[Security Solution] Fix attach to case test (#119589)

* updates the detections script in order to take into consideration the new alerts index

* refactors and unskips attach to case test

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

x-pack/plugins/security_solution/cypress/integration/detection_alerts/attach_to_case.spec.ts

@@ -8,7 +8,11 @@
 import { getNewRule } from '../../objects/rule';
 import { ROLES } from '../../../common/test';
 
-import { waitForAlertsIndexToBeCreated, waitForAlertsPanelToBeLoaded } from '../../tasks/alerts';
+import {
+  expandFirstAlertActions,
+  waitForAlertsIndexToBeCreated,
+  waitForAlertsPanelToBeLoaded,
+} from '../../tasks/alerts';
 import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
 import { cleanKibana } from '../../tasks/common';
 import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
@@ -16,7 +20,7 @@ import { login, loginAndWaitForPage, waitForPageWithoutDateRange } from '../../t
 import { refreshPage } from '../../tasks/security_header';
 
 import { ALERTS_URL } from '../../urls/navigation';
-import { ATTACH_ALERT_TO_CASE_BUTTON, TIMELINE_CONTEXT_MENU_BTN } from '../../screens/alerts';
+import { ATTACH_ALERT_TO_CASE_BUTTON } from '../../screens/alerts';
 
 const loadDetectionsPage = (role: ROLES) => {
   waitForPageWithoutDateRange(ALERTS_URL, role);
@@ -44,7 +48,7 @@ describe('Alerts timeline', () => {
     });
 
     it('should not allow user with read only privileges to attach alerts to cases', () => {
-      cy.get(TIMELINE_CONTEXT_MENU_BTN).first().click({ force: true });
+      expandFirstAlertActions();
       cy.get(ATTACH_ALERT_TO_CASE_BUTTON).should('not.exist');
     });
   });
@@ -54,9 +58,8 @@ describe('Alerts timeline', () => {
       loadDetectionsPage(ROLES.platform_engineer);
     });
 
-    // Skipping due to alerts not refreshing for platform_engineer despite being returned from API?
-    it.skip('should allow a user with crud privileges to attach alerts to cases', () => {
-      cy.get(TIMELINE_CONTEXT_MENU_BTN).first().click({ force: true });
+    it('should allow a user with crud privileges to attach alerts to cases', () => {
+      expandFirstAlertActions();
       cy.get(ATTACH_ALERT_TO_CASE_BUTTON).first().should('not.be.disabled');
     });
   });

x-pack/plugins/security_solution/cypress/tasks/alerts.ts

@@ -60,6 +60,10 @@ export const closeAlerts = () => {
     .should('not.be.visible');
 };
 
+export const expandFirstAlertActions = () => {
+  cy.get(TIMELINE_CONTEXT_MENU_BTN).first().click({ force: true });
+};
+
 export const expandFirstAlert = () => {
   cy.get(EXPAND_ALERT_BTN).should('exist');
 

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/detections_admin/detections_role.json

@@ -5,6 +5,7 @@
       {
         "names": [
           ".siem-signals-*",
+          ".alerts-security*",
           ".lists*",
           ".items*",
           "apm-*-transaction*",

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/hunter/detections_role.json

@@ -16,7 +16,7 @@
         "privileges": ["read", "write"]
       },
       {
-        "names": [".siem-signals-*"],
+        "names": [".alerts-security*", ".siem-signals-*"],
         "privileges": ["read", "write"]
       },
       {

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/platform_engineer/detections_role.json

@@ -23,7 +23,7 @@
         "privileges": ["all"]
       },
       {
-        "names": [".siem-signals-*"],
+        "names": [".alerts-security*", ".siem-signals-*"],
         "privileges": ["all"]
       }
     ]

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/reader/detections_role.json

@@ -4,7 +4,8 @@
     "indices": [
       {
         "names" : [
-          ".siem-signals*",
+          ".siem-signals-*",
+          ".alerts-security*",
           ".lists*",
           ".items*",
           "metrics-endpoint.metadata_current_*",

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/rule_author/detections_role.json

@@ -18,7 +18,7 @@
         "privileges": ["read", "write"]
       },
       {
-        "names": [".siem-signals-*"],
+        "names": [".alerts-security*", ".siem-signals-*"],
         "privileges": ["read", "write", "maintenance", "view_index_metadata"]
       },
       {

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/soc_manager/detections_role.json

@@ -18,7 +18,7 @@
         "privileges": ["read", "write"]
       },
       {
-        "names": [".siem-signals-*"],
+        "names": [".alerts-security*", ".siem-signals-*"],
         "privileges": ["read", "write", "manage"]
       },
       {

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t1_analyst/detections_role.json

@@ -2,7 +2,7 @@
   "elasticsearch": {
     "cluster": [],
     "indices": [
-      { "names": [".siem-signals-*"], "privileges": ["read", "write", "maintenance"] },
+      { "names": [".alerts-security*", ".siem-signals-*"], "privileges": ["read", "write", "maintenance"] },
       {
         "names": [
           "apm-*-transaction*",

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t2_analyst/detections_role.json

@@ -2,7 +2,7 @@
   "elasticsearch": {
     "cluster": [],
     "indices": [
-      { "names": [".siem-signals-*"], "privileges": ["read", "write", "maintenance"] },
+      { "names": [".alerts-security*", ".siem-signals-*"], "privileges": ["read", "write", "maintenance"] },
       {
         "names": [
           ".lists*",