operations_all
- feature_securitySolutionCases.all
- feature_actions.read
- feature_builtInAlerts.all
- feature_osquery.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
run_as: []
t1_analyst:
cluster:
indices:
- names:
- ".alerts-security*"
- ".siem-signals-*"
- '.alerts-security*'
- '.siem-signals-*'
privileges:
- read
- write
@ -118,12 +162,13 @@ t1_analyst:
- packetbeat-*
- winlogbeat-*
- metrics-endpoint.metadata_current_*
- ".fleet-agents*"
- ".fleet-actions*"
- '.fleet-agents*'
- '.fleet-actions*'
- risk-score.risk-score-*
privileges:
- read
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siem.read
@ -134,7 +179,13 @@ t1_analyst:
- feature_builtInAlerts.read
- feature_osquery.read
- feature_osquery.run_saved_queries
resources: "*"
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
t2_analyst:
cluster:
@ -160,10 +211,11 @@ t2_analyst:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
privileges:
- read
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siem.read
@ -174,7 +226,13 @@ t2_analyst:
- feature_builtInAlerts.read
- feature_osquery.read
- feature_osquery.run_saved_queries
resources: "*"
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
t3_analyst:
cluster:
@ -207,10 +265,11 @@ t3_analyst:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
privileges:
- read
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siem.all
@ -230,7 +289,13 @@ t3_analyst:
- feature_actions.read
- feature_builtInAlerts.all
- feature_osquery.all
resources: "*"
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
threat_intelligence_analyst:
cluster:
@ -259,10 +324,11 @@ threat_intelligence_analyst:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
privileges:
- read
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siem.read
@ -273,7 +339,13 @@ threat_intelligence_analyst:
- feature_actions.read
- feature_builtInAlerts.read
- feature_osquery.all
resources: "*"
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
rule_author:
cluster:
@ -310,10 +382,11 @@ rule_author:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
privileges:
- read
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siem.all
@ -330,7 +403,13 @@ rule_author:
- feature_actions.read
- feature_builtInAlerts.all
- feature_osquery.all
resources: "*"
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
soc_manager:
cluster:
@ -366,10 +445,11 @@ soc_manager:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
privileges:
- read
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siem.all
@ -390,11 +470,17 @@ soc_manager:
- feature_actions.all
- feature_builtInAlerts.all
- feature_osquery.all
- feature_indexPatterns.all # Detections Data Views
resources: "*"
- feature_indexPatterns.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
detections_admin:
cluster:
cluster: ['manage_index_templates', 'manage_transform']
indices:
- names:
- apm-*-transaction*
@ -421,8 +507,12 @@ detections_admin:
- .fleet-actions*
privileges:
- read
- names:
- risk-score.risk-score-*
privileges:
- all
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- feature_ml.all
- feature_siem.all
@ -432,7 +522,13 @@ detections_admin:
- feature_actions.all
- feature_builtInAlerts.all
- feature_dev_tools.all
resources: "*"
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
platform_engineer:
cluster:
@ -453,10 +549,11 @@ platform_engineer:
- .siem-signals-*
- .preview.alerts-security*
- .internal.preview.alerts-security*
- risk-score.risk-score-*
privileges:
- all
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- feature_ml.all
- feature_siem.all
@ -475,8 +572,14 @@ platform_engineer:
- feature_fleet.all
- feature_fleetv2.all
- feature_osquery.all
- feature_indexPatterns.all # Detections Data Views
resources: "*"
- feature_indexPatterns.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
endpoint_operations_analyst:
cluster:
@ -498,6 +601,7 @@ endpoint_operations_analyst:
- winlogbeat-*
- .lists*
- .items*
- risk-score.risk-score-*
privileges:
- read
- names:
@ -509,7 +613,7 @@ endpoint_operations_analyst:
- read
- write
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siem.all
@ -531,7 +635,13 @@ endpoint_operations_analyst:
- feature_osquery.all
- feature_fleet.all
- feature_fleetv2.all
resources: "*"
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'
endpoint_policy_manager:
cluster:
@ -553,6 +663,7 @@ endpoint_policy_manager:
- winlogbeat-*
- .lists*
- .items*
- risk-score.risk-score-*
privileges:
- read
- names:
@ -565,7 +676,7 @@ endpoint_policy_manager:
- write
- manage
applications:
- application: "kibana-.kibana"
- application: 'kibana-.kibana'
privileges:
- feature_ml.all
- feature_siem.all
@ -583,4 +694,10 @@ endpoint_policy_manager:
- feature_osquery.all
- feature_fleet.all
- feature_fleetv2.all
resources: "*"
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: '*'

153
x-pack/test/security_solution_cypress/cypress/e2e/header/navigation.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/navigation/navigation.cy.ts
View file

@ -31,9 +31,10 @@ import {
SETTINGS,
ENTITY_ANALYTICS,
} from '../../screens/security_header';
import * as ServerlessHeaders from '../../screens/serverless_security_header';
import { login } from '../../tasks/login';
import { visit, visitWithTimeRange } from '../../tasks/navigation';
import { visit, visitGetStartedPage, visitWithTimeRange } from '../../tasks/navigation';
import { navigateFromHeaderTo } from '../../tasks/security_header';
import {
@ -61,6 +62,15 @@ import {
POLICIES_URL,
ENTITY_ANALYTICS_URL,
INDICATORS_URL,
DISCOVER_URL,
RULES_LANDING_URL,
RULES_COVERAGE_URL,
INVESTIGATIONS_URL,
OSQUERY_URL,
MACHINE_LEARNING_LANDING_URL,
ASSETS_URL,
FLEET_URL,
CLOUD_DEFEND_URL,
} from '../../urls/navigation';
import { RULES_MANAGEMENT_URL } from '../../urls/rules_management';
import {
@ -247,3 +257,144 @@ describe('Kibana navigation to all pages in the Security app ', { tags: '@ess' }
cy.url().should('include', MANAGE_URL);
});
});
describe('Serverless side navigation links', { tags: '@serverless' }, () => {
beforeEach(() => {
login();
visitGetStartedPage();
});
it('navigates to the Discover page', () => {
navigateFromHeaderTo(ServerlessHeaders.DISCOVER, true);
cy.url().should('include', DISCOVER_URL);
});
it('navigates to the Dashboards landing page', () => {
navigateFromHeaderTo(ServerlessHeaders.DASHBOARDS, true);
cy.url().should('include', DASHBOARDS_URL);
});
it('navigates to the Overview page', () => {
navigateFromHeaderTo(ServerlessHeaders.OVERVIEW, true);
cy.url().should('include', OVERVIEW_URL);
});
it('navigates to the Detection & Response page', () => {
navigateFromHeaderTo(ServerlessHeaders.DETECTION_RESPONSE, true);
cy.url().should('include', DETECTION_AND_RESPONSE_URL);
});
it('navigates to the Entity Analytics page', () => {
navigateFromHeaderTo(ServerlessHeaders.ENTITY_ANALYTICS, true);
cy.url().should('include', ENTITY_ANALYTICS_URL);
});
it('navigates to the Kubernetes page', () => {
navigateFromHeaderTo(ServerlessHeaders.KUBERNETES, true);
cy.url().should('include', KUBERNETES_URL);
});
it('navigates to the CSP dashboard page', () => {
navigateFromHeaderTo(ServerlessHeaders.CSP_DASHBOARD, true);
cy.url().should('include', CSP_DASHBOARD_URL);
});
it('navigates to the Rules landing page', () => {
navigateFromHeaderTo(ServerlessHeaders.RULES_LANDING, true);
cy.url().should('include', RULES_LANDING_URL);
});
it('navigates to the Rules page', () => {
navigateFromHeaderTo(ServerlessHeaders.RULES, true);
cy.url().should('include', RULES_MANAGEMENT_URL);
});
it('navigates to the Rules page', () => {
navigateFromHeaderTo(ServerlessHeaders.CSP_BENCHMARKS, true);
cy.url().should('include', CSP_BENCHMARKS_URL);
});
it('navigates to the Exceptions page', () => {
navigateFromHeaderTo(ServerlessHeaders.EXCEPTIONS, true);
cy.url().should('include', EXCEPTIONS_URL);
});
it('navigates to the Rules coverage page', () => {
navigateFromHeaderTo(ServerlessHeaders.RULES_COVERAGE, true);
cy.url().should('include', RULES_COVERAGE_URL);
});
it('navigates to the Alerts page', () => {
navigateFromHeaderTo(ServerlessHeaders.ALERTS, true);
cy.url().should('include', ALERTS_URL);
});
it('navigates to the Findings page', () => {
navigateFromHeaderTo(ServerlessHeaders.CSP_FINDINGS, true);
cy.url().should('include', CSP_FINDINGS_URL);
});
it('navigates to the Cases page', () => {
navigateFromHeaderTo(ServerlessHeaders.CASES, true);
cy.url().should('include', CASES_URL);
});
it('navigates to the Investigations page', () => {
navigateFromHeaderTo(ServerlessHeaders.INVESTIGATIONS, true);
cy.url().should('include', INVESTIGATIONS_URL);
});
it('navigates to the Timelines page', () => {
navigateFromHeaderTo(ServerlessHeaders.TIMELINES, true);
cy.url().should('include', TIMELINES_URL);
});
it('navigates to the Osquery page', () => {
navigateFromHeaderTo(ServerlessHeaders.OSQUERY, true);
cy.url().should('include', OSQUERY_URL);
});
it('navigates to the Indicators page', () => {
navigateFromHeaderTo(ServerlessHeaders.THREAT_INTELLIGENCE, true);
cy.url().should('include', INDICATORS_URL);
});
it('navigates to the Explore landing page', () => {
navigateFromHeaderTo(ServerlessHeaders.EXPLORE, true);
cy.url().should('include', EXPLORE_URL);
});
it('navigates to the Hosts page', () => {
navigateFromHeaderTo(ServerlessHeaders.HOSTS, true);
cy.url().should('include', hostsUrl('allHosts'));
});
it('navigates to the Network page', () => {
navigateFromHeaderTo(ServerlessHeaders.NETWORK, true);
cy.url().should('include', NETWORK_URL);
});
it('navigates to the Users page', () => {
navigateFromHeaderTo(ServerlessHeaders.USERS, true);
cy.url().should('include', USERS_URL);
});
it('navigates to the Assets page', () => {
navigateFromHeaderTo(ServerlessHeaders.ASSETS, true);
cy.url().should('include', ASSETS_URL);
});
it('navigates to the Endpoints page', () => {
navigateFromHeaderTo(ServerlessHeaders.ENDPOINTS, true);
cy.url().should('include', ENDPOINTS_URL);
});
it('navigates to the Fleet page', () => {
navigateFromHeaderTo(ServerlessHeaders.FLEET, true);
cy.url().should('include', FLEET_URL);
});
it('navigates to the Cloud defend page', () => {
navigateFromHeaderTo(ServerlessHeaders.CLOUD_DEFEND, true);
cy.url().should('include', CLOUD_DEFEND_URL);
});
it('navigates to the Machine learning landing page', () => {
navigateFromHeaderTo(ServerlessHeaders.MACHINE_LEARNING, true);
cy.url().should('include', MACHINE_LEARNING_LANDING_URL);
});
});

0
x-pack/test/security_solution_cypress/cypress/e2e/header/search_bar.cy.ts → x-pack/test/security_solution_cypress/cypress/e2e/navigation/search_bar.cy.ts
View file

63
x-pack/test/security_solution_cypress/cypress/screens/serverless_security_header.ts
View file

@ -6,28 +6,33 @@
*/
// main panels links
export const DASHBOARDS = '[data-test-subj$="nav-item-deepLinkId-securitySolutionUI:dashboards"]';
export const DASHBOARDS = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:dashboards"]';
export const DASHBOARDS_PANEL_BTN =
'[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:dashboards"]';
export const INVESTIGATIONS =
'[data-test-subj$="nav-item-deepLinkId-securitySolutionUI:investigations"]';
'[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:investigations"]';
export const INVESTIGATIONS_PANEL_BTN =
'[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:investigations"]';
export const EXPLORE = '[data-test-subj$="nav-item-deepLinkId-securitySolutionUI:explore"]';
export const EXPLORE = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:explore"]';
export const EXPLORE_PANEL_BTN =
'[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:explore"]';
export const RULES_LANDING =
'[data-test-subj$="nav-item-deepLinkId-securitySolutionUI:rules-landing"]';
'[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:rules-landing"]';
export const RULES_PANEL_BTN =
'[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:rules-landing"]';
export const ASSETS = '[data-test-subj$="nav-item-deepLinkId-securitySolutionUI:assets"]';
export const ASSETS = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:assets"]';
export const ASSETS_PANEL_BTN =
'[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:assets"]';
export const MACHINE_LEARNING =
'[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:machine_learning-landing"]';
export const MACHINE_LEARNING_BTN =
'[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:machine_learning-landing"]';
// main direct links
export const DISCOVER = '[data-test-subj*="nav-item-deepLinkId-discover"]';
@ -36,10 +41,12 @@ export const ALERTS = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:
export const CSP_FINDINGS =
'[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:cloud_security_posture-findings"]';
export const THREAT_INTELLIGENCE =
'[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:threat_intelligence"]';
export const CASES = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:cases"]';
// nested links
// nested panel links
export const OVERVIEW = '[data-test-subj="solutionSideNavPanelLink-overview"]';
export const DETECTION_RESPONSE = '[data-test-subj="solutionSideNavPanelLink-detection_response"]';
@ -47,6 +54,7 @@ export const DETECTION_RESPONSE = '[data-test-subj="solutionSideNavPanelLink-det
export const ENTITY_ANALYTICS = '[data-test-subj="solutionSideNavPanelLink-entity_analytics"]';
export const TIMELINES = '[data-test-subj="solutionSideNavPanelLink-timelines"]';
export const OSQUERY = '[data-test-subj="solutionSideNavPanelLink-osquery:"]';
export const KUBERNETES = '[data-test-subj="solutionSideNavPanelLink-kubernetes"]';
@ -55,7 +63,9 @@ export const CSP_DASHBOARD =
export const HOSTS = '[data-test-subj="solutionSideNavPanelLink-hosts"]';
export const FLEET = '[data-test-subj="solutionSideNavPanelLink-fleet:"]';
export const ENDPOINTS = '[data-test-subj="solutionSideNavPanelLink-endpoints"]';
export const CLOUD_DEFEND = '[data-test-subj="solutionSideNavPanelLink-cloud_defend"]';
export const POLICIES = '[data-test-subj="solutionSideNavPanelLink-policy"]';
@ -68,20 +78,23 @@ export const BLOCKLIST = '[data-test-subj="solutionSideNavPanelLink-blocklist"]'
export const CSP_BENCHMARKS =
'[data-test-subj="solutionSideNavPanelLink-cloud_security_posture-benchmarks"]';
export const RULES_COVERAGE = '[data-test-subj="solutionSideNavPanelLink-coverage-overview"]';
export const NETWORK = '[data-test-subj="solutionSideNavPanelLink-network"]';
export const USERS = '[data-test-subj="solutionSideNavPanelLink-users"]';
export const INDICATORS = '[data-test-subj="solutionSideNavItemLink-threat_intelligence"]';
export const RULES = '[data-test-subj="solutionSideNavPanelLink-rules"]';
export const EXCEPTIONS = '[data-test-subj="solutionSideNavPanelLink-exceptions"]';
export const getBreadcrumb = (deepLinkId: string) => {
return `breadcrumb-deepLinkId-${deepLinkId}`;
};
// opens the navigation panel for a given nested link
export const openNavigationPanelFor = (page: string) => {
export const openNavigationPanelFor = (pageName: string) => {
let panel;
switch (page) {
switch (pageName) {
case OVERVIEW:
case DETECTION_RESPONSE:
case KUBERNETES:
@ -90,23 +103,27 @@ export const openNavigationPanelFor = (page: string) => {
panel = DASHBOARDS_PANEL_BTN;
break;
}
case RULES:
case CSP_BENCHMARKS:
case EXCEPTIONS:
case RULES_COVERAGE: {
panel = RULES_PANEL_BTN;
break;
}
case TIMELINES:
case OSQUERY: {
panel = INVESTIGATIONS_PANEL_BTN;
break;
}
case HOSTS:
case NETWORK:
case USERS: {
panel = EXPLORE_PANEL_BTN;
break;
}
case RULES:
case EXCEPTIONS:
case CSP_BENCHMARKS: {
panel = RULES_PANEL_BTN;
break;
}
case FLEET:
case ENDPOINTS:
case TRUSTED_APPS:
case EVENT_FILTERS:
case POLICIES:
case BLOCKLIST: {
case CLOUD_DEFEND: {
panel = ASSETS_PANEL_BTN;
break;
}
@ -117,6 +134,6 @@ export const openNavigationPanelFor = (page: string) => {
};
// opens the navigation panel of a main link
export const openNavigationPanel = (page: string) => {
cy.get(page).click();
export const openNavigationPanel = (pageName: string) => {
cy.get(pageName).click();
};

7
x-pack/test/security_solution_cypress/cypress/tasks/navigation.ts
View file

@ -9,7 +9,7 @@ import { encode } from '@kbn/rison';
import { NEW_FEATURES_TOUR_STORAGE_KEYS } from '@kbn/security-solution-plugin/common/constants';
import type { SecurityRoleName } from '@kbn/security-solution-plugin/common/test';
import { hostDetailsUrl, userDetailsUrl } from '../urls/navigation';
import { GET_STARTED_URL, hostDetailsUrl, userDetailsUrl } from '../urls/navigation';
import { constructUrlWithUser, getUrlWithRoute, User } from './login';
export const visit = (
@ -87,6 +87,11 @@ export const visitHostDetailsPage = (hostName = 'suricata-iowa') => {
cy.get('[data-test-subj="loading-spinner"]').should('not.exist');
};
export const visitGetStartedPage = () => {
visit(GET_STARTED_URL);
cy.get('#security-solution-app').should('exist');
};
export const visitUserDetailsPage = (userName = 'test') => {
visitWithTimeRange(userDetailsUrl(userName));
};

11
x-pack/test/security_solution_cypress/cypress/tasks/security_header.ts
View file

@ -7,6 +7,7 @@
import { TOASTER } from '../screens/alerts_detection_rules';
import { KQL_INPUT, openNavigationPanelFor, REFRESH_BUTTON } from '../screens/security_header';
import { openNavigationPanelFor as openServerlessNavigationPanelFor } from '../screens/serverless_security_header';
export const clearSearchBar = () => {
cy.get(KQL_INPUT).clear();
@ -17,9 +18,13 @@ export const kqlSearch = (search: string) => {
cy.get(KQL_INPUT).type(search, { force: true });
};
export const navigateFromHeaderTo = (page: string) => {
openNavigationPanelFor(page);
cy.get(page).click({ force: true });
export const navigateFromHeaderTo = (page: string, isServerless: boolean = false) => {
if (isServerless) {
openServerlessNavigationPanelFor(page);
} else {
openNavigationPanelFor(page);
}
cy.get(page).click();
};
export const refreshPage = () => {

14
x-pack/test/security_solution_cypress/cypress/urls/navigation.ts
View file

@ -10,10 +10,13 @@ export const KIBANA_SAVED_OBJECTS = '/app/management/kibana/objects';
export const LOGOUT_URL = '/logout';
// Common
export const GET_STARTED_URL = '/app/security/get_started';
export const MANAGE_URL = '/app/security/manage';
export const DASHBOARDS_URL = '/app/security/dashboards';
export const ASSETS_URL = '/app/security/assets';
export const ENDPOINTS_URL = '/app/security/administration/endpoints';
export const CLOUD_DEFEND_URL = '/app/security/cloud_defend';
export const POLICIES_URL = '/app/security/administration/policy';
export const USERS_URL = '/app/security/users/allUsers';
export const TRUSTED_APPS_URL = '/app/security/administration/trusted_apps';
@ -23,6 +26,9 @@ export const CSP_BENCHMARKS_URL = '/app/security/cloud_security_posture/benchmar
export const CSP_DASHBOARD_URL = '/app/security/cloud_security_posture/dashboard';
export const CSP_FINDINGS_URL = '/app/security/cloud_security_posture/findings/vulnerabilities';
export const RULES_LANDING_URL = '/app/security/rules/landing';
export const RULES_COVERAGE_URL = '/app/security/rules_coverage_overview';
export const NETWORK_URL = '/app/security/network/flows';
export const OVERVIEW_URL = '/app/security/overview';
@ -34,6 +40,7 @@ export const EXPLORE_URL = '/app/security/explore';
export const userDetailsUrl = (userName: string) =>
`/app/security/users/name/${userName}/authentications`;
export const INVESTIGATIONS_URL = '/app/security/investigations';
export const TIMELINES_URL = '/app/security/timelines/default';
export const TIMELINE_TEMPLATES_URL = '/app/security/timelines/template';
export const CASES_URL = '/app/security/cases';
@ -49,6 +56,8 @@ export const DISCOVER_WITH_PINNED_FILTER_URL =
export const hostDetailsUrl = (hostName: string) =>
`/app/security/hosts/${hostName}/authentications`;
export const MACHINE_LEARNING_LANDING_URL = '/app/security/ml';
// Detection and Response
export const DETECTION_AND_RESPONSE_URL = '/app/security/detection_response';
export const ALERTS_URL = '/app/security/alerts';
@ -58,3 +67,8 @@ export const ENTITY_ANALYTICS_MANAGEMENT_URL = '/app/security/entity_analytics_m
export const exceptionsListDetailsUrl = (listId: string) =>
`/app/security/exceptions/details/${listId}`;
// External (serverless)
export const DISCOVER_URL = '/app/discover';
export const OSQUERY_URL = '/app/osquery';
export const FLEET_URL = '/app/fleet';

72
x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml
View file

@ -46,6 +46,12 @@ viewer:
- feature_actions.read
- feature_builtInAlerts.read
- feature_osquery.read
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
run_as: []
@ -108,6 +114,12 @@ editor:
- feature_actions.read
- feature_builtInAlerts.all
- feature_osquery.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
run_as: []
@ -148,6 +160,12 @@ t1_analyst:
- feature_builtInAlerts.read
- feature_osquery.read
- feature_osquery.run_saved_queries
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
t2_analyst:
@ -189,6 +207,12 @@ t2_analyst:
- feature_builtInAlerts.read
- feature_osquery.read
- feature_osquery.run_saved_queries
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
t3_analyst:
@ -246,6 +270,12 @@ t3_analyst:
- feature_actions.read
- feature_builtInAlerts.all
- feature_osquery.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
threat_intelligence_analyst:
@ -290,6 +320,12 @@ threat_intelligence_analyst:
- feature_actions.read
- feature_builtInAlerts.read
- feature_osquery.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
rule_author:
@ -348,6 +384,12 @@ rule_author:
- feature_actions.read
- feature_builtInAlerts.all
- feature_osquery.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
soc_manager:
@ -410,6 +452,12 @@ soc_manager:
- feature_builtInAlerts.all
- feature_osquery.all
- feature_indexPatterns.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
detections_admin:
@ -455,6 +503,12 @@ detections_admin:
- feature_actions.all
- feature_builtInAlerts.all
- feature_dev_tools.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
platform_engineer:
@ -500,6 +554,12 @@ platform_engineer:
- feature_fleetv2.all
- feature_osquery.all
- feature_indexPatterns.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
endpoint_operations_analyst:
@ -556,6 +616,12 @@ endpoint_operations_analyst:
- feature_osquery.all
- feature_fleet.all
- feature_fleetv2.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"
endpoint_policy_manager:
@ -609,4 +675,10 @@ endpoint_policy_manager:
- feature_osquery.all
- feature_fleet.all
- feature_fleetv2.all
- feature_discover.all
- feature_dashboard.all
- feature_canvas.all
- feature_graph.all
- feature_maps.all
- feature_visualize.all
resources: "*"